)]}'
{"id":"openvpn~555","triplet_id":"openvpn~master~I9457f005f4ba970502e6b667d9dc4299a588d661","project":"openvpn","branch":"master","attention_set":{},"removed_from_attention_set":{"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2024-05-16 11:12:38.000000000","reason":"\u003cGERRIT_ACCOUNT_1000003\u003e replied on the change","reason_account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}},"1000001":{"account":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"last_update":"2024-05-17 06:44:33.000000000","reason":"Change was submitted"},"1000031":{"account":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"last_update":"2024-05-17 06:44:33.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"I9457f005f4ba970502e6b667d9dc4299a588d661","subject":"Only schedule_exit() once","status":"MERGED","created":"2024-04-22 11:05:20.000000000","updated":"2024-05-17 06:44:33.000000000","submitted":"2024-05-17 06:44:33.000000000","submitter":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"total_comment_count":9,"unresolved_comment_count":1,"has_review_started":true,"submission_id":"555","meta_rev_id":"0943d9d0fe5b4f464c8eb475935da1c6cdd291a1","_number":555,"virtual_id_number":555,"owner":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},{"value":0,"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},{"value":0,"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},{"value":0,"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"default_value":0}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"}],"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2024-04-22 11:05:21.000000000","updated_by":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2024-04-22 11:05:21.000000000","updated_by":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"reviewer":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"state":"REVIEWER"},{"updated":"2024-04-22 11:05:21.000000000","updated_by":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"reviewer":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"state":"REVIEWER"}],"messages":[{"id":"085c4f599e8a8eb181c349727d248bcbf842fc5d","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"date":"2024-04-22 11:05:20.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"86273227cd3500d1217842f034aea27bc3da084d","author":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"date":"2024-04-22 11:14:15.000000000","message":"Patch Set 1: Code-Review+2\n\n(1 comment)","accounts_in_message":[],"_revision_number":1},{"id":"93a6b5fdf4825172950f79c3dc1b20397b207175","author":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"date":"2024-04-22 11:19:41.000000000","message":"Patch Set 1: Code-Review-1\n\n(2 comments)","accounts_in_message":[],"_revision_number":1},{"id":"ab4432fecbed78638083532e3ff9b10f9a0a39d4","author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"date":"2024-04-22 11:46:20.000000000","message":"Patch Set 1:\n\n(2 comments)","accounts_in_message":[],"_revision_number":1},{"id":"977829409664bfc1e4ea8530361dc17a1eb0ec48","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"date":"2024-04-24 10:40:15.000000000","message":"Uploaded patch set 2.\n\nOutdated Votes:\n* Code-Review-1 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN\")\n","accounts_in_message":[],"_revision_number":2},{"id":"3350fb9669a06cf312c46d1af82530fefe308b72","author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"date":"2024-04-24 12:13:13.000000000","message":"Patch Set 2: Code-Review+2\n\n(3 comments)","accounts_in_message":[],"_revision_number":2},{"id":"3415314fe77ef88af11dca6f87057e45d783ccf9","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2024-05-14 13:15:58.000000000","message":"Patch Set 2: Code-Review+2","accounts_in_message":[],"_revision_number":2},{"id":"efd6920f5e276af25e7d4ac2c2994e6ab1107e61","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"date":"2024-05-16 08:36:51.000000000","message":"Uploaded patch set 3.\n\nOutdated Votes:\n* Code-Review+2 (copy condition: \"changekind:NO_CHANGE OR changekind:TRIVIAL_REBASE OR is:MIN\")\n","accounts_in_message":[],"_revision_number":3},{"id":"83f4ecf305fd13824fc7188d8c072d012b7f9b6c","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2024-05-16 11:12:38.000000000","message":"Patch Set 3:\n\n(1 comment)","accounts_in_message":[],"_revision_number":3},{"id":"ce2e4d8d244aa62007c64911736eae56d8302383","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2024-05-16 11:13:23.000000000","message":"Patch Set 3: Code-Review+2","accounts_in_message":[],"_revision_number":3},{"id":"0943d9d0fe5b4f464c8eb475935da1c6cdd291a1","tag":"autogenerated:gerrit:merged","author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"date":"2024-05-17 06:44:33.000000000","message":"Change has been successfully pushed.","accounts_in_message":[],"_revision_number":4}],"current_revision_number":4,"current_revision":"55bb3260c12bae33b6a8eac73cbb6972f8517411","revisions":{"2fb60a8651262283fed79366eb4d53df5f769228":{"kind":"REWORK","_number":1,"created":"2024-04-22 11:05:20.000000000","uploader":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"ref":"refs/changes/55/555/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/55/555/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/1 \u0026\u0026 git checkout -b change-555 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/55/555/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"32e6586687a548174b88b64fe54bfae6c74d4c19","subject":"Change default of \"topology\" to \"subnet\""}],"author":{"name":"Reynir Björnsson","email":"reynir@reynir.dk","date":"2024-04-19 14:02:01.000000000","tz":120},"committer":{"name":"Reynir Björnsson","email":"reynir@reynir.dk","date":"2024-04-22 11:05:10.000000000","tz":120},"subject":"Only schedule_exit() once","message":"Only schedule_exit() once\n\nIf an exit has already been scheduled we should not schedule it again.\nOtherwise, the exit signal is never emitted if the peer reschedules the\nexit before the timeout occurs.\n\nChange-Id: I9457f005f4ba970502e6b667d9dc4299a588d661\nSigned-off-by: Reynir Björnsson \u003creynir@reynir.dk\u003e\n"},"branch":"refs/heads/master"},"67e0f55b9bd3cfb5adbdddc4e8caf308e17a74af":{"kind":"REWORK","_number":2,"created":"2024-04-24 10:40:15.000000000","uploader":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"ref":"refs/changes/55/555/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/55/555/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/2 \u0026\u0026 git checkout -b change-555 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/55/555/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"32e6586687a548174b88b64fe54bfae6c74d4c19","subject":"Change default of \"topology\" to \"subnet\""}],"author":{"name":"Reynir Björnsson","email":"reynir@reynir.dk","date":"2024-04-19 14:02:01.000000000","tz":120},"committer":{"name":"Reynir Björnsson","email":"reynir@reynir.dk","date":"2024-04-24 10:39:27.000000000","tz":120},"subject":"Only schedule_exit() once","message":"Only schedule_exit() once\n\nIf an exit has already been scheduled we should not schedule it again.\nOtherwise, the exit signal is never emitted if the peer reschedules the\nexit before the timeout occurs.\n\nschedule_exit() now only takes the context as argument. The signal is\nhard coded to SIGTERM, and the interval is read directly from the\ncontext options.\n\nFurthermore, schedule_exit() now returns a bool signifying whether an\nexit was scheduled; false if exit is already scheduled. The call sites\nare updated accordingly. A notable difference is that management is only\nnotified *once* when an exit is scheduled - we no longer notify\nmanagement on redundant exit.\n\nChange-Id: I9457f005f4ba970502e6b667d9dc4299a588d661\nSigned-off-by: Reynir Björnsson \u003creynir@reynir.dk\u003e\n"},"branch":"refs/heads/master"},"4c2e9f0ba6d600ae285a2b7b7e898db5fd7a679b":{"kind":"REWORK","_number":3,"created":"2024-05-16 08:36:51.000000000","uploader":{"_account_id":1000031,"name":"reynir","email":"reynir@reynir.dk","username":"reynir"},"ref":"refs/changes/55/555/3","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/55/555/3","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/3 \u0026\u0026 git checkout -b change-555 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/55/555/3","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/3 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"32e6586687a548174b88b64fe54bfae6c74d4c19","subject":"Change default of \"topology\" to \"subnet\""}],"author":{"name":"Reynir Björnsson","email":"reynir@reynir.dk","date":"2024-04-19 14:02:01.000000000","tz":120},"committer":{"name":"Reynir Björnsson","email":"reynir@reynir.dk","date":"2024-05-16 08:19:33.000000000","tz":120},"subject":"Only schedule_exit() once","message":"Only schedule_exit() once\n\nIf an exit has already been scheduled we should not schedule it again.\nOtherwise, the exit signal is never emitted if the peer reschedules the\nexit before the timeout occurs.\n\nschedule_exit() now only takes the context as argument. The signal is\nhard coded to SIGTERM, and the interval is read directly from the\ncontext options.\n\nFurthermore, schedule_exit() now returns a bool signifying whether an\nexit was scheduled; false if exit is already scheduled. The call sites\nare updated accordingly. A notable difference is that management is only\nnotified *once* when an exit is scheduled - we no longer notify\nmanagement on redundant exit.\n\nThis patch was assigned a CVE number after already reviewed and ACKed,\nbecause it was discovered that a misbehaving client can use the (now\nfixed) server behaviour to avoid being disconnected by means of a\nmanagment interface \"client-kill\" command - the security issue here is\n\"client can circumvent security policy set by management interface\".\n\nThis only affects previously authenticated clients, and only management\nclient-kill, so normal renegotion / AUTH_FAIL (\"your session ends\") is not\naffected.\n\nCVE: 2024-28882\n\nChange-Id: I9457f005f4ba970502e6b667d9dc4299a588d661\nSigned-off-by: Reynir Björnsson \u003creynir@reynir.dk\u003e\n"},"branch":"refs/heads/master"},"55bb3260c12bae33b6a8eac73cbb6972f8517411":{"kind":"REWORK","_number":4,"created":"2024-05-17 06:44:33.000000000","uploader":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"ref":"refs/changes/55/555/4","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/55/555/4","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/4 \u0026\u0026 git checkout -b change-555 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/55/555/4","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/55/555/4 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"763b35f652b1913ddd01e6c548b3e6a57076ba42","subject":"Remove custom TLS 1.0 PRF implementation only used by LibreSSL/wolfSSL"}],"author":{"name":"Reynir Björnsson","email":"reynir@reynir.dk","date":"2024-05-16 11:58:08.000000000","tz":120},"committer":{"name":"Gert Doering","email":"gert@greenie.muc.de","date":"2024-05-16 20:30:57.000000000","tz":120},"subject":"Only schedule_exit() once","message":"Only schedule_exit() once\n\nIf an exit has already been scheduled we should not schedule it again.\nOtherwise, the exit signal is never emitted if the peer reschedules the\nexit before the timeout occurs.\n\nschedule_exit() now only takes the context as argument. The signal is\nhard coded to SIGTERM, and the interval is read directly from the\ncontext options.\n\nFurthermore, schedule_exit() now returns a bool signifying whether an\nexit was scheduled; false if exit is already scheduled. The call sites\nare updated accordingly. A notable difference is that management is only\nnotified *once* when an exit is scheduled - we no longer notify\nmanagement on redundant exit.\n\nThis patch was assigned a CVE number after already reviewed and ACKed,\nbecause it was discovered that a misbehaving client can use the (now\nfixed) server behaviour to avoid being disconnected by means of a\nmanagment interface \"client-kill\" command - the security issue here is\n\"client can circumvent security policy set by management interface\".\n\nThis only affects previously authenticated clients, and only management\nclient-kill, so normal renegotion / AUTH_FAIL (\"your session ends\") is not\naffected.\n\nCVE: 2024-28882\n\nChange-Id: I9457f005f4ba970502e6b667d9dc4299a588d661\nSigned-off-by: Reynir Björnsson \u003creynir@reynir.dk\u003e\nAcked-by: Arne Schwabe \u003carne-openvpn@rfc2549.org\u003e\nMessage-Id: \u003c20240516120434.23499-1-gert@greenie.muc.de\u003e\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28679.html\nSigned-off-by: Gert Doering \u003cgert@greenie.muc.de\u003e\n"},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}