)]}'
{"id":"openvpn~1314","triplet_id":"openvpn~master~I54845bf4dd17d06cfc3b402f188795f74f4b1d3e","project":"openvpn","branch":"master","attention_set":{},"removed_from_attention_set":{"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2025-10-28 16:35:39.000000000","reason":"Change was submitted"},"1000001":{"account":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"last_update":"2025-10-28 16:35:39.000000000","reason":"Change was submitted"},"1000007":{"account":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"last_update":"2025-10-28 16:35:39.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"I54845bf4dd17d06cfc3b402f188795f74f4b1d3e","subject":"sitnl: set FD_CLOEXEC on socket to prevent abuse","status":"MERGED","created":"2025-10-27 13:55:16.000000000","updated":"2025-10-28 16:35:39.000000000","submitted":"2025-10-28 16:35:39.000000000","submitter":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"1314","meta_rev_id":"2f671f9d992948f379a09cdbbf8338573724f1ee","_number":1314,"virtual_id_number":1314,"owner":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},{"value":0,"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"default_value":0}},"removable_reviewers":[{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."}],"reviewers":{"REVIEWER":[{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2025-10-27 13:55:17.000000000","updated_by":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2025-10-27 13:55:17.000000000","updated_by":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"reviewer":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"state":"REVIEWER"},{"updated":"2025-10-27 13:55:17.000000000","updated_by":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"reviewer":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"state":"REVIEWER"},{"updated":"2025-10-28 16:27:42.000000000","updated_by":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"reviewer":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"state":"REVIEWER"}],"messages":[{"id":"8fb8a7f887bc5bf5dda3f08b80447a95c5542b79","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2025-10-27 13:55:16.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"71115e999939cd224d01d5fe954041f0acc87d07","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2025-10-27 15:18:58.000000000","message":"Uploaded patch set 2.","accounts_in_message":[],"_revision_number":2},{"id":"a79845ac0b935f764403a2716a911d5b1d40c919","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2025-10-27 22:53:30.000000000","message":"Patch Set 2: Code-Review+2","accounts_in_message":[],"_revision_number":2},{"id":"074f12d0e8a81e76767156974b0f062385b3662c","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2025-10-28 08:46:45.000000000","message":"Uploaded patch set 3.\n\nOutdated Votes:\n* Code-Review+2 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN\")\n","accounts_in_message":[],"_revision_number":3},{"id":"f4693c74c00a65f5c6a105ccad4524303b827395","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"date":"2025-10-28 14:42:23.000000000","message":"Uploaded patch set 4.","accounts_in_message":[],"_revision_number":4},{"id":"ae0d012a0718b8ac700ab5f77a64612813633836","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2025-10-28 16:27:42.000000000","message":"Patch Set 4: Code-Review+2","accounts_in_message":[],"_revision_number":4},{"id":"2f671f9d992948f379a09cdbbf8338573724f1ee","tag":"autogenerated:gerrit:merged","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2025-10-28 16:35:39.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":5}],"current_revision_number":5,"current_revision":"b9b5470521294209146c7253a97012d399978d72","revisions":{"609fa75941a78337127c9618eaf2e3b986216c51":{"kind":"REWORK","_number":1,"created":"2025-10-27 13:55:16.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/14/1314/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/14/1314/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/1 \u0026\u0026 git checkout -b change-1314 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/14/1314/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"9c55e84eea01b1f3ddabae82c7df8adaac7b8c35","subject":"Remove perf.c/perf.h"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2025-10-27 12:47:17.000000000","tz":60},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2025-10-27 13:50:52.000000000","tz":60},"subject":"sitnl: set FD_CLOEXEC on socket to prevent abuse","message":"sitnl: set FD_CLOEXEC on socket to prevent abuse\n\nSince OpenVPN spawns various child processes, it is important\nthat sockets are closed after calling exec.\n\nThe sitnl socket didn\u0027t have the right flag set, resulting\nin it surviving in, for example, connect/disconnect scripts\nand giving the latter a chance to abuse the socket.\n\nEnsure this doesn\u0027t happen by setting FD_CLOEXEC on\nthis socket right after creation.\n\nReported-by: ZeroPath (https://zeropath.com/)\nChange-Id: I54845bf4dd17d06cfc3b402f188795f74f4b1d3e\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"02e507b8bcc5864b015ff95fddf850e966dd3f2c":{"kind":"REWORK","_number":2,"created":"2025-10-27 15:18:58.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/14/1314/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/14/1314/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/2 \u0026\u0026 git checkout -b change-1314 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/14/1314/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"9c55e84eea01b1f3ddabae82c7df8adaac7b8c35","subject":"Remove perf.c/perf.h"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2025-10-27 12:47:17.000000000","tz":60},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2025-10-27 15:18:52.000000000","tz":60},"subject":"sitnl: set FD_CLOEXEC on socket to prevent abuse","message":"sitnl: set FD_CLOEXEC on socket to prevent abuse\n\nSince OpenVPN spawns various child processes, it is important\nthat sockets are closed after calling exec.\n\nThe sitnl socket didn\u0027t have the right flag set, resulting\nin it surviving in, for example, connect/disconnect scripts\nand giving the latter a chance to abuse the socket.\n\nEnsure this doesn\u0027t happen by setting FD_CLOEXEC on\nthis socket right after creation.\n\nReported-by: ZeroPath (https://zeropath.com/)\nChange-Id: I54845bf4dd17d06cfc3b402f188795f74f4b1d3e\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"53aed2ccac98c46a1a4dfbcb79f58825608538b0":{"kind":"REWORK","_number":3,"created":"2025-10-28 08:46:45.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/14/1314/3","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/14/1314/3","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/3 \u0026\u0026 git checkout -b change-1314 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/14/1314/3","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/3 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"9c55e84eea01b1f3ddabae82c7df8adaac7b8c35","subject":"Remove perf.c/perf.h"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2025-10-27 12:47:17.000000000","tz":60},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2025-10-28 08:46:28.000000000","tz":60},"subject":"sitnl: set FD_CLOEXEC on socket to prevent abuse","message":"sitnl: set FD_CLOEXEC on socket to prevent abuse\n\nSince OpenVPN spawns various child processes, it is important\nthat sockets are closed after calling exec.\n\nThe sitnl socket didn\u0027t have the right flag set, resulting\nin it surviving in, for example, connect/disconnect scripts\nand giving the latter a chance to abuse the socket.\n\nEnsure this doesn\u0027t happen by setting FD_CLOEXEC on\nthis socket right after creation.\n\nReported-by: ZeroPath (https://zeropath.com/)\nChange-Id: I54845bf4dd17d06cfc3b402f188795f74f4b1d3e\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"83371d6350cbc1cd1278e917a074621e061216ae":{"kind":"REWORK","_number":4,"created":"2025-10-28 14:42:23.000000000","uploader":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"ref":"refs/changes/14/1314/4","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/14/1314/4","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/4 \u0026\u0026 git checkout -b change-1314 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/14/1314/4","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/4 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"9c55e84eea01b1f3ddabae82c7df8adaac7b8c35","subject":"Remove perf.c/perf.h"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2025-10-27 12:47:17.000000000","tz":60},"committer":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2025-10-28 14:37:49.000000000","tz":60},"subject":"sitnl: set FD_CLOEXEC on socket to prevent abuse","message":"sitnl: set FD_CLOEXEC on socket to prevent abuse\n\nSince OpenVPN spawns various child processes, it is important\nthat sockets are closed after calling exec.\n\nThe sitnl socket didn\u0027t have the right flag set, resulting\nin it surviving in, for example, connect/disconnect scripts\nand giving the latter a chance to abuse the socket.\n\nEnsure this doesn\u0027t happen by setting FD_CLOEXEC on\nthis socket right after creation.\n\nReported-by: ZeroPath (https://zeropath.com/)\nChange-Id: I54845bf4dd17d06cfc3b402f188795f74f4b1d3e\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\n"},"branch":"refs/heads/master"},"b9b5470521294209146c7253a97012d399978d72":{"kind":"TRIVIAL_REBASE_WITH_MESSAGE_UPDATE","_number":5,"created":"2025-10-28 16:35:39.000000000","uploader":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"ref":"refs/changes/14/1314/5","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/14/1314/5","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/5 \u0026\u0026 git checkout -b change-1314 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/5 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/5 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/5 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/14/1314/5","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/14/1314/5 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"05a8ba8080c7a7c3dc6cc681b3fc3cf8c559e053","subject":"Canonicalize config_dir before comparing with the config file location"}],"author":{"name":"Antonio Quartulli","email":"antonio@mandelbit.com","date":"2025-10-28 16:28:38.000000000","tz":60},"committer":{"name":"Gert Doering","email":"gert@greenie.muc.de","date":"2025-10-28 16:31:35.000000000","tz":60},"subject":"sitnl: set FD_CLOEXEC on socket to prevent abuse","message":"sitnl: set FD_CLOEXEC on socket to prevent abuse\n\nSince OpenVPN spawns various child processes, it is important\nthat sockets are closed after calling exec.\n\nThe sitnl socket didn\u0027t have the right flag set, resulting\nin it surviving in, for example, connect/disconnect scripts\nand giving the latter a chance to abuse the socket.\n\nEnsure this doesn\u0027t happen by setting FD_CLOEXEC on\nthis socket right after creation.\n\nReported-by: Joshua Rogers \u003ccontact@joshua.hu\u003e\nFound-by: ZeroPath (https://zeropath.com/)\nChange-Id: I54845bf4dd17d06cfc3b402f188795f74f4b1d3e\nSigned-off-by: Antonio Quartulli \u003cantonio@mandelbit.com\u003e\nAcked-by: Gert Doering \u003cgert@greenie.muc.de\u003e\nGerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1314\nMessage-Id: \u003c20251028162843.18189-1-gert@greenie.muc.de\u003e\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33952.html\nSigned-off-by: Gert Doering \u003cgert@greenie.muc.de\u003e\n"},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}