)]}'
{"id":"openvpn~1549","triplet_id":"openvpn~master~I53d47e4a0d33c380ee95e0e33aecad3db3197940","project":"openvpn","branch":"master","attention_set":{},"removed_from_attention_set":{"1000035":{"account":{"_account_id":1000035,"name":"syzzer","display_name":"Steffan Karger","email":"steffan@karger.me","username":"syzzer","status":"Commits and comments are my own views, not those of my employer."},"last_update":"2026-03-02 21:51:03.000000000","reason":"Change was submitted"},"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2026-03-02 14:19:58.000000000","reason":"removed on reply"},"1000030":{"account":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"last_update":"2026-03-02 21:51:03.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"I53d47e4a0d33c380ee95e0e33aecad3db3197940","subject":"Avoid unbounded allocations in pkcs11_mbedtls.c","status":"MERGED","created":"2026-02-20 17:19:02.000000000","updated":"2026-03-02 21:51:03.000000000","submitted":"2026-03-02 21:51:03.000000000","submitter":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"total_comment_count":4,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"1549","meta_rev_id":"be6ac528b6d5f74e782b2b68bbab1cdf7409407a","_number":1549,"virtual_id_number":1549,"owner":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},{"value":0,"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"default_value":0}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"CC":[{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},{"_account_id":1000035,"name":"syzzer","display_name":"Steffan Karger","email":"steffan@karger.me","username":"syzzer","status":"Commits and comments are my own views, not those of my employer."}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2026-02-20 17:19:03.000000000","updated_by":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2026-02-20 17:19:03.000000000","updated_by":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"reviewer":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"state":"REVIEWER"},{"updated":"2026-02-20 19:04:28.000000000","updated_by":{"_account_id":1000035,"name":"syzzer","display_name":"Steffan Karger","email":"steffan@karger.me","username":"syzzer","status":"Commits and comments are my own views, not those of my employer."},"reviewer":{"_account_id":1000035,"name":"syzzer","display_name":"Steffan Karger","email":"steffan@karger.me","username":"syzzer","status":"Commits and comments are my own views, not those of my employer."},"state":"CC"},{"updated":"2026-02-22 22:17:00.000000000","updated_by":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"reviewer":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"state":"CC"}],"messages":[{"id":"c9a0a6c53c4bc13c284e8daf3e731a81ddb8ae86","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"date":"2026-02-20 17:19:02.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"d9e504596e4e78f59b9ca3385229d5bee2e71509","author":{"_account_id":1000035,"name":"syzzer","display_name":"Steffan Karger","email":"steffan@karger.me","username":"syzzer","status":"Commits and comments are my own views, not those of my employer."},"date":"2026-02-20 19:04:28.000000000","message":"Patch Set 1:\n\n(1 comment)","accounts_in_message":[],"_revision_number":1},{"id":"b6a5f3c79011916da454ea1430044125f19e1e2d","author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"date":"2026-02-22 22:14:40.000000000","message":"Patch Set 1:\n\n(2 comments)","accounts_in_message":[],"_revision_number":1},{"id":"9d4b099f3694fd82db6428b15a6afe7e9702f56a","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2026-02-22 22:17:00.000000000","message":"Patch Set 1:\n\n(1 comment)","accounts_in_message":[],"_revision_number":1},{"id":"851a23cd02073eb54062e69539b871f2447afc9a","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2026-03-02 14:19:58.000000000","message":"Patch Set 1: Code-Review+2","accounts_in_message":[],"_revision_number":1},{"id":"be6ac528b6d5f74e782b2b68bbab1cdf7409407a","tag":"autogenerated:gerrit:merged","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2026-03-02 21:51:03.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"0a8e80aaf9c96718903251a828bc3e8055014160","revisions":{"eab6162e4dd33b9f255d29a0b81e71561641623a":{"kind":"REWORK","_number":1,"created":"2026-02-20 17:19:02.000000000","uploader":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"ref":"refs/changes/49/1549/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/49/1549/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/1 \u0026\u0026 git checkout -b change-1549 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/49/1549/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"38243844f225517fa1d288517db9a34a33c5ad13","subject":"configure.ac: adjust to native inotify support for FreeBSD 15+"}],"author":{"name":"Max Fillinger","email":"maximilian.fillinger@sentyron.com","date":"2026-02-20 16:55:25.000000000","tz":60},"committer":{"name":"Max Fillinger","email":"maximilian.fillinger@sentyron.com","date":"2026-02-20 16:55:25.000000000","tz":60},"subject":"Avoid unbounded allocations in pkcs11_mbedtls.c","message":"Avoid unbounded allocations in pkcs11_mbedtls.c\n\nThe PKCS#11 provider can crash OpenVPN by making it try to allocate\n2^64 bytes for a certificate. To avoid this, set a maximum size for\ncertificates. If the size is exceeded, don\u0027t try to allocate memory and\ninstead exit pkcs11_get_x509_cert with an error.\n\nThe chosen maximum size is 100.000 bytes which is twice the size of\na SLH-DSA (aka SPHINCS+) signature.\n\nFound-by: ZeroPath (https://zeropath.com/)\nReported-by: Joshua Rogers \u003ccontact@joshua.hu\u003e\nGithub: closes OpenVPN/openvpn-private-issues#42\n\nChange-Id: I53d47e4a0d33c380ee95e0e33aecad3db3197940\nSigned-off-by: Max Fillinger \u003cmaximilian.fillinger@sentyron.com\u003e\n"},"branch":"refs/heads/master"},"0a8e80aaf9c96718903251a828bc3e8055014160":{"kind":"TRIVIAL_REBASE_WITH_MESSAGE_UPDATE","_number":2,"created":"2026-03-02 21:51:03.000000000","uploader":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"ref":"refs/changes/49/1549/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/49/1549/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/2 \u0026\u0026 git checkout -b change-1549 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/49/1549/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/49/1549/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"44045a6041e8a907c538cda67bf716b525218e4e","subject":"GHA: Maintenance update February 2026"}],"author":{"name":"Max Fillinger","email":"maximilian.fillinger@sentyron.com","date":"2026-03-02 14:20:39.000000000","tz":60},"committer":{"name":"Gert Doering","email":"gert@greenie.muc.de","date":"2026-03-02 21:47:19.000000000","tz":60},"subject":"Avoid unbounded allocations in pkcs11_mbedtls.c","message":"Avoid unbounded allocations in pkcs11_mbedtls.c\n\nThe PKCS#11 provider can crash OpenVPN by making it try to allocate\n2^64 bytes for a certificate. To avoid this, set a maximum size for\ncertificates. If the size is exceeded, don\u0027t try to allocate memory and\ninstead exit pkcs11_get_x509_cert with an error.\n\nThe chosen maximum size is 100.000 bytes which is twice the size of\na SLH-DSA (aka SPHINCS+) signature.\n\nFound-by: ZeroPath (https://zeropath.com/)\nReported-by: Joshua Rogers \u003ccontact@joshua.hu\u003e\nGithub: closes OpenVPN/openvpn-private-issues#42\n\nChange-Id: I53d47e4a0d33c380ee95e0e33aecad3db3197940\nSigned-off-by: Max Fillinger \u003cmaximilian.fillinger@sentyron.com\u003e\nAcked-by: Arne Schwabe \u003carne-openvpn@rfc2549.org\u003e\nGerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1549\nMessage-Id: \u003c20260302142045.5954-1-gert@greenie.muc.de\u003e\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35807.html\nSigned-off-by: Gert Doering \u003cgert@greenie.muc.de\u003e\n"},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}