FYI I may not join the meeting today. girlfriend sick and kids[1] in full vomiting mode, so my attention is a bit redirected elsewhere...will catch up on the log/summary later regarding me checking for a FOSS OpenVPN entity: I am still discussing with the consultant, so no news on that point yet ordex: ewww :-( - all the best lev__: any opinions on gerrit/501? This should fix your problem while keeping d12fk's features cron2: I am testing it right now cool d12fk: this NTLM code makes my eyes water... "if we have a good variable 'length', then why use 'msg_buf[sb_offset]' as length for memcpy() instead...?!? s/d12fk/djpig/ but anyway lev__: https://github.com/cron2/openvpn/actions/runs/7554014120 this is not a problem of our code but of "vcpkg and the git runner", right? (pressing rebuild on one of the failed builds make it work, so "not our code") plaisthos: when a (second) client connects with the same cert/CN as an existing client, what happens in the server? I guess the server will just *forget* that the first client ever existed, so the client is not notified but needs to time out (keepalive)? "vcpkg has crashed" :( lev__: indeed cron2: depends on duplicate-cn normally first clients gets disconnected yes, of course, "if duplicate-cn is not set" but what does "disconnected" mean, technically? have to deep dive into the code will we send EEN, or anything else? should also seend EEN * MaxF (~MaxF@cust-95-128-91-242.breedbanddelft.nl) has joined * cron2 has changed the topic to: https://community.openvpn.net/openvpn/wiki/Topics-2024-01-17 does not exist yet... anyone seen novaflash? * uddr35 (~uddr35@91.214.209.137) has joined on vacation so who does the meeting organization today? I'm a bit handicapped (sitting in the school library) mattock? is djpig on vacation too? no. Sick :( looks like it is only us three four :-) - MaxF and uddr35 my vacation is over :( so - I've been working my way through gerrit patches, merging the two NTLM "increase buffer size" patches next (tests already run) hola the remaining NTLM patches want to be discussed when djpig is back 5! we got a CVE number for the installer's issue mbedTLS merger waits for a test report from plaisthos, then cherrypick the original 4 patches lev__: ah, nice autoconf/automake/configure currently pick header and library from two different places *sighs* so it would be nice for someone besides be to test the fix, which is on security@ aloha /s/be/me uddr35: can you do windows? @cron2 not really then you will learn it now! *runs* is d12fk operational this week? I can try but this will take some time I can test this, but have too many other distractions fhe sends patches in the middle of the night ;P lev__: I think we should motivate the original reporter to test this (I tried to engage him this morning already) I can surely provide an installer to him but I would prefer it to be built somewhere else rather than my own machine but anyway, I can provide MSI as the first step * cron2 summons uddr35 for the building :-) @lev__ I can build installer for you I haven't pushed anything to any public repos uddr35: are you on security@ ? If not I can forward the patch to openvpn-build to you @lev__ nope, please forward can it be 2.6.8 I002 ? it's not that criticial, so I'd pack it into 2.6.9 I001 ok forwarded to signal! 2.6.9 is sort of on track for next week sorry, got distracted --export-cert-tls merged, NTLM fixes merged (soon), installer fix being tested @lev__ got it, will build cool * cron2 has nothing else to report so far wiki.js: Title: Main page | Wiki.js (at ) when djpig is back we should discuss automated testing - the overlap gerrit/buildbot/github/GHA is less than perfect xwiki: cron2: I am also looking at https://github.com/OpenVPN/ovpn-dco-win/issues/38 - some users got "access denied" when opening dco driver, and a workaround is either run msi installer as admin or run openvpn-gui as admin. I am unable to reproduce this and don't quite understand what is happening, but looking into a mitigation (explicitly assign ACL in driver code upon device creation) lev__: sounds good let's see if I manage to get it into 2.6.9 mattock: xwiki wants a username cron2: yes, both of them do - let me know your preferred used account names and I'll users for you cron2 I can also use IRC usernames +1 (that's the one I use on LDAP/Trac too) these are throwaway demo instances so feel free to play around wiki.js greets me with a "non user login" page, while xwiki asks right away @mattock uddr uddr35: +1 uddr35: wiki.js wants an email address to use as login - can you PM me one? @mattock +1 mattock, if you don't mind please set me up a rob0 too. Not sure if I will do much with it, but I'll try. rob0: ok, no problem, just give me username/email we have a volunteer to port over all content! :) rewrite would be good :) oh, another volunteer to port over & rewrite everything ;-) btw since spam mitigation was reactivated, current wiki doesn't like the Topics i tried to create * uddr35_ (~uddr35@91.214.209.137) has joined cron2 and uddr should be able to access the wikis now it didn't like changed that to plastic-money mattock, sent /msg * uddr35 has quit (Ping timeout: 252 seconds) I'll test the wiki stuff later, a bit handicapped right ow now cron2, uddr and rob0 accounts should work for both wikis @mattock it works, thanks uddr35: +1 the live preview in wiki.js looks quite nice both wikis can be extended a lot with plugins/modules - what you see is the most vanilla installation possible so if something important is missing we can see if that can be added as a module/plugin/add-on got to go, will check why mbed TLS always builds against 2.x in an hour or so thanks what's going on with mbedtls? testing on 2.6 i think my laptop lost its Internet here so i am effectively out, sorry meeting concluded it seems? +1