IrcMeetings: irclog_2024-01-17.txt

 
<ordex> FYI I may not join the meeting today. girlfriend sick and kids[1] in full vomiting mode, so my attention is a bit redirected elsewhere...will catch up on the log/summary later
<ordex> regarding me checking for a FOSS OpenVPN entity: I am still discussing with the consultant, so no news on that point yet
<cron2> ordex: ewww :-( - all the best
<cron2> lev__: any opinions on gerrit/501?  This should fix your problem while keeping d12fk's features
<lev__> cron2: I am testing it right now
<cron2> cool
<cron2> d12fk: this NTLM code makes my eyes water... "if we have a good variable 'length', then why use 'msg_buf[sb_offset]' as length for memcpy() instead...?!?
<cron2> s/d12fk/djpig/ but anyway
<cron2> lev__: https://github.com/cron2/openvpn/actions/runs/7554014120
<cron2> this is not a problem of our code but of "vcpkg and the git runner", right?
<cron2> (pressing rebuild on one of the failed builds make it work, so "not our code")
<cron2> plaisthos: when a (second) client connects with the same cert/CN as an existing client, what happens in the server?  I guess the server will just *forget* that the first client ever existed, so the client is not notified but needs to time out (keepalive)?
<lev__> "vcpkg has crashed" :(
<cron2> lev__: indeed
<plaisthos> cron2: depends on duplicate-cn
<plaisthos> normally first clients gets disconnected
<cron2> yes, of course, "if duplicate-cn is not set"
<cron2> but what does "disconnected" mean, technically?
<plaisthos> have to deep dive into the code
<cron2> will we send EEN, or anything else?
<plaisthos> should also seend EEN
* MaxF (~MaxF@cust-95-128-91-242.breedbanddelft.nl) has joined
* cron2 has changed the topic to: https://community.openvpn.net/openvpn/wiki/Topics-2024-01-17
<cron2> does not exist yet... anyone seen novaflash?
* uddr35 (~uddr35@91.214.209.137) has joined
<plaisthos> on vacation
<cron2> so who does the meeting organization today?  I'm a bit handicapped (sitting in the school library)
<cron2> mattock?
<cron2> is djpig on vacation too?
<plaisthos> no. Sick
<cron2> :(
<plaisthos> looks like it is only us three
<cron2> four :-) - MaxF and uddr35
<MaxF> my vacation is over :(
<cron2> so - I've been working my way through gerrit patches, merging the two NTLM "increase buffer size" patches next (tests already run)
<lev__> hola
<cron2> the remaining NTLM patches want to be discussed when djpig is back
<cron2> 5!
<lev__> we got a CVE number for the installer's issue
<cron2> mbedTLS merger waits for a test report from plaisthos, then cherrypick the original 4 patches
<cron2> lev__: ah, nice
<plaisthos> autoconf/automake/configure currently pick header and library from two different places *sighs*
<lev__> so it would be nice for someone besides be to test the fix, which is on security@
<uddr35> aloha
<lev__>  /s/be/me
<cron2> uddr35: can you do windows?
<uddr35> @cron2 not really
<plaisthos> then you will learn it now!
<plaisthos> *runs*
<cron2> is d12fk operational this week?
<uddr35> I can try but this will take some time
<cron2> I can test this, but have too many other distractions
<plaisthos> fhe sends patches in the middle of the night ;P
<cron2> lev__: I think we should motivate the original reporter to test this (I tried to engage him this morning already)
<lev__> I can surely provide an installer to him
<lev__> but I would prefer it to be built somewhere else rather than my own machine
<lev__> but anyway, I can provide MSI as the first step
* cron2 summons uddr35 for the building :-)
<uddr35> @lev__ I can build installer for you
<lev__> I haven't pushed anything to any public repos
<lev__> uddr35: are you on security@ ? If not I can forward the patch to openvpn-build to you
<uddr35> @lev__ nope, please forward
<uddr35> can it be 2.6.8 I002 ?
<cron2> it's not that criticial, so I'd pack it into 2.6.9 I001
<uddr35> ok
<lev__> forwarded to signal!
<cron2> 2.6.9 is sort of on track for next week
<mattock> sorry, got distracted
<cron2> --export-cert-tls merged, NTLM fixes merged (soon), installer fix being tested
<uddr35> @lev__ got it, will build
<cron2> cool
* cron2 has nothing else to report so far
<mattock> wiki.js: <redacted>
<vpnHelper> Title: Main page | Wiki.js (at <redacted>)
<cron2> when djpig is back we should discuss automated testing - the overlap gerrit/buildbot/github/GHA is less than perfect
<mattock> xwiki: <redacted>
<lev__> cron2: I am also looking at https://github.com/OpenVPN/ovpn-dco-win/issues/38 - some users got "access denied" when opening dco driver, and a workaround is either run msi installer as admin or run openvpn-gui as admin. I am unable to reproduce this and don't quite understand what is happening, but looking into a mitigation (explicitly assign ACL in driver code upon device creation)
<cron2> lev__: sounds good
<lev__> let's see if I manage to get it into 2.6.9
<cron2> mattock: xwiki wants a username
<mattock> cron2: yes, both of them do - let me know your preferred used account names and I'll users for you
<cron2> cron2
<mattock> I can also use IRC usernames
<mattock> +1
<cron2> (that's the one I use on LDAP/Trac too)
<mattock> these are throwaway demo instances so feel free to play around
<cron2> wiki.js greets me with a "non user login" page, while xwiki asks right away
<uddr35> @mattock uddr
<mattock> uddr35: +1
<mattock> uddr35: wiki.js wants an email address to use as login - can you PM me one?
<uddr35> @mattock <redacted>
<cron2> <redacted>
<mattock> +1
<rob0> mattock, if you don't mind please set me up a rob0 too. Not sure if I will do much with it, but I'll try.
<mattock> rob0: ok, no problem, just give me username/email
<cron2> we have a volunteer to port over all content!
<Pippin_> :)
<Pippin_> rewrite would be good :)
<cron2> oh, another volunteer to port over & rewrite everything ;-)
<Pippin_> btw since spam mitigation was reactivated, current wiki doesn't like the Topics i tried to create
* uddr35_ (~uddr35@91.214.209.137) has joined
<mattock> cron2 and uddr should be able to access the wikis now
<Pippin_> it didn't like <removed because akismet> changed that to plastic-money
<rob0> mattock, sent /msg
* uddr35 has quit (Ping timeout: 252 seconds)
<cron2> I'll test the wiki stuff later, a bit handicapped right ow
<mattock> now cron2, uddr and rob0 accounts should work for both wikis
<uddr35_> @mattock it works, thanks
<mattock> uddr35: +1
<mattock> the live preview in wiki.js looks quite nice
<mattock> both wikis can be extended a lot with plugins/modules - what you see is the most vanilla installation possible
<mattock> so if something important is missing we can see if that can be added as a module/plugin/add-on
<plaisthos> got to go, will check why mbed TLS always builds against 2.x in an hour or so
<cron2> thanks
<MaxF> what's going on with mbedtls?
<cron2> testing on 2.6 i think
<cron2>  my laptop lost its Internet here so i am effectively out, sorry
<mattock> meeting concluded it seems?
<cron2> +1