Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NCL-1834 : Address CVEs which affect - OpenVPN: 2.0 - 2.6.9 #2

Merged
merged 239 commits into from
Jun 12, 2024
Merged

NCL-1834 : Address CVEs which affect - OpenVPN: 2.0 - 2.6.9 #2

Show file tree
Hide file tree
Changes from 238 commits
Commits
Show all changes
239 commits
Select commit Hold shift + click to select a range
680ba43
make dist: Ship ovpn_dco_freebsd.h, too
mandree Jan 27, 2023
6241b2f
Fix unaligned access in auth-token
schwabe Jan 30, 2023
3973845
Update LibreSSL to 3.7.0 in Github actions
schwabe Jan 30, 2023
0deb1af
Add printing USAN stack trace on github actions
schwabe Jan 30, 2023
c8e9424
Changes.rst: document removal of --keysize
flichtenheld Feb 1, 2023
a85257e
block-dns using iservice: fix a potential double free
selvanair Feb 1, 2023
b9d3505
Windows: fix unused function setenv_foreign_option
flichtenheld Feb 3, 2023
ab46bdd
Windows: fix unused variables in delete_route_ipv6
flichtenheld Feb 3, 2023
37e23c9
Windows: fix wrong printf format in x_check_status
flichtenheld Feb 7, 2023
4718af5
Windows: fix unused variable in win32_get_arch
flichtenheld Feb 3, 2023
dabfebc
Fix LibreSSL not building in Github Actions
schwabe Feb 9, 2023
442fde7
Allow certain DHCP options to be used without DHCP server
lstipakov Feb 7, 2023
7f72abc
Conditionally add subdir-objects option to automake
selvanair Feb 4, 2023
eca101a
Get rid of unused 'bool tuntap_buffer' arguments.
cron2 Feb 1, 2023
1b06696
Add missing stdint.h includes in unit tests files
schwabe Feb 8, 2023
a6d7e88
Build unit tests in mingw Windows build
selvanair Feb 8, 2023
3c02417
dco-win: use proper calling convention on x86
lstipakov Jan 31, 2023
e1fac38
Combine extra_tun/frame parameter of frame_calculate_payload_overhead
schwabe Feb 10, 2023
8cbe09d
Update the last sections in the man page to a be a bit less outdated
schwabe Feb 10, 2023
8e3331a
Improve format specifier for socket handle in Windows
lstipakov Feb 10, 2023
adf00eb
Add building unit tests with mingw to github actions
schwabe Feb 9, 2023
cfbfb80
Revise the cipher negotiation info about OpenVPN3 in the man page
schwabe Feb 10, 2023
0ccfce2
cyryptapi.c: log the selected certificate's name
selvanair Jan 28, 2023
f3dd050
cryptoapi.c: remove pre OpenSSL-3.01 support
selvanair Feb 1, 2023
5a70f50
cryptoapi.c: simplify parsing of thumbprint hex string
selvanair Feb 4, 2023
a8ff15c
Option --cryptoapicert: support issuer name as a selector
selvanair Jan 28, 2023
d0c1abb
Exit if a proper message instead of segfault on Android without manag…
schwabe Feb 20, 2023
42cda5a
Disable DCO if proxy is set via management
lstipakov Feb 20, 2023
f63c9b1
configure: enable DCO by default on FreeBSD/Linux
flichtenheld Feb 15, 2023
dff1e78
Add logging for windows driver selection process
lstipakov Feb 16, 2023
094aea5
Add a unit test for functions in cryptoapi.c
selvanair Feb 14, 2023
e9ae7ce
Windows: fix signedness errors with recv/send
flichtenheld Feb 3, 2023
91da6b9
configure: fix formatting of --disable-lz4 and --enable-comp-stub
flichtenheld Feb 6, 2023
c26609b
Avoid management log loop with verb >= 6
lstipakov Feb 17, 2023
27dac50
Use proper print format/casting when converting msg_channel handle
schwabe Feb 14, 2023
b9a9de1
options.c: enforce a minimal fragment size
kprovost Mar 1, 2023
86fb085
configure: improve FreeBSD DCO check
kprovost Mar 1, 2023
7fdf3e7
dco: define OVPN_DEL_PEER_REASON_TRANSPORT_DISCONNECT on FreeBSD
kprovost Mar 3, 2023
7538557
Reduce initialisation spam from verb <= 3 and print summary instead
schwabe Feb 14, 2023
85ad9d2
Do not save pointer to 'struct passwd' returned by getpwnam etc.
selvanair Mar 6, 2023
202a934
Dynamic tls-crypt for secure soft_reset/session renegotiation
schwabe Mar 7, 2023
b48298a
FreeBSD 12.x workaround for IPv6 ifconfig is needed on 12.4 as well
cron2 Mar 6, 2023
2641782
Avoid warning about missing braces when initialising key struct
ordex Mar 8, 2023
2c2a98a
preparing release 2.6.1
cron2 Mar 8, 2023
35104bd
Set netlink socket to be non-blocking
schwabe Mar 8, 2023
ae60688
Ensure n = 2 is set in key2 struct in tls_crypt_v2_unwrap_client_key
schwabe Mar 9, 2023
5eb94ce
tests/unit_tests: Fix 'make distcheck' with subdir-objects enabled
flichtenheld Mar 8, 2023
321b04f
dco: don't use NetLink to exchange control packets
ordex Mar 9, 2023
9bd6fff
dco: print version to log if available
ordex Mar 9, 2023
5617f0f
dco: print FreeBSD version
kprovost Mar 9, 2023
be7a564
Fix memory leaks in open_tun_dco()
schwabe Mar 14, 2023
1e954ce
Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded form
selvanair Mar 14, 2023
0942e15
Fix memory leaks in HMAC initial packet generation
schwabe Mar 15, 2023
e601186
Import some sample certificates into Windows store for testing
selvanair Mar 15, 2023
a08d0c7
Add tests for finding certificates in Windows cert store
selvanair Mar 15, 2023
5c2154c
Refactor SSL_CTX_use_CryptoAPI_certificate()
selvanair Mar 15, 2023
f970ad9
Add a test for signing with certificates in Windows store
selvanair Mar 15, 2023
fd71bce
Support --inactive option for DCO
lstipakov Mar 15, 2023
a05ec70
using OpenSSL3 API for EVP PKEY type name reporting
baentsch Mar 19, 2023
31279f7
Use key_state instead of multi for tls_send_payload parameter
schwabe Mar 1, 2023
da083c3
Make sending plain text control message session aware
schwabe Mar 1, 2023
75cc2fa
Only update frame calculation if we have a valid link sockets
schwabe Mar 1, 2023
9730837
Unit tests: add test for SSL_CTX_use_Cryptoapi_certificate()
selvanair Mar 18, 2023
c20a158
Improve error message on short read from socks proxy
selvanair Mar 18, 2023
047f772
dco-linux: remove M_ERRNO flag when printing netlink error message
ordex Mar 20, 2023
92827ad
Improve description of compat-mode
schwabe Mar 20, 2023
8f50370
multi: don't call DCO APIs if DCO is disabled
ordex Mar 21, 2023
3b967e7
dns option: allow up to eight addresses per server
d12fk Mar 10, 2023
a3c9458
Fix '--inactive <time> 0' behavior for DCO
lstipakov Mar 22, 2023
5babbc7
Make error in setting metric for IPv6 interface non-fatal
selvanair Mar 22, 2023
5acefd9
dco-freebsd: use m->instances[] instead of m->hash
ordex Mar 23, 2023
d598871
Print DCO client stats on SIGUSR2
lstipakov Mar 22, 2023
1fd69b9
dco-linux: implement dco_get_peer_stats{, multi} API
ordex Mar 22, 2023
5fed4be
Simplify --compress parsing in options.c
schwabe Mar 23, 2023
e950ca1
Refuse connection if server pushes an option contradicting allow-comp…
schwabe Mar 23, 2023
2ac91ea
Add 'allow-compression stub-only' internally for DCO
schwabe Mar 24, 2023
5a189d5
Parse compression options and bail out when compression is disabled
schwabe Mar 24, 2023
cfc5228
Don't overwrite socket flags when using DCO on Windows
lstipakov Mar 24, 2023
3577442
preparing release 2.6.2
cron2 Mar 23, 2023
d01b9d7
Bug-fix: segfault in dco_get_peer_stats()
selvanair Mar 27, 2023
e5c436c
GHA: remove Ubuntu 18.04 builds
flichtenheld Mar 28, 2023
253a87d
vcpkg: request "tools" feature of openssl for MSVC build
flichtenheld Mar 30, 2023
77a7435
Support of DNS domain for DHCP-less drivers
lstipakov Apr 6, 2023
2002a5c
doc: run rst2* with --strict to catch warnings
flichtenheld Mar 31, 2023
94aad8c
preparing release 2.6.3
cron2 Apr 13, 2023
6f72df3
Remove unused variable line
schwabe Apr 30, 2023
f314713
Add Apache2 linking with for new commits
schwabe Apr 26, 2023
d8cb1b5
Format Windows error message in Unicode
selvanair Apr 18, 2023
c468af2
DCO: support key rotation notifications
kprovost Apr 14, 2023
3779cef
man page: Remove cruft from --topology documentation
flichtenheld May 3, 2023
477e7f5
tests: do not include t_client.sh in dist
flichtenheld Apr 18, 2023
d76fc33
fix typo in help text: --ignore-unknown-option
mchlnix Apr 17, 2023
a32f914
Fix compile error on TARGET_ANDROID
schwabe Apr 17, 2023
7e4becb
Bugfix: dangling pointer passed to pkcs11-helper
selvanair May 9, 2023
b4f749f
preparing release 2.6.4
cron2 May 11, 2023
26ea58f
dco_linux: properly close dco version file
flichtenheld May 12, 2023
5e8a571
DCO: fix memory leak in dco_get_peer_stats_multi for Linux
flichtenheld May 15, 2023
eb9fffe
Fix two unused assignments
flichtenheld May 15, 2023
13b8e15
sample-plugins: Fix memleak in client-connect example plugin
flichtenheld May 16, 2023
232a0fa
Correctly handle Unicode names for exit event
selvanair May 16, 2023
73ce6ac
src/openvpn/dco_freebsd.c: handle malloc failure
chipitsine May 18, 2023
ea9382d
dco-win: support for --dev-node
lstipakov May 18, 2023
9e112be
Interactive service: do not force a target desktop for openvpn.exe
selvanair May 18, 2023
868286f
tapctl: generate driver-specific adapter names
lstipakov May 19, 2023
763cf2a
options: remove --key-method from usage message
flichtenheld May 25, 2023
cfcc20f
msvc-generate: include version.m4.in in tarball
flichtenheld May 27, 2023
205c66b
Fix use-after-free with EVP_CIPHER_free
schwabe Jun 1, 2023
cbc9e0c
preparing release 2.6.5
cron2 Jun 13, 2023
af60fdc
dist: add more missing files only used in the MSVC build
flichtenheld Jun 19, 2023
bf5c5de
dist: Include all documentation in distribution
flichtenheld Jun 19, 2023
fa43464
dco-linux: fix counter print format
Jun 26, 2023
5eb84eb
unit_tests: Add missing cert_data.h to source list for unit tests
flichtenheld Jun 21, 2023
4f24f71
test_tls_crypt: Improve mock() usage to be more portable
flichtenheld Jun 30, 2023
6cadac3
Avoid unused function warning/error on FreeBSD (and potientially others)
schwabe Jul 1, 2023
5bdeda1
fix warning with gcc 12.2.0 (compiler bug?)
schwabe Nov 27, 2022
cbf295a
work around false positive warning with mingw 12
d12fk Jul 6, 2023
0caf038
Fix CR_RESPONSE mangaement message using wrong key_id
schwabe May 22, 2023
c5d31dd
Remove old Travis CI related files
flichtenheld Jul 7, 2023
66f51e8
Print a more user-friendly error when tls-crypt-v2 client auth fails
schwabe May 22, 2023
aceecae
tun.c: enclose DNS domain in single quotes in WMIC call
lstipakov Jul 10, 2023
1e1e711
fix typo: dhcp-options to dhcp-option in vpn-network-options.rst
gpchelkin Jul 14, 2023
d3fe78a
manage.c: document missing KID parameter
lstipakov Jul 14, 2023
4ed7d7f
Ignore Ipv6 route delete request on Android and set ipv4 verbosity to 7
schwabe Jul 12, 2023
e376a00
Revert commit 423ced962d
schwabe May 24, 2023
b241e81
Implement using --peer-fingerprint without CA certificates
schwabe May 24, 2023
2f0e7dd
configure.ac: fix typ0 in LIBCAPNG_CFALGS
ordex Jul 25, 2023
64a75e7
Set WINS servers via interactice service
lstipakov Jul 27, 2023
4b4f6ff
options: Do not hide variables from parent scope
flichtenheld Jul 28, 2023
dd0a3f3
pkcs11_openssl: Disable unused code
flichtenheld Jul 28, 2023
781fa8f
ntlm: Clarify details on NTLM phase 3 decoding
dsommers Aug 2, 2023
09e2360
route: Fix overriding return value of add_route3
flichtenheld Jul 28, 2023
101499a
show extra info for OpenSSL errors
schwabe Aug 11, 2023
6e68d8c
Make received OCC exit messages more visible in log.
cron2 Aug 14, 2023
c954013
preparing release 2.6.6
cron2 Aug 14, 2023
a22f017
configure: disable engines if OPENSSL_NO_ENGINE is defined
orbea Sep 9, 2023
70ef43f
dco: fix crash when --multihome is used with --proto tcp
ordex Aug 15, 2023
785b501
Warn user if INFO control command is too long
lstipakov Sep 22, 2023
1782daa
GHA: do not trigger builds in openvpn-build anymore
flichtenheld Sep 22, 2023
b033683
dns option: remove support for exclude-domains
d12fk Sep 22, 2023
3660564
GHA: new workflow to submit scan to Coverity Scan service
flichtenheld Sep 11, 2023
9462191
buffer: use memcpy in buf_catrunc
flichtenheld Sep 22, 2023
4abdb12
Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant
selvanair Sep 22, 2023
2ecad24
Mock openvpn_exece on win32 also for test_tls_crypt
schwabe Sep 25, 2023
cce957a
vcpkg-ports/pkcs11-helper: Backport MinGW series from master to relea…
flichtenheld Sep 22, 2023
96ca5a5
CMake: backport CMake buildsystem from master to release/2.6
flichtenheld Sep 26, 2023
f04ce77
Remove all traces of the previous MSVC build system
flichtenheld Sep 26, 2023
ebfa5f3
Log OpenSSL errors on failure to set certificate
selvanair Oct 1, 2023
03861bb
doc: fix argument name in --route-delay documentation
flichtenheld Oct 13, 2023
f41eb75
Add warning for the --show-groups command that some groups are missing
schwabe Oct 9, 2023
1240d97
Print peer temporary key details
schwabe Oct 9, 2023
c54e1b2
dco-win: get driver version
lstipakov Oct 8, 2023
3985da9
Add warning if a p2p NCP client connects to a p2mp server
schwabe Oct 9, 2023
8bbc292
Remove openssl engine method for loading the key
schwabe Oct 6, 2023
e78f88d
dco: warn if DATA_V1 packets are sent to userspace
lstipakov Oct 22, 2023
1cfca65
Remove saving initial frame code
schwabe Oct 19, 2023
cd4d819
Double check that we do not use a freed buffer when freeing a session
schwabe Oct 25, 2023
57a5cd1
Fix using to_link buffer after freed
schwabe Oct 27, 2023
53c9033
preparing release 2.6.7
cron2 Nov 8, 2023
b705517
platform.c: Do not depend Windows build on HAVE_CHDIR
flichtenheld Nov 11, 2023
457f468
doc: Correct typos in multiple documentation files
aquilamacedo Oct 19, 2023
0c174e4
config.h: fix incorrect defines for _wopen()
lstipakov Nov 14, 2023
b90ec6d
Do not check key_state buffers that are in S_UNDEF state
schwabe Nov 15, 2023
0acba3c
Make --dns options apply for tap-windows6 driver
lstipakov Nov 15, 2023
6127858
Warn if pushed options require DHCP
lstipakov Nov 15, 2023
3b0d948
preparing release 2.6.8
cron2 Nov 17, 2023
0a39d1c
protocol_dump: tls-crypt support
reynir Oct 26, 2023
d25b408
Remove unused function prototype crypto_adjust_frame_parameters
schwabe Nov 21, 2023
c1a983e
sample-keys: renew for the next 10 years
flichtenheld Nov 21, 2023
94cd53c
Log SSL alerts more prominently
schwabe Nov 21, 2023
1a6aef3
GHA: clean up libressl builds with newer libressl
flichtenheld Dec 1, 2023
350bdd8
Document tls-exit option mainly as test option
schwabe Dec 1, 2023
3168e1a
Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway
schwabe Dec 1, 2023
5def8d9
Fix check_session_buf_not_used using wrong index
schwabe Nov 28, 2023
aa19a6a
Add missing check for nl_socket_alloc failure
schwabe Nov 21, 2023
64703e7
configure.ac: Remove unused AC_TYPE_SIGNAL macro
flichtenheld Nov 28, 2023
cc81f01
Add check for nice in cmake config
schwabe Nov 28, 2023
19bfb70
Remove compat versionhelpers.h and remove cmake/configure check for it
schwabe Nov 28, 2023
8b9a337
documentation: remove reference to removed option --show-proxy-settings
flichtenheld Dec 4, 2023
77b2e94
vcpkg-ports/pkcs11-helper: bump to version 1.30
astos-marcb Dec 4, 2023
031fe88
Remove --tls-export-cert
dsommers Nov 22, 2023
5552391
Remove superfluous x509_write_pem()
dsommers Nov 22, 2023
e2a9c1b
unit_tests: remove includes for mock_msg.h
flichtenheld Dec 8, 2023
030afe6
tun.c: don't attempt to delete DNS and WINS servers if they're not set
lstipakov Dec 20, 2023
cfaf82d
Extend the error message when TLS 1.0 PRF fails
schwabe Dec 13, 2023
6dffbf6
fix(ssl): init peer_id when init tls_multi
pushan01 Oct 19, 2023
cbcecdb
documentation: improve documentation of --x509-track
flichtenheld Dec 13, 2023
5380fe0
Fix unaligned access in macOS, FreeBSD, Solaris hwaddr
schwabe Dec 31, 2023
77376fc
OpenBSD: repair --show-gateway
cron2 Jan 1, 2024
bfd5b12
get_default_gateway() HWADDR overhaul
cron2 Jan 1, 2024
b29ada3
Check PRF availability on initialisation and add --force-tls-key-mate…
schwabe Jan 4, 2024
d602fc0
Make it more explicit and visible when pkg-config is not found
schwabe Jan 5, 2024
322b11a
Clarify that the tls-crypt-v2-verify has a very limited env set
schwabe Jan 5, 2024
9abf74c
Fix IPv6 route add/delete message log level
syzzer Jan 5, 2024
9fb62e2
fix uncrustify complaints about previous patch
cron2 Jan 6, 2024
d27cb14
Implement the --tls-export-cert feature
schwabe Jan 16, 2024
7a9670d
NTLM: add length check to add_security_buffer
flichtenheld Jan 17, 2024
62d14fc
NTLM: increase size of phase 2 response we can handle
flichtenheld Jan 17, 2024
2942ef5
Add support for mbedtls 3.X.Y
mfil Oct 25, 2023
1aa2995
Update README.mbedtls
mfil Oct 25, 2023
7fa534d
Disable TLS 1.3 support with mbed TLS
mfil Nov 15, 2023
001950d
Enable key export with mbed TLS 3.x.y
mfil Nov 17, 2023
20bc8bd
Remove conditional text for Apache2 linking exception
schwabe Jan 18, 2024
7b1f200
proxy-options.rst: Add proper documentation for --http-proxy-user-pass
flichtenheld Jan 18, 2024
68b00a5
buf_string_match_head_str: Fix Coverity issue 'Unsigned compared agai…
flichtenheld Jan 19, 2024
1141e75
--http-proxy-user-pass: allow to specify in either order with --http-…
flichtenheld Jan 22, 2024
9ec5246
README.cmake.md: Document minimum required CMake version for --preset
flichtenheld Feb 1, 2024
18fb30f
documentation: Update and fix documentation for --push-peer-info
flichtenheld Feb 6, 2024
6bed72d
documentation: Fixes for previous fixes to --push-peer-info
flichtenheld Feb 6, 2024
d8faf56
dco-freebsd: dynamically re-allocate buffer if it's too small
kprovost Jan 24, 2024
6640a10
preparing release 2.6.9
cron2 Feb 11, 2024
2aac80e
Document that auth-user-pass may be inlined
selvanair Feb 20, 2024
6e3fb0f
Fix typo --data-cipher-fallback
flichtenheld Mar 5, 2024
2f20a03
samples: Remove tls-*.conf
flichtenheld Mar 4, 2024
04e6826
openvpn-[client|server].service: Remove syslog.target
C0rn3j Mar 4, 2024
7a810e6
check_compression_settings_valid: Do not test for LZ4 in LZO check
flichtenheld Feb 16, 2024
f6c894b
remove repetitive words in documentation and comments
wellweek Mar 8, 2024
c6a61b8
Update documentation references in systemd unit files
cschug Mar 8, 2024
bbc77d1
t_client.sh: Allow to skip tests
flichtenheld Mar 8, 2024
366ca5b
Remove license warning from README.mbedtls
mfil Mar 14, 2024
ff06f4c
Update Copyright statements to 2024
flichtenheld Mar 15, 2024
05d321e
win32: Enforce loading of plugins from a trusted directory
lstipakov Mar 19, 2024
5afc89a
GHA: general update March 2024
flichtenheld Mar 19, 2024
a95e665
interactive.c: disable remote access to the service pipe
lstipakov Mar 19, 2024
9b2693f
interactive.c: Fix potential stack overflow issue
lstipakov Mar 19, 2024
462fed5
Disable DCO if proxy is set via management
lstipakov Mar 18, 2024
ba0f62f
preparing release 2.6.10
cron2 Mar 19, 2024
acdc016
NCL-1834 : Upgrade to 2.6.1
SeemaKodikanyana Apr 15, 2024
a3655c8
NCL-1834 : Upgrade to 2.6.2
SeemaKodikanyana Apr 15, 2024
ce90b5a
Merge tag 'v2.6.3' of https://github.com/OpenVPN/openvpn into feature…
SeemaKodikanyana Apr 15, 2024
6a3f168
Merge tag 'v2.6.4' of https://github.com/OpenVPN/openvpn into feature…
SeemaKodikanyana Apr 15, 2024
681de0d
NCL-1834 : Upgrade to 2.6.5
SeemaKodikanyana Apr 15, 2024
4b3cd36
Merge tag 'v2.6.6' of https://github.com/OpenVPN/openvpn into feature…
SeemaKodikanyana Apr 15, 2024
bf5cc68
NCL-1834 : Upgrade to 2.6.7
SeemaKodikanyana Apr 15, 2024
bbdd1f5
Merge tag 'v2.6.8' of https://github.com/OpenVPN/openvpn into feature…
SeemaKodikanyana Apr 15, 2024
cdd533b
NCL-1834 : Upgrade to 2.6.9
SeemaKodikanyana Apr 15, 2024
6fdddac
NCL-1834 : Upgrade to 2.6.10
SeemaKodikanyana Apr 15, 2024
6125128
NCL-1834 : Upgrade to 2.6.10
SeemaKodikanyana Apr 15, 2024
b6d5ba2
NCL-1834 : Upgrade to 2.6.10
SeemaKodikanyana Apr 15, 2024
30bb1aa
NCL-1834 : Removed code which discloses git information in openvpn.log
SeemaKodikanyana Apr 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
278 changes: 93 additions & 185 deletions .github/workflows/build.yaml
View file
Open in desktop

Large diffs are not rendered by default.

69 changes: 69 additions & 0 deletions .github/workflows/coverity-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: coverity-scan
on:
schedule:
- cron: '0 20 * * *' # Daily at 20:00 UTC
workflow_dispatch:

jobs:
latest:
runs-on: ubuntu-latest
steps:
- name: Check submission cache
id: check_submit
uses: actions/cache/restore@v4
with:
path: |
cov-int
key: check-submit-${{ github.sha }}

- name: Install dependencies
if: steps.check_submit.outputs.cache-hit != 'true'
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf libssl-dev libpkcs11-helper1-dev softhsm2 gnutls-bin

- name: Checkout OpenVPN
if: steps.check_submit.outputs.cache-hit != 'true'
uses: actions/checkout@v4

- name: Download Coverity Build Tool
if: steps.check_submit.outputs.cache-hit != 'true'
run: |
wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=OpenVPN%2Fopenvpn" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}

- name: autoconf
if: steps.check_submit.outputs.cache-hit != 'true'
run: autoreconf -fvi
- name: configure
if: steps.check_submit.outputs.cache-hit != 'true'
run: ./configure --enable-pkcs11

- name: Build with cov-build
if: steps.check_submit.outputs.cache-hit != 'true'
run: |
PATH=`pwd`/cov-analysis-linux64/bin:$PATH
cov-build --dir cov-int make

- name: Submit the result to Coverity Scan
if: steps.check_submit.outputs.cache-hit != 'true'
run: |
tar czvf openvpn.tgz cov-int
curl --form token=$TOKEN \
--form email=$EMAIL \
--form [email protected] \
--form version="$GITHUB_SHA" \
--form description="master" \
https://scan.coverity.com/builds?project=OpenVPN%2Fopenvpn
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}

- name: Cache submission
if: steps.check_submit.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
with:
path: |
cov-int
key: ${{ steps.check_submit.outputs.cache-primary-key }}
16 changes: 1 addition & 15 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,8 @@
*.idb
*.suo
*.ncb
*.vcproj.*
*.vcxproj.user
*.sln.cache
*.log
Release
Debug
Win32-Output
out
.vs
.deps
.libs
Expand Down Expand Up @@ -44,12 +39,8 @@ m4/ltoptions.m4
m4/ltsugar.m4
m4/ltversion.m4
m4/lt~obsolete.m4
vcpkg_installed

version.sh
msvc-env-local.bat
config-msvc-local.h
config-msvc-version.h
doc/openvpn-examples.5
doc/openvpn-examples.5.html
doc/openvpn.8
Expand All @@ -61,17 +52,12 @@ distro/systemd/*.service
sample/sample-keys/sample-ca/
vendor/cmocka_build
vendor/dist
build/msvc/msvc-generate/version.m4

tests/t_client.sh
tests/t_client-*-20??????-??????/
t_client.rc
t_client_ips.rc
tests/unit_tests/**/*_testdriver
tests/unit_tests/engine-key/client.key
tests/unit_tests/engine-key/log.txt
tests/unit_tests/engine-key/openssl.cnf
tests/unit_tests/engine-key/passwd

src/openvpn/openvpn
include/openvpn-plugin.h
Expand Down
126 changes: 0 additions & 126 deletions .travis.yml
View file
Open in desktop

This file was deleted.

32 changes: 0 additions & 32 deletions .travis/build-check.sh
View file
Open in desktop

This file was deleted.

Loading
Loading