1 | |
---|
2 | <ordex> FYI I may not join the meeting today. girlfriend sick and kids[1] in full vomiting mode, so my attention is a bit redirected elsewhere...will catch up on the log/summary later |
---|
3 | <ordex> regarding me checking for a FOSS OpenVPN entity: I am still discussing with the consultant, so no news on that point yet |
---|
4 | <cron2> ordex: ewww :-( - all the best |
---|
5 | <cron2> lev__: any opinions on gerrit/501? This should fix your problem while keeping d12fk's features |
---|
6 | <lev__> cron2: I am testing it right now |
---|
7 | <cron2> cool |
---|
8 | <cron2> d12fk: this NTLM code makes my eyes water... "if we have a good variable 'length', then why use 'msg_buf[sb_offset]' as length for memcpy() instead...?!? |
---|
9 | <cron2> s/d12fk/djpig/ but anyway |
---|
10 | <cron2> lev__: https://github.com/cron2/openvpn/actions/runs/7554014120 |
---|
11 | <cron2> this is not a problem of our code but of "vcpkg and the git runner", right? |
---|
12 | <cron2> (pressing rebuild on one of the failed builds make it work, so "not our code") |
---|
13 | <cron2> plaisthos: when a (second) client connects with the same cert/CN as an existing client, what happens in the server? I guess the server will just *forget* that the first client ever existed, so the client is not notified but needs to time out (keepalive)? |
---|
14 | <lev__> "vcpkg has crashed" :( |
---|
15 | <cron2> lev__: indeed |
---|
16 | <plaisthos> cron2: depends on duplicate-cn |
---|
17 | <plaisthos> normally first clients gets disconnected |
---|
18 | <cron2> yes, of course, "if duplicate-cn is not set" |
---|
19 | <cron2> but what does "disconnected" mean, technically? |
---|
20 | <plaisthos> have to deep dive into the code |
---|
21 | <cron2> will we send EEN, or anything else? |
---|
22 | <plaisthos> should also seend EEN |
---|
23 | * MaxF (~MaxF@cust-95-128-91-242.breedbanddelft.nl) has joined |
---|
24 | * cron2 has changed the topic to: https://community.openvpn.net/openvpn/wiki/Topics-2024-01-17 |
---|
25 | <cron2> does not exist yet... anyone seen novaflash? |
---|
26 | * uddr35 (~uddr35@91.214.209.137) has joined |
---|
27 | <plaisthos> on vacation |
---|
28 | <cron2> so who does the meeting organization today? I'm a bit handicapped (sitting in the school library) |
---|
29 | <cron2> mattock? |
---|
30 | <cron2> is djpig on vacation too? |
---|
31 | <plaisthos> no. Sick |
---|
32 | <cron2> :( |
---|
33 | <plaisthos> looks like it is only us three |
---|
34 | <cron2> four :-) - MaxF and uddr35 |
---|
35 | <MaxF> my vacation is over :( |
---|
36 | <cron2> so - I've been working my way through gerrit patches, merging the two NTLM "increase buffer size" patches next (tests already run) |
---|
37 | <lev__> hola |
---|
38 | <cron2> the remaining NTLM patches want to be discussed when djpig is back |
---|
39 | <cron2> 5! |
---|
40 | <lev__> we got a CVE number for the installer's issue |
---|
41 | <cron2> mbedTLS merger waits for a test report from plaisthos, then cherrypick the original 4 patches |
---|
42 | <cron2> lev__: ah, nice |
---|
43 | <plaisthos> autoconf/automake/configure currently pick header and library from two different places *sighs* |
---|
44 | <lev__> so it would be nice for someone besides be to test the fix, which is on security@ |
---|
45 | <uddr35> aloha |
---|
46 | <lev__> /s/be/me |
---|
47 | <cron2> uddr35: can you do windows? |
---|
48 | <uddr35> @cron2 not really |
---|
49 | <plaisthos> then you will learn it now! |
---|
50 | <plaisthos> *runs* |
---|
51 | <cron2> is d12fk operational this week? |
---|
52 | <uddr35> I can try but this will take some time |
---|
53 | <cron2> I can test this, but have too many other distractions |
---|
54 | <plaisthos> fhe sends patches in the middle of the night ;P |
---|
55 | <cron2> lev__: I think we should motivate the original reporter to test this (I tried to engage him this morning already) |
---|
56 | <lev__> I can surely provide an installer to him |
---|
57 | <lev__> but I would prefer it to be built somewhere else rather than my own machine |
---|
58 | <lev__> but anyway, I can provide MSI as the first step |
---|
59 | * cron2 summons uddr35 for the building :-) |
---|
60 | <uddr35> @lev__ I can build installer for you |
---|
61 | <lev__> I haven't pushed anything to any public repos |
---|
62 | <lev__> uddr35: are you on security@ ? If not I can forward the patch to openvpn-build to you |
---|
63 | <uddr35> @lev__ nope, please forward |
---|
64 | <uddr35> can it be 2.6.8 I002 ? |
---|
65 | <cron2> it's not that criticial, so I'd pack it into 2.6.9 I001 |
---|
66 | <uddr35> ok |
---|
67 | <lev__> forwarded to signal! |
---|
68 | <cron2> 2.6.9 is sort of on track for next week |
---|
69 | <mattock> sorry, got distracted |
---|
70 | <cron2> --export-cert-tls merged, NTLM fixes merged (soon), installer fix being tested |
---|
71 | <uddr35> @lev__ got it, will build |
---|
72 | <cron2> cool |
---|
73 | * cron2 has nothing else to report so far |
---|
74 | <mattock> wiki.js: <redacted> |
---|
75 | <vpnHelper> Title: Main page | Wiki.js (at <redacted>) |
---|
76 | <cron2> when djpig is back we should discuss automated testing - the overlap gerrit/buildbot/github/GHA is less than perfect |
---|
77 | <mattock> xwiki: <redacted> |
---|
78 | <lev__> cron2: I am also looking at https://github.com/OpenVPN/ovpn-dco-win/issues/38 - some users got "access denied" when opening dco driver, and a workaround is either run msi installer as admin or run openvpn-gui as admin. I am unable to reproduce this and don't quite understand what is happening, but looking into a mitigation (explicitly assign ACL in driver code upon device creation) |
---|
79 | <cron2> lev__: sounds good |
---|
80 | <lev__> let's see if I manage to get it into 2.6.9 |
---|
81 | <cron2> mattock: xwiki wants a username |
---|
82 | <mattock> cron2: yes, both of them do - let me know your preferred used account names and I'll users for you |
---|
83 | <cron2> cron2 |
---|
84 | <mattock> I can also use IRC usernames |
---|
85 | <mattock> +1 |
---|
86 | <cron2> (that's the one I use on LDAP/Trac too) |
---|
87 | <mattock> these are throwaway demo instances so feel free to play around |
---|
88 | <cron2> wiki.js greets me with a "non user login" page, while xwiki asks right away |
---|
89 | <uddr35> @mattock uddr |
---|
90 | <mattock> uddr35: +1 |
---|
91 | <mattock> uddr35: wiki.js wants an email address to use as login - can you PM me one? |
---|
92 | <uddr35> @mattock <redacted> |
---|
93 | <cron2> <redacted> |
---|
94 | <mattock> +1 |
---|
95 | <rob0> mattock, if you don't mind please set me up a rob0 too. Not sure if I will do much with it, but I'll try. |
---|
96 | <mattock> rob0: ok, no problem, just give me username/email |
---|
97 | <cron2> we have a volunteer to port over all content! |
---|
98 | <Pippin_> :) |
---|
99 | <Pippin_> rewrite would be good :) |
---|
100 | <cron2> oh, another volunteer to port over & rewrite everything ;-) |
---|
101 | <Pippin_> btw since spam mitigation was reactivated, current wiki doesn't like the Topics i tried to create |
---|
102 | * uddr35_ (~uddr35@91.214.209.137) has joined |
---|
103 | <mattock> cron2 and uddr should be able to access the wikis now |
---|
104 | <Pippin_> it didn't like <removed because akismet> changed that to plastic-money |
---|
105 | <rob0> mattock, sent /msg |
---|
106 | * uddr35 has quit (Ping timeout: 252 seconds) |
---|
107 | <cron2> I'll test the wiki stuff later, a bit handicapped right ow |
---|
108 | <mattock> now cron2, uddr and rob0 accounts should work for both wikis |
---|
109 | <uddr35_> @mattock it works, thanks |
---|
110 | <mattock> uddr35: +1 |
---|
111 | <mattock> the live preview in wiki.js looks quite nice |
---|
112 | <mattock> both wikis can be extended a lot with plugins/modules - what you see is the most vanilla installation possible |
---|
113 | <mattock> so if something important is missing we can see if that can be added as a module/plugin/add-on |
---|
114 | <plaisthos> got to go, will check why mbed TLS always builds against 2.x in an hour or so |
---|
115 | <cron2> thanks |
---|
116 | <MaxF> what's going on with mbedtls? |
---|
117 | <cron2> testing on 2.6 i think |
---|
118 | <cron2> my laptop lost its Internet here so i am effectively out, sorry |
---|
119 | <mattock> meeting concluded it seems? |
---|
120 | <cron2> +1 |
---|