Re: [Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

2020-07-17 Thread Matthias Andree
Am 17.07.20 um 22:15 schrieb David Sommerseth: > On 17/07/2020 19:19, Matthias Andree wrote: >> Else one location overwrites options from the other. >> >> Signed-off-by: Matthias Andree >> --- >> Makefile.am | 3 --- >> configure.ac | 4 +++- >>

Re: [Openvpn-devel] [PATCH 2/2] Permit make dist* targets without py*-docutils

2020-07-17 Thread Matthias Andree
Am 17.07.20 um 17:05 schrieb Matthias Andree: > Signed-off-by: Matthias Andree > --- > doc/Makefile.am | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/doc/Makefile.am b/doc/Makefile.am > index add92198..80cb2cb8 100644 > --- a/doc/Makefile.am

Re: [Openvpn-devel] [PATCH 1/2] Automake options: add subdir-objects, and clean up

2020-07-17 Thread Matthias Andree
Am 17.07.20 um 17:05 schrieb Matthias Andree: > Signed-off-by: Matthias Andree > --- > Makefile.am | 1 - > configure.ac | 2 +- > 2 files changed, 1 insertion(+), 2 deletions(-) > > diff --git a/Makefile.am b/Makefile.am > index 439120e4..e4125447 100644 > --- a/Make

Re: [Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

2020-07-17 Thread Matthias Andree
Am 17.07.20 um 19:09 schrieb Matthias Andree: > +LT_INIT() > + This guy escaped, so NAK on the first version of the patch. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Fix stack buffer overruns in NEXTADDR() macro:

2020-07-17 Thread Matthias Andree
Am 17.07.20 um 19:09 schrieb Matthias Andree: > @@ -3727,6 +3727,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info > *rgi6, > msg(M_WARN, "GDG6: socket #1 failed"); > goto done; > } > +errno = 0; > if (write

[Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

2020-07-17 Thread Matthias Andree
Else one location overwrites options from the other. Signed-off-by: Matthias Andree --- Makefile.am | 3 --- configure.ac | 4 +++- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 439120e4..d1c10fc5 100644 --- a/Makefile.am +++ b/Makefile.am

[Openvpn-devel] [PATCH] Fix stack buffer overruns in NEXTADDR() macro:

2020-07-17 Thread Matthias Andree
copy first, then round up the length when adding padding to the advance. Found by: GCC 9.3.0 (FreeBSD) Signed-off-by: Matthias Andree --- src/openvpn/route.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index b57da5dd..24563ed6

[Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

2020-07-17 Thread Matthias Andree
Else one location overwrites options from the other. Signed-off-by: Matthias Andree --- Makefile.am | 3 --- configure.ac | 6 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 439120e4..d1c10fc5 100644 --- a/Makefile.am +++ b/Makefile.am

[Openvpn-devel] [PATCH] Fix stack buffer overruns in NEXTADDR() macro:

2020-07-17 Thread Matthias Andree
copy first, then round up the length when adding padding to the advance. Found by: GCC 9.3.0 (FreeBSD) Signed-off-by: Matthias Andree --- src/openvpn/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index b57da5dd..7f760e9d

[Openvpn-devel] [PATCH 1/2] Automake options: add subdir-objects, and clean up

2020-07-17 Thread Matthias Andree
Signed-off-by: Matthias Andree --- Makefile.am | 1 - configure.ac | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 439120e4..e4125447 100644 --- a/Makefile.am +++ b/Makefile.am @@ -25,7 +25,6 @@ # This option prevents autoreconf from

[Openvpn-devel] [PATCH 2/2] Permit make dist* targets without py*-docutils

2020-07-17 Thread Matthias Andree
Signed-off-by: Matthias Andree --- doc/Makefile.am | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index add92198..80cb2cb8 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -59,8 +59,9 @@ else endif if HAVE_PYDOCUTILS

Re: [Openvpn-devel] [PATCH] tests/t__lpback.sh: Switch sed(1) to POSIX-compatible regex.

2019-09-24 Thread Matthias Andree
Ping again - please review. Am 06.09.19 um 19:44 schrieb Matthias Andree: > From: Kyle Evans > > A test run with FreeBSD PR 229925 'Disallow escaping ordinary characters in > regex(3)' > reveals one sed expression that uses the GNU-extension "\s". > Given that

Re: [Openvpn-devel] [PATCH applied] Re: Fix regression, reinstate LibreSSL support.

2019-09-21 Thread Matthias Andree
Am 18.09.19 um 14:01 schrieb Gert Doering: > Your patch has been applied to the release/2.4 branch. > > Sorry for the delay. Vacation, and too many distractions. > > Lightly tested on an OpenSSL 1.1, a mbedTLS build and an LibreSSL 2.7.2 > on OpenBSD 6.3 - with OpenSSL and mbedTLS, it builds and

Re: [Openvpn-devel] [PATCH] tests/t__lpback.sh: Switch sed(1) to POSIX-compatible regex.

2019-09-15 Thread Matthias Andree
What is the review status of the change Kyle Evans proposed below that I've relayed on Sept 6th? Am 06.09.19 um 19:44 schrieb Matthias Andree: > From: Kyle Evans > > A test run with FreeBSD PR 229925 'Disallow escaping ordinary characters in > regex(3)' > reveals one sed expre

Re: [Openvpn-devel] [PATCH] Fix regression, reinstate LibreSSL support.

2019-09-15 Thread Matthias Andree
Am 18.08.19 um 14:11 schrieb Arne Schwabe: > Am 18.08.19 um 13:18 schrieb Matthias Andree: >> OpenVPN 2.4.6 could be compiled with LibreSSL, 2.4.7 cannot. This was broken >> since 9de7fe0a "Add support for tls-ciphersuites for TLS 1.3". >> >> Thi

[Openvpn-devel] [PATCH] tests/t__lpback.sh: Switch sed(1) to POSIX-compatible regex.

2019-09-06 Thread Matthias Andree
From: Kyle Evans A test run with FreeBSD PR 229925 'Disallow escaping ordinary characters in regex(3)' reveals one sed expression that uses the GNU-extension "\s". Given that this is the only occurrence and it's a trivial fix, update it to be POSIX-compatible. Signed-off-by: Matth

[Openvpn-devel] PATCH: test portability, avoid GNUism and use POSIX regex

2019-09-06 Thread Matthias Andree
This patch should be applied to the 2.4 and master branches. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] v2: fix release/2.4 regression of 2.4.7, permit build with LibreSSL

2019-08-18 Thread Matthias Andree
It was deemed that the previous patch was insufficient, so let's take a new stab. Note that this does not mean I endorse using LibreSSL, but at least we should not be breaking existing library support in a point release 2.4.7 (that cannot be compiled against LibreSSL) when 2.4.6 could. Details on

[Openvpn-devel] [PATCH] Fix regression, reinstate LibreSSL support.

2019-08-18 Thread Matthias Andree
er reports that OPNsense has been a long-time user of LibreSSL without reported breakage, see also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238382#c10 Signed-off-by: Matthias Andree --- src/openvpn/ssl_openssl.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/s

[Openvpn-devel] [PATCH] Fix regression, reinstate LibreSSL support.

2019-08-12 Thread Matthias Andree
er reports that OPNsense has been a long-time user of LibreSSL without reported breakage, see also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238382#c10 Signed-off-by: Matthias Andree --- src/openvpn/ssl_openssl.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/s

Re: [Openvpn-devel] RFC: release/2.4 (OpenVPN 2.4.7) patch for building with LibreSSL

2019-07-12 Thread Matthias Andree
Am 07.06.19 um 20:26 schrieb Matthias Andree: > Greetings, > > FreeBSD has received a patch contribution to enable OpenVPN 2.4.x to be > built with LibreSSL. I'm seeking comments, and yes I am aware of > master's a47508606be2c6359d4b27c3b65b72dfe4786222 commit description > th

Re: [Openvpn-devel] [PATCHv2] openssl: Fix compilation without deprecated OpenSSL 1.1 APIs

2019-07-12 Thread Matthias Andree
Am 14.06.19 um 12:38 schrieb Arne Schwabe: > >> -#ifndef ENABLE_SMALL >> +# ifndef ENABLE_SMALL > The space between # and ifndef looks wrong. It's standard C. (Chapter 3.8 in the 1989/1990 standard, chapter 6.10 in recent editions, I checked 1999 and 2017/2018, although worded in a quite

Re: [Openvpn-devel] Dropping Ubuntu 12.04 packages?

2019-01-16 Thread Matthias Andree
Am 20.12.18 um 14:17 schrieb Samuli Seppänen: > Hi, > > I've worked on openvpn-vagrant and sbuild_wrapper recently[*] and > noticed that mainstream support for Debian 7 and Ubuntu 12.04 ended: > > https://wiki.debian.org/DebianReleases > https://wiki.ubuntu.com/Releases > > However, Ubuntu 12.04

Re: [Openvpn-devel] [PATCH] Add support for tls-ciphersuites for TLS 1.3

2018-09-27 Thread Matthias Andree
Hi Arne, I haven't looked at the code, only at strings for now, and I'd like to pick a few nits. Am 26.09.18 um 15:44 schrieb Arne Schwabe: > OpenSSL 1.1.1 introduces a seperate list for TLS 1.3 ciphers. As these > interfaces are meant to be user facing or not exposed at all and we > expose the

Re: [Openvpn-devel] [PATCH v2] ssl_verify: define label only when required

2018-08-16 Thread Matthias Andree
Am 15.08.2018 um 08:12 schrieb Antonio Quartulli: > The "cleanup" label in ssl_verify.c:verify_user_pass_plugin() is used > only when PLUGIN_DEF_AUTH is defined, therefore make the label > definition dependent on the same define. > > Fixes the following warning when PLUGIN_DEF_AUTH is not defined:

[Openvpn-devel] FreeBSD -CURRENT (unreleased) issues with TAP known?

2018-08-05 Thread Matthias Andree
it's too early for me to dig deeply, given that the OS (FreeBSD-current) is currently still a moving target. Best regards, -- Matthias Andree -- Check out the vibrant tech community on one of the world's most engaging

Re: [Openvpn-devel] [patch] Fix time_t printing - NAK

2017-10-15 Thread Matthias Andree
Am 05.10.2017 um 01:47 schrieb Jeremie Courreges-Anglas: > When building openvpn-2.4.4 on OpenBSD, I noticed the following warning: > > --8<-- > cc -DHAVE_CONFIG_H -I. > -I/usr/ports/pobj/openvpn-2.4.4/openvpn-2.4.4/src/openvpn -I../.. > -I../../include

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

2017-06-22 Thread Matthias Andree
Am 21.06.2017 um 18:53 schrieb Илья Шипицин: > > > 2017-06-21 21:48 GMT+05:00 Matthias Andree <matthias.and...@gmx.de > <mailto:matthias.and...@gmx.de>>: > > Am 21.06.2017 um 16:33 schrieb Samuli Seppänen: > > On 21/06/2017 17:06, Simon Matter wrote: &g

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

2017-06-21 Thread Matthias Andree
Am 21.06.2017 um 18:02 schrieb Gert Doering: > Hi, > > On Wed, Jun 21, 2017 at 05:58:18PM +0200, David Sommerseth wrote: >> Hmmm ... not a bad idea. But do we really need tar.gz at all these >> days? Why not just make autotools generate tar.xz by default and be >> done with it? > "distcheck"

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

2017-06-21 Thread Matthias Andree
Am 21.06.2017 um 16:33 schrieb Samuli Seppänen: > On 21/06/2017 17:06, Simon Matter wrote: >>> On Wed, Jun 21, 2017 at 6:47 AM, Samuli Seppänen >>> wrote: The OpenVPN community project team is proud to release OpenVPN 2.4.3. It can be downloaded from here:

Re: [Openvpn-devel] [PATCH release/2.4] configure.ac: fix building against static openssl

2017-05-30 Thread Matthias Andree
Am 31.05.2017 um 02:31 schrieb David Sommerseth: > > I do however vaguely remember someone mentioning some BSD distros still > being on 0.9.8 ... or was it some other OS? ... Anyhow, do we need to > care for them? This is release/2.4 we're talking about after all. The oldest OpenSSL version in

Re: [Openvpn-devel] Please check the 2.3.15 downloads

2017-05-19 Thread Matthias Andree
Am 19.05.2017 um 10:47 schrieb Gert Doering: > > Apologies for the 2.3.15 mishap (and thanks to Mathias Andree for raising > this issue yesterday already). I just spread the word, originator of the information was Renato Botelho aka. garga@ in the FreeBSD project.

Re: [Openvpn-devel] security/openvpn23 tarball size mismatch

2017-05-18 Thread Matthias Andree
Am 16.05.2017 um 14:00 schrieb Renato Botelho: > On 16/05/17 08:54, Renato Botelho wrote: >> Hello Mathias, >> >> I was trying to get openvpn23 installed from quarterly branch and got >> the following error: >> >> root@buildbot1:/usr/local/poudriere/ports/pfSense_v2_3/security/openvpn23 >> # make

[Openvpn-devel] [PATCH] Make openvpn-plugin.h self-contained again.

2017-05-15 Thread Matthias Andree
2.4.2 introduced a declaration that references size_t, so use the C99 way of declaring it, and add #include . Note this may break on non-C99-compliant versions of MS Visual Studio. Signed-off-by: Matthias Andree <matthias.and...@gmx.de> --- include/openvpn-plugin.h.in | 1 + 1 file chan

Re: [Openvpn-devel] [PATCH] Require minimum OpenSSL 1.0.1

2017-04-11 Thread Matthias Andree
Am 11.04.2017 um 23:56 schrieb David Sommerseth: > On 11/04/17 23:20, Steffan Karger wrote: >> For release/2.4: I wonder whether we need to keep 0.9.8 support, as >> SLES11 still ships with 0.9.8h, and has general support until 31 Mar 2019. > While it is James who insisted on RHEL being the oldest

Re: [Openvpn-devel] Reviewer(s) for French translation fixes in OpenVPN GUI?

2017-03-14 Thread Matthias Andree
Am 13.03.2017 um 18:26 schrieb Samuli Seppänen: > Hi, > > Is anyone interested in reviewing some French-language fixes to OpenVPN GUI? > > > > If we don't get any review, we'll have to merge the PR with a lazy-ACK. > > Any help would be

Re: [Openvpn-devel] build against openssl 1.1.0

2017-02-17 Thread Matthias Andree
Am 17.02.2017 um 17:35 schrieb Emmanuel Deloget: > I understand that I'm the new guy in town, but can you allow me to > make the formal request to ditch OpenSSL 0.9.8, 1.0.0 and 1.0.1 and > require at least version 1.0.2? 1.0.1 has also gone out of support, and I propose to let the distros sort

Re: [Openvpn-devel] build against openssl 1.1.0

2017-02-13 Thread Matthias Andree
Am 13.02.2017 um 20:50 schrieb Christian Hesse: > And a lot more has to be done... There's a long list of packages to be > fixed. Sadly openssl developers do not care about ABI and API stability > or compatibility. :( Much frustration can be muttered and uttered about OpenSSL and more so of its

Re: [Openvpn-devel] OpenVPN 2.4.0 released

2016-12-27 Thread Matthias Andree
On 27.12.2016 15:16, Samuli Seppänen wrote: > The OpenVPN community project team is proud to release OpenVPN 2.4.0. It > can be downloaded from here: > > > > Compared to OpenVPN 2.3 this is a major update with a large number of > new

Re: [Openvpn-devel] CFT: OpenVPN 2.4 port update (upstream rc2) for FreeBSD, now with TUNNELBLICK

2016-12-22 Thread Matthias Andree
Am 22.12.2016 um 11:24 schrieb Gert Doering: > Hi, > > On Thu, Dec 22, 2016 at 09:58:07AM +0100, Matthias Andree wrote: >> I have an updated version with TUNNELBLICK patch re-enabled up for >> testing at >> <https://people.freebsd.org/~mandree/openvpn-2.4-rc

Re: [Openvpn-devel] CFT: OpenVPN 2.4 port update (upstream rc2) for FreeBSD, now with TUNNELBLICK

2016-12-22 Thread Matthias Andree
Am 16.12.2016 um 21:21 schrieb Matthias Andree: > Greetings, > > I've put up a new OpenVPN 2.4-rc2 port for FreeBSD for testing. > > Get it from <https://people.freebsd.org/~mandree/openvpn-2.4_rc2-v1.tar.xz>. > > This time, it also contains the openvpn23 a

Re: [Openvpn-devel] Google Summer of Code

2016-12-21 Thread Matthias Andree
Am 19.12.2016 um 11:01 schrieb Илья Шипицин: > > it seems, it depends on network-manager version. > on fedora 23 I cannot import files, but on ubuntu I can. Fedora 23 goes out of support these days (it's now more than 4 weeks after Fedora 25 release), so it's time to upgrade...

[Openvpn-devel] CFT: OpenVPN 2.4 port update (upstream rc2) for FreeBSD

2016-12-16 Thread Matthias Andree
Greetings, I've put up a new OpenVPN 2.4-rc2 port for FreeBSD for testing. Get it from . This time, it also contains the openvpn23 and openvpn23-polarssl ports (as modified copies of what we have now) that I plan to keep for the

[Openvpn-devel] man page --proto needs info on udp6/tcp6 in OpenVPN 2.4

2016-12-15 Thread Matthias Andree
see Subject. There's a related Trac-ker item against 2.3: -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org!

[Openvpn-devel] CFT: OpenVPN 2.4 port update for FreeBSD

2016-12-15 Thread Matthias Andree
Greetings, I've put up an OpenVPN 2.4-rc1 port for FreeBSD up for testing. Get it from https://people.freebsd.org/~mandree/openvpn-2.4.r1-v1.tar.xz Or review the diff at https://reviews.freebsd.org/D8813 Cheers, Matthias signature.asc Description: OpenPGP digital signature

Re: [Openvpn-devel] FreeBSD port versions

2016-12-08 Thread Matthias Andree
Am 06.12.2016 um 22:02 schrieb Gert Doering: > Hi, > > On Sat, Nov 12, 2016 at 05:43:56AM +0100, Matthias Andree wrote: >> Am 11.11.2016 um 23:10 schrieb Gert Doering: >>> I might be tempted to do a quick 2.3.14 release in between - there's two >>> important

Re: [Openvpn-devel] [PATCH applied] Re: Repair topology subnet on FreeBSD 11

2016-11-11 Thread Matthias Andree
Am 11.11.2016 um 23:10 schrieb Gert Doering: > I might be tempted to do a quick 2.3.14 release in between - there's two > important platform fixes in that branch now (FreeBSD and OpenBSD topology > subnet :-) ) and Lev's recursive routing patch. Add to that the windows > block-outside-dns patch

Re: [Openvpn-devel] [PATCH applied] Re: Repair topology subnet on FreeBSD 11

2016-11-11 Thread Matthias Andree
Am 09.11.2016 um 21:14 schrieb Gert Doering: > Thanks for testing & review :-) > > Patch has been applied to the master and release/2.3 branch. > > commit a433b3813d8c38b491d2baa7b433973f2d6cd7c6 (master) > commit 446ef5bda4cdc75d4cb955e274846faff0181fd3 (release/2.3) > Author: Gert Doering >

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

2016-10-15 Thread Matthias Andree
Am 15.10.2016 um 12:11 schrieb David Sommerseth: > b) Have the package exclude each other to block both being installed >at the same time. That's the path normally chosen and that I'd recommend for DEB/APT-based packages because solvers can usually figure that part out. I think the RPM world

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

2016-10-15 Thread Matthias Andree
Am 14.10.2016 um 21:51 schrieb Steffan Karger: > > On 14 Oct 2016 9:14 p.m., "Matthias Andree" <matthias.and...@gmx.de > <mailto:matthias.and...@gmx.de>> wrote: > > > > Am 14.10.2016 um 17:28 schrieb Samuli Seppänen: > > > > Would 2.

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

2016-10-14 Thread Matthias Andree
Am 14.10.2016 um 17:28 schrieb Samuli Seppänen: > Hi, > > Should we have a separate apt repository for "unstable" apt packages? > Right now our apt repositories hold 2.3.x packages, meaning that > upgrades have historically been fairly minor. > > That said, users who use _our_ apt repositories

Re: [Openvpn-devel] [PATCH] Enable -D_SVR4_2 for compilation on Solaris

2016-10-10 Thread Matthias Andree
Am 10.10.2016 um 09:39 schrieb Gert Doering: > + CPPFLAGS="$CPPFLAGS -D_XPG4_2" NAK. Description mismatches content. Please revert and reapply with proper description. -- Check out the vibrant tech community

Re: [Openvpn-devel] OpenVPN 2.3.12 released

2016-08-24 Thread Matthias Andree
Please - instead of my patch, use Steffan Karger's, subject "[PATCH] Fix unittests for out-of-source builds" of 2016-08-15. Thanks. -- ___ Openvpn-devel mailing list

Re: [Openvpn-devel] OpenVPN 2.3.12 released

2016-08-24 Thread Matthias Andree
Please - instead of my patch, use Steffan Karger's, subject "[PATCH] Fix unittests for out-of-source builds" of 2016-08-15. Thanks. -- ___ Openvpn-devel mailing list

Re: [Openvpn-devel] OpenVPN 2.3.12 released

2016-08-24 Thread Matthias Andree
yond the attached patch that solves (1.) above partially. The FreeBSD port of OpenVPN will forego the unit tests, and I will patch the warning out so I don't get "but just add cmake as a requisite" spam - which, when rectified, would lead to (2.) above... Cheers, Matthias From 9595ff1b4d89b8f25

Re: [Openvpn-devel] OpenVPN 2.3.12 released

2016-08-24 Thread Matthias Andree
yond the attached patch that solves (1.) above partially. The FreeBSD port of OpenVPN will forego the unit tests, and I will patch the warning out so I don't get "but just add cmake as a requisite" spam - which, when rectified, would lead to (2.) above... Cheers, Matthias From 9595ff1b4d89b8f25

Re: [Openvpn-devel] Valgring findings

2016-06-08 Thread Matthias Andree
Am 07.06.2016 um 15:47 schrieb Илья Шипицин: > Hello, > > I played with valgrind a bit > > https://travis-ci.org/chipitsine/openvpn/jobs/135869065 > > Looks like there are leaks in openssl code, should we suppress it? Not that I've found the "leaks" you're reporting; however: I seem to recall

Re: [Openvpn-devel] OpenVPN 2.3.11 released

2016-05-14 Thread Matthias Andree
Am 10.05.2016 um 12:06 schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN 2.3.11. > It can be downloaded from here: > > > > This release fixes two vulnerabilities: a port-share bug with DoS >

Re: [Openvpn-devel] [PATCH applied] Re: Fix polarssl / mbedtls builds

2016-05-13 Thread Matthias Andree
Am 13.05.2016 um 09:32 schrieb Gert Doering: > ACK. Tested on FreeBSD 9.3, all 3 tests in "make check", works. > > It is in line with the much better tested code in master, and with the > man page: > > "The default for --tls-cipher is to use PolarSSL's default cipher > list when using

Re: [Openvpn-devel] [PATCH v2 (2.3)] Restrict default TLS cipher list

2016-05-13 Thread Matthias Andree
Am 17.04.2016 um 20:23 schrieb Steffan Karger: > In the past years, the internet has been moving forward wrt deprecating > older and less secure ciphers. Let's follow this example in OpenVPN and > also restrict the default list of negotiable TLS ciphers in 2.3.x. > > This disables the following:

Re: [Openvpn-devel] SIGSEGV (NULL ptr deref) in PolarSSL-based build if noTLS ciphers specified (was: OpenVPN 2.3.11 released)

2016-05-13 Thread Matthias Andree
Am 10.05.2016 um 12:06 schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN 2.3.11. > It can be downloaded from here: > > > > This release fixes two vulnerabilities: a port-share bug with DoS >

Re: [Openvpn-devel] [PATCH] Remove useless dash escapes from the man-page

2015-04-29 Thread Matthias Andree
Am 29.04.2015 um 14:07 schrieb David Woodhouse: > On Tue, 2015-03-31 at 09:19 +0200, Matthias Andree wrote: >> I am concerned this will cause misformattings and inability to search >> for options with leading dashes on some systems - I don't recall >> versions, but I do know t

Re: [Openvpn-devel] [PATCH] m4: enable silent build

2015-04-27 Thread Matthias Andree
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 27.04.2015 um 16:48 schrieb David Sommerseth: > Having this said, if you do builds on systems with a more modern > automake, I do want to encourage people to run 'make V=0' or use > ./configure --enable-silent-rules. This will ensure we can

Re: [Openvpn-devel] [PATCH] m4: enable silent build

2015-04-15 Thread Matthias Andree
Am 14.04.2015 um 20:34 schrieb Yegor Yefremov: > Signed-off-by: Yegor Yefremov > --- > configure.ac | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/configure.ac b/configure.ac > index 9132468..ca0d9c3 100644 > --- a/configure.ac > +++ b/configure.ac > @@

Re: [Openvpn-devel] [PATCH] Remove useless dash escapes from the man-page

2015-03-31 Thread Matthias Andree
Am 31.03.2015 um 08:44 schrieb sam...@openvpn.net: > From: Samuli Seppänen > > This patch is against the release/2.3 branch > > Trac: 512 > Signed-off-by: Samuli Seppänen > --- > doc/openvpn.8 | 1800 >

Re: [Openvpn-devel] [PATCH] Re-enable TLS version negotiation by default

2015-03-30 Thread Matthias Andree
Am 10.03.2015 um 20:26 schrieb Steffan Karger: > Re-enable TLS version negotiation by default, so that users > benefit from the stronger and better crypto of TLSv1.1 and > TLSv1.2, without having to add 'tls-version-min' to their > config files. > > We tried this before in 2.3.3, but got various

[Openvpn-devel] [PATCH] Manual page update for Re-enabled TLS version negotiation.

2015-03-30 Thread Matthias Andree
Signed-off-by: Matthias Andree <matthias.and...@gmx.de> --- doc/openvpn.8 | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index a95d353..1420bdd 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4286,16 +4286,19 @@ includ

Re: [Openvpn-devel] Topics for next week's (Monday, 30th Mar 2015) community meeting

2015-03-29 Thread Matthias Andree
Am 23.03.2015 um 20:21 schrieb Samuli Seppänen: > Hi, > > We're going to have an IRC meeting _next_ Monday, 30th March, starting > at 20:00 CET (19:00 UTC) on #openvpn-de...@irc.freenode.net. Current > topic list along with basic information is here: > >

Re: [Openvpn-devel] AES-NI trouble, and patch - please review/comment

2014-12-13 Thread Matthias Andree
Am 18.11.2014 um 23:46 schrieb Matthias Andree: > Greetings, > > I received a bug report against the FreeBSD OpenVPN port, but before > applying a patch (by Ermal Luçi) I do not currently oversee, I would > like your input. > > https://redmine.pf

Re: [Openvpn-devel] [PATCH] configure.ac: fix default behavior

2014-11-24 Thread Matthias Andree
Am 22.11.2014 um 10:43 schrieb Steffan Karger: > Hi Yegor, > > On 21-11-14 20:43, Yegor Yefremov wrote: >> This patch is a result of our IRC discussion with Arne. Alternative >> approach were to always build with password-save functionality without >> configure option at all. > > Thanks for the

[Openvpn-devel] AES-NI trouble, and patch - please review/comment

2014-11-18 Thread Matthias Andree
Greetings, I received a bug report against the FreeBSD OpenVPN port, but before applying a patch (by Ermal Luçi) I do not currently oversee, I would like your input. https://redmine.pfsense.org/issues/3966 original https://community.openvpn.net/openvpn/ticket/480 copy

Re: [Openvpn-devel] Openvpn 2.3.2: "Could not create temporary file" ....Too many open files

2014-07-23 Thread Matthias Andree
Am 23.07.2014 08:19, schrieb arno.oderm...@ch.schindler.com: > Dear both, > > thank you for your reply. > Yes, we are using the "--client-connect" and according to 2.3 OpenVPN > manual (see section below) it does create files by writing to "file > named by $1." > > Gert, we are sure, there was

Re: [Openvpn-devel] [PATCH] Support non-ASCII characters in Windows tmp path

2013-12-04 Thread Matthias Andree
I also found http://moser-isi.ethz.ch/docs/english_verb_inf_ing.pdf after my earlier post.

Re: [Openvpn-devel] [PATCH] t_client.sh: Check for fping/fping6 availability

2013-11-15 Thread Matthias Andree
Am 15.11.2013 18:12, schrieb David Sommerseth: > From: David Sommerseth > > Check if fping and fping6 is available before running the real tests, > to avoid misleading test failures. > > Signed-off-by: David Sommerseth > --- > tests/t_client.sh.in | 12

Re: [Openvpn-devel] RFD - block-ipv6

2013-08-17 Thread Matthias Andree
Am 17.08.2013 12:30, schrieb Gert Doering: > So, what I'm hoping to hear from you... > > - should we include this in 2.3.3? > - if yes, are changes needed? Well, it would take huge warning banners because it might disrupt existing setups (which would be insecure through the "connect around

Re: [Openvpn-devel] Topics for next weeks meeting

2013-04-18 Thread Matthias Andree
Am 10.04.2013 13:47, schrieb Samuli Seppänen: > Hi all, > > After a fairly long pause, the community meetings are starting again. > Next one is on Thursday 18th Apr 2013. The preliminary agenda is here: > > > > Best regards, >

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

2013-01-21 Thread Matthias Andree
Am 21.01.2013 14:23, schrieb Gert Doering: > Hi, > > just for the sake of those not following the discussion on IRC... > > On Mon, Jan 21, 2013 at 11:23:17AM +0100, Gert Doering wrote: >> I'm more concernced about maintainability of the OpenVPN code base, and >> having more #ifdef in there is

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

2013-01-20 Thread Matthias Andree
Is there any important system where requiring PolarSSL >= 1.2.3 is not an option, besides "admin is too lazy or can't convince his manager that he needs to upgrade"? This #ifdef stuff makes the whole story a bit inconcise. It might be suitable for 2.3.X, but not to base 2.4 or newer releases on.

Re: [Openvpn-devel] compiling with visual studio

2013-01-17 Thread Matthias Andree
Am 16.01.2013 11:11, schrieb Gert Doering: > Hi, > > On Tue, Jan 15, 2013 at 09:03:07PM +0200, Athanasios Douitsis wrote: >> Trying to compile 2.3 with visual studio 2010. I am getting the following >> error: >> >> init.c(186): error C2143: syntax error : missing ';' before 'type' >>

[Openvpn-devel] easy-rsa status?

2013-01-13 Thread Matthias Andree
Greetings, I have just added the easy-rsa package to the FreeBSD ports collection, security/easy-rsa, and security/openvpn is now optionally (default: yes) depending on security/easy-rsa so people get this, as they did with 2.2.2. However, I found it hard to collect together the few scattered

Re: [Openvpn-devel] [PATCH] Enable TCP_NODELAY configuration on FreeBSD.

2013-01-13 Thread Matthias Andree
Am 12.01.2013 21:13, schrieb Gert Doering: > Hi, > > On Sat, Jan 12, 2013 at 01:41:17PM +0100, Matthias Andree wrote: >> The missing #include causes a defined(TCP_NODELAY) to >> fail. I have added the patch to the FreeBSD ports OpenVPN 2.2.2 and >> 2.3.0, and confirm

Re: [Openvpn-devel] fix build with automake 1.13(.1)

2013-01-12 Thread Matthias Andree
Am 08.01.2013 09:39, schrieb Christian Hesse: > AM_CONFIG_HEADER has been deprecated for some time, finally it is removed on > automake 1.13. The attached patch replaces it with AC_CONFIG_HEADERS and > fixes build process with latest automake. Please apply. ACK. signature.asc Description:

Re: [Openvpn-devel] OpenVPN 2.3.0 released

2013-01-12 Thread Matthias Andree
Am 08.01.2013 15:14, schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN > 2.3.0. It can be downloaded from here: > > > > This release includes two bug fixes. A full list of changes is available >

[Openvpn-devel] [PATCH] Enable TCP_NODELAY configuration on FreeBSD.

2013-01-12 Thread Matthias Andree
Listening for incoming TCP connection on [undef] Sat Jan 12 13:39:18 2013 Socket flags: TCP_NODELAY=1 succeeded Obtained from: https://community.openvpn.net/openvpn/ticket/158 Credits to: M. Nottebrock Signed-off-by: Matthias Andree <matthias.and...@gmx.de> --- src/openvpn/syshead.h | 4

Re: [Openvpn-devel] configure patch for MacOS 10.7

2012-02-21 Thread Matthias Andree
Am 07.02.2012 11:24, schrieb Gert Doering: > Hi, > > I'm forwarding this "as-is", as I do not have enough understanding of > autoconf to say whether this is necessary, or "the right fix" - but > anyway, I've been told that this is needed to make our configure > behave on MacOS 10.7. Looks

[Openvpn-devel] [PATCH] Skip rather than fail test in addressless FreeBSD jails.

2011-07-20 Thread Matthias Andree
Signed-off-by: Matthias Andree <matthias.and...@gmx.de> --- t_cltsrv.sh |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/t_cltsrv.sh b/t_cltsrv.sh index 808d719..5bcbfc7 100755 --- a/t_cltsrv.sh +++ b/t_cltsrv.sh @@ -33,7 +33,7 @@ case `uname -s` in

Re: [Openvpn-devel] [PATCH] Further improvements to plugin support:

2011-07-07 Thread Matthias Andree
Am 07.07.2011 10:19, schrieb Adriaan de Jong: > - Renamed struct entries to explicitly show them as disabled > - Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or > ssl_verify_polarssl.h is included > - If neither of those files is included, disable ssl support for a

Re: [Openvpn-devel] [PATCH] Fixes for the plugin system:

2011-07-07 Thread Matthias Andree
Am 07.07.2011 09:27, schrieb Adriaan de Jong: > - Removed the dependency on an SSL library for USE_SSL when creating non-SSL > plugins > - Fixed example plugin code to include USE_SSL when needed > > Signed-off-by: Adriaan de Jong > diff --git a/openvpn-plugin.h

Re: [Openvpn-devel] [PATCH] Fixes to easy-rsa/2.0

2011-07-01 Thread Matthias Andree
Am 01.07.2011 10:26, schrieb David Sommerseth: > Agreed, and we decided yesterday in the developers meeting to remove 0.9.6 > support. However we found it better to remove that support first in > OpenVPN 2.3, as we will then go through the source code and remove all > 0.9.6 related stuff in the

Re: [Openvpn-devel] [PATCH] Fixes to easy-rsa/2.0

2011-06-30 Thread Matthias Andree
Am 30.06.2011 09:59, schrieb sam...@openvpn.net: > From: Samuli Seppänen > > As support for OpenSSL 1.0.0 requires a modified openssl.cnf file, it was > decided to rename openssl.cnf to openssl-1.0.0.cnf for clarity and better > support of different OpenSSL versions. The old

Re: [Openvpn-devel] [PATCH] fix 2.2.0 build failure when management interface disabled

2011-05-14 Thread Matthias Andree
and that is obviously only needed if management > is enabled. > > So: ACK from me. > > Samuli: we need buildbot variants with/without management, it seems... Cutting down complexity (i. e. cutting out branches in the decision and/or option trees) is going to help more than just trying to cure the symptoms. -- Matthias Andree

Re: [Openvpn-devel] [PATCH 1/1] Fix warning: format not a string literal and no format arguments

2011-02-17 Thread Matthias Andree
Good catch, patch approved. -- Matthias Andree

Re: [Openvpn-devel] configure not finding lzo (Solaris, NetBSD)

2011-01-17 Thread Matthias Andree
th-lzo-lib=..." - but I still wonder if > life shouldn't be easier for the 95%-case on a given distribution. The 95% case on a given distribution is that the distributor packages OpenVPN and the user doesn't care beyond that point. > "If other packages can get this automatically, why do we need switches > for OpenVPN"? Document that and be done. It helps the user much more than convenience hacks. -- Matthias Andree

Re: [Openvpn-devel] configure not finding lzo (Solaris, NetBSD)

2011-01-17 Thread Matthias Andree
; fixed? Same story on FreeBSD. Should be fixed, but those fixes likely belong into autoconf proper, rather than each and every package that uses autoconf. Such workarounds don't belong into OpenVPN. Until that time, passing CPPFLAGS and LDFLAGS on the ./configure command line like ./configure CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib would do the trick. -- Matthias Andree

Re: [Openvpn-devel] OpenVPN documentation (man page) review

2011-01-12 Thread Matthias Andree
t; little bit more as well. And needs to be system-specific in that very instant because the tools are. > Another thing, just as a side note, easy-rsa could really use a man page > as well. True enough, but better placed in a separate thread on the lists, and I suppose you'll collect volunteers much more easily for this much smaller project :) -- Matthias Andree

Re: [Openvpn-devel] OpenVPN documentation (man page) review

2011-01-12 Thread Matthias Andree
ually reduces confusion this way. Basically what you want is more (a) a concise HOWTO (more or less in place on the website), and (b) an exhaustive reference, no? -- Matthias Andree

Re: [Openvpn-devel] further mysnprintf discussion (was: Summary of the IRC meeting (6th Jan 2011))

2011-01-08 Thread Matthias Andree
ts #include "..."-d by buffer.c and by service-win32/openvpnserv.c, then at least you don't have the headaches to remember to change two places when fixing a bug. HTH & best regards -- Matthias Andree

Re: [Openvpn-devel] bugfix2.1: automake support for plugin build

2011-01-06 Thread Matthias Andree
gt; LDFLAGS are hard-coded (which is very bad program practice by the way) > in a propriety Makefile as is the case with the OpenVPN plugins. Which means that it's still somehow in your build. -- Matthias Andree

Re: [Openvpn-devel] bugfix2.1: automake support for plugin build

2011-01-06 Thread Matthias Andree
Am 06.01.2011 21:42, schrieb Mr Dash Four: > >> I suppose you need to modify the .spec file to make sure you're running >> autoreconf twice up front (or libtoolize, aclocal, autoconf, automake, >> possibly autoheader). >> >> Note you'll want to remove the .la files from the destdir, and list the

[Openvpn-devel] bugfix2.1: automake support for plugin build

2011-01-06 Thread Matthias Andree
Greetings, following up the "[OpenVPN 2.1.4 BUG]: hard-coded values in Makefiles for down-root and auth-pam plugins prevent cross compilation" bug, I am providing patches for review and test in cross-compilation environments. I have tested these on native compiles with Ubuntu Linux 10.10 32-bit,

  1   2   3   >