From patchwork Mon Mar 31 15:33:09 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Frank Lichtenheld <frank@lichtenheld.com>
X-Patchwork-Id: 4200
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:6c6:b0:60a:d70a:d3c7 with SMTP id j6csp2292500maw;
        Mon, 31 Mar 2025 08:33:40 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUHfgvtJaQ8AjzkDLzCEWbTy02tInEX8yBfHR6j1eVoTr4xIY+p6LaPPa3yoVG7wQlJSDMp9Wg0R5c=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IGLcnVzcIvi0pvDYnPZWBbJeRtqlI4GUh3L6zur6FsyPRPclPI7Gq/ajU/f77Q/mVL/7T3C
X-Received: by 2002:a05:6602:3999:b0:85b:3c49:8825 with SMTP id
 ca18e2360f4ac-85e9e85fe3bmr1067571039f.4.1743435219867;
        Mon, 31 Mar 2025 08:33:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1743435219; cv=none;
        d=google.com; s=arc-20240605;
        b=EbAQhtQjxwS2G62itc6S0RrWjKO5oIT6yo0UMKUfb5K+SuvfncuKxIwTrsi+CqrP8S
         sasYkOCqHdI+iATYSNQm4yMXZR+6XRo9aufBHHWVNUJRKy2CTJzQtgmbviBbLtoxIRNs
         svP05zHVXFyWvojVi7zQAjVlm1jgzgCO5Ge5giD3D6EZRt4iF0b2d+Lz8f1AtVNz2vw/
         /0zKM4gKl4s4tF9AU0pivC+SqQe8lpNYVaqJTBRo0i6RlbHaAprgiNH6Ztfgc/O52qg6
         BScKRaQJn4ACoO/3YVx/C6Bhw10tSzTRNPpeuWC0W6XjuvxP2iOoa62wVTfXgj/P5Pu4
         Rtaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=Dl7PuW5DfOFYf7vjUArs0pGekcxh2AFO9REJ1+JKqvw=;
        fh=CfxSpwd5kfiMJoL3kcov7PTxVKT7pGe/79idnx9XlBs=;
        b=cw/vEyN8Ipxvc2Pt35DBPOM3jNvY1VASTTDe/c3TNDyMvW5rxhXObUVF6F/snQu+UE
         ej1bp5pZMECqBuDFmIg+O6TUHW3UFb+JJddWlAAouj1aJTfRMVBOIVf/xwwz3vmJ4rr7
         ywQWei2MC/LTNrug3UNCwPTrEdNaoyW4w4KJsNv0z9ORHEDvo3jEod7KkC1MIWPCl1ZW
         CmEKGsNRb3rpI2yD++UU1GKLyhGZpgCDi6UR+fcUwa8KfY1JKFJ5Z1gDo6wjruUrmLEi
         5QI2GZUt4RAT2SEdVSVOIxA7JkjBVeVVP6K+hE8uIlOk6hRst74NppJYFJJqwO5pXONb
         EOhw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=VVgP86QB;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=cYvTzUBW;
       dkim=neutral (body hash did not verify) header.i=@lichtenheld.com
 header.s=MBO0001 header.b=LJOaAZ08;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 ca18e2360f4ac-85e8ff801b5si749276639f.18.2025.03.31.08.33.39
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 31 Mar 2025 08:33:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=VVgP86QB;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=cYvTzUBW;
       dkim=neutral (body hash did not verify) header.i=@lichtenheld.com
 header.s=MBO0001 header.b=LJOaAZ08;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1tzH8o-0000x7-DR;
	Mon, 31 Mar 2025 15:33:35 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <frank@lichtenheld.com>) id 1tzH8l-0000wj-6z
 for openvpn-devel@lists.sourceforge.net;
 Mon, 31 Mar 2025 15:33:33 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=6OpxYADoCwVh3MBQCIqtTaRnTqBtFQJAPDWyZZL6gRw=; b=VVgP86QB11u40D+xo1MFXnHlik
 FLjIKqe+DjKwE/V9/dDMkh6zvfFEfloRn2ryEeo3LpyJIkv8s2jlWyslZ8rQwWa2K/RiMKjxUge/k
 MfJsgCD/m0bAHgpA4xkzfgSuxTroGG+PZ4xn9Ab9vxe3R87SWE1Ox5dARC68E4+r1Lrg=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=6OpxYADoCwVh3MBQCIqtTaRnTqBtFQJAPDWyZZL6gRw=; b=cYvTzUBWAtTOC8KPfMZUJCexs9
 MHIjQuqT4CcAJ8MGPVKnB8c+bA3s7wKK/JPPIp2zeTIinffyGE0tlSVzIcH+KUYpb8zNpKvHbRboz
 +sTnBuf08S9veJx+aSlNIiH1tDBOkb832SVRKM2wSzLTs0KcqjK2TGV5yFsfFfzjbnTk=;
Received: from mout-p-102.mailbox.org ([80.241.56.152])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1tzH8f-0003pF-25 for openvpn-devel@lists.sourceforge.net;
 Mon, 31 Mar 2025 15:33:31 +0000
Received: from smtp1.mailbox.org (smtp1.mailbox.org
 [IPv6:2001:67c:2050:b231:465::1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4ZRFWq2B6nz9vL7;
 Mon, 31 Mar 2025 17:33:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com;
 s=MBO0001; t=1743435191;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=6OpxYADoCwVh3MBQCIqtTaRnTqBtFQJAPDWyZZL6gRw=;
 b=LJOaAZ0832O/N3eJv+/0tO0SWyHfMjyHUpzt4cu8VLW1pWKYEfRKBQsuH19bJVK1U+KsdW
 kMGnPEhl3mEdPblx//4EnGapAF0WtL6eTIYNjjYWri6J1ojBoQZ6AoZHkmoNpTkZ8ZBSJ7
 asQ1Oi+ATYzcERxIgCtiATjK6tPhLazyrmZYR62NRhaCRgwoNDZLAt1/sy+MGiUur48N3I
 JoJPwgsk1ADtg6pLByUtjApojk8ExttPZoY/oGOlj+Poe/9w2l4z16e6moCHj6nqYHWN4u
 d3CRSEafQyDtNtLXXV16A4V1nV1gQ7RjqdaMZg7aOtDlAw/b9wo3wwTPaNNH4A==
From: Frank Lichtenheld <frank@lichtenheld.com>
To: openvpn-devel@lists.sourceforge.net
Date: Mon, 31 Mar 2025 17:33:09 +0200
Message-Id: <20250331153309.77901-1-frank@lichtenheld.com>
In-Reply-To: 
 <gerrit.1743422979000.Ie9bffcc487f53a3a8ae6e59b79e654360d99902c@gerrit.openvpn.net>
References: 
 <gerrit.1743422979000.Ie9bffcc487f53a3a8ae6e59b79e654360d99902c@gerrit.openvpn.net>
MIME-Version: 1.0
X-Rspamd-Queue-Id: 4ZRFWq2B6nz9vL7
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: - Fix Android build with newer vcpkg Need to sync
 CMAKE_SYSTEM_VERSION
 with vcpkg. - Update mbedTLS v3 builds to latest release. Depends on commit
 4897c522948c8cdb82c0325ee08f6907cfc16f57 - Update all [...]
 Content analysis details:   (-0.9 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [80.241.56.152 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [80.241.56.152 listed in sa-accredit.habeas.com]
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [80.241.56.152 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1tzH8f-0003pF-25
Subject: [Openvpn-devel] [PATCH v1] GHA: Dependency and Actions update April
 2025
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Arne Schwabe <arne-openvpn@rfc2549.org>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1828124329162478812?=
X-GMAIL-MSGID: =?utf-8?q?1828124329162478812?=

- Fix Android build with newer vcpkg
  Need to sync CMAKE_SYSTEM_VERSION with vcpkg.
- Update mbedTLS v3 builds to latest release.
  Depends on commit
  4897c522948c8cdb82c0325ee08f6907cfc16f57
- Update all actions to latest releases.

Change-Id: Ie9bffcc487f53a3a8ae6e59b79e654360d99902c
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/926
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index b1af7ec..3fc44f5 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -27,7 +27,7 @@
       - name: Show changes on standard output
         run: git diff
         working-directory: openvpn
-      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: uncrustify-changes.patch
           path: 'openvpn/uncrustify-changes.patch'
@@ -57,11 +57,16 @@
       - name: Install vcpkg
         uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
         with:
-          vcpkgGitCommitId: 33e9c99208736b713cabe4490e15235f62f893d4
+          vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4
       - name: Install dependencies
         run: ${VCPKG_ROOT}/vcpkg install openssl lz4 cmocka
       - name: configure OpenVPN with cmake
-        run: cmake -S . -B openvpn-build -DUNSUPPORTED_BUILDS=yes -DCMAKE_SYSTEM_NAME=Android -DOPENSSL_ROOT_DIR=${VCPKG_INSTALLED_DIR}/${{ matrix.vcpkg_triplet }} -DENABLE_PKCS11=false -DBUILD_TESTING=true -DCMAKE_ANDROID_ARCH_ABI=${{ matrix.abi }} -DENABLE_LZO=false -DUSE_WERROR=no
+        run: |
+          cmake -S . -B openvpn-build -DUNSUPPORTED_BUILDS=yes \
+            -DCMAKE_SYSTEM_NAME=Android -DCMAKE_SYSTEM_VERSION=28 \
+            -DCMAKE_ANDROID_ARCH_ABI=${{ matrix.abi }} \
+            -DOPENSSL_ROOT_DIR=${VCPKG_INSTALLED_DIR}/${{ matrix.vcpkg_triplet }} \
+            -DENABLE_PKCS11=false -DBUILD_TESTING=true -DENABLE_LZO=false -DUSE_WERROR=no
       - name: Build OpenVPN Android binary with cmake
         run: cmake --build openvpn-build
 
@@ -85,7 +90,7 @@
       - name: Restore from cache and install vcpkg
         uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
         with:
-          vcpkgGitCommitId: 33e9c99208736b713cabe4490e15235f62f893d4
+          vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4
           vcpkgJsonGlob: '**/mingw/vcpkg.json'
 
       - name: Run CMake with vcpkg.json manifest
@@ -95,7 +100,7 @@
           buildPreset: mingw-${{ matrix.arch }}
           buildPresetAdditionalArgs: "['--config Debug']"
 
-      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: openvpn-mingw-${{ matrix.arch }}
           path: |
@@ -103,7 +108,7 @@
             ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll
             !${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe
 
-      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: openvpn-mingw-${{ matrix.arch }}-tests
           path: |
@@ -124,7 +129,7 @@
       - name: Checkout OpenVPN
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Retrieve mingw unittest
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           name: openvpn-mingw-${{ matrix.arch }}-tests
           path: unittests
@@ -269,7 +274,7 @@
       runs-on: windows-latest
       steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: lukka/get-cmake@5f6e04f5267c8133f1273bf2103583fc72c46b17 # v3.31.5
+      - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6
 
       - name: Install rst2html
         run: python -m pip install --upgrade pip docutils
@@ -277,7 +282,7 @@
       - name: Restore artifacts, or setup vcpkg (do not install any package)
         uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
         with:
-          vcpkgGitCommitId: 33e9c99208736b713cabe4490e15235f62f893d4
+          vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4
           vcpkgJsonGlob: '**/windows/vcpkg.json'
 
       - name: Run CMake with vcpkg.json manifest (NO TESTS)
@@ -296,7 +301,7 @@
           testPreset: win-${{ matrix.arch }}-release
           testPresetAdditionalArgs: "['--output-on-failure']"
 
-      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: openvpn-msvc-${{ matrix.arch }}
           path: |
@@ -406,7 +411,7 @@
           submodules: true
           # versioning=semver-coerced
           repository: Mbed-TLS/mbedtls
-          ref: v3.6.2
+          ref: v3.6.3
       - name: "mbedtls: make no_test"
         run: make -j3 no_test SHARED=1
         working-directory: mbedtls
diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml
index 3381d8f..222c57e 100644
--- a/.github/workflows/coverity-scan.yml
+++ b/.github/workflows/coverity-scan.yml
@@ -13,7 +13,7 @@
     steps:
       - name: Check submission cache
         id: check_submit
-        uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: |
             cov-int
@@ -65,7 +65,7 @@
 
       - name: Cache submission
         if: steps.check_submit.outputs.cache-hit != 'true'
-        uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: |
             cov-int
diff --git a/.github/workflows/doxygen.yml b/.github/workflows/doxygen.yml
index f1ece70..ffd1b82 100644
--- a/.github/workflows/doxygen.yml
+++ b/.github/workflows/doxygen.yml
@@ -34,7 +34,7 @@
           touch doc/doxygen/html/.nojekyll
       - name: Upload static files as artifact
         id: deployment
-        uses: actions/upload-pages-artifact@v3.0.1
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
           path: doxygen/doc/doxygen/html/
 
@@ -50,4 +50,4 @@
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4.0.5
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5