From patchwork Wed Feb 12 13:54:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "d12fk (Code Review)" X-Patchwork-Id: 4131 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:948d:b0:5e7:b9eb:58e8 with SMTP id g13csp957717mal; Wed, 12 Feb 2025 05:54:54 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWE25GYysNxUJRE9GEal0fGjXJHQzKaCTWMMVQkxe5YCcF3qAWhu1xpN21No0j7M4Uju9nxLM79xNQ=@openvpn.net X-Google-Smtp-Source: AGHT+IGRRjdEPl7J4ryJBP/pUQXW9Oy2XOLW5tnmiTnhYiIJHqtczd48H2DurwXQ490JFh00Qtzi X-Received: by 2002:a05:6602:13d5:b0:83a:b74c:800e with SMTP id ca18e2360f4ac-85557a475b0mr225055939f.12.1739368494213; Wed, 12 Feb 2025 05:54:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1739368494; cv=none; d=google.com; s=arc-20240605; b=c7T8ir7vd9BUpmkzBp5WEDtIvViqcBJOtG6MVvf9Cp7RW4ovAQ8Xp0KpLfzJx21Qs+ ze4A1UzT6BBILVNyts/5e4Ej9Y8YIikPBDJp7TxI092SMwPS35N9WsW2VxE32WLR9P9Y ITDKQ4sSr4B7B8WjmTIK4uAJ4KrPFl0EimFNjisW0TnifdEq4vfacUSoJtyGllFEZ+4q vU9A/rxme8eRLJXLdg5nARX3iuR/4OcPubq0fW2ty9K2t9xuiWuFqLdpSBsO694Nyoag 8A0wLDBjPcd7QBapmyLTR6cWsanYVpkr09aquJjCm8f6w6n1sXmso0RKpLYtAxVNEhPE fBvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=MHgpK1TQ7v0wy8mLLNlZj4AQYGBqryjgQqVHo0KEa08=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=QE8qCy0/bp7uWLUzhi/YdcMZaUykT8aye7EDX4/RRMD+muz5js7+nAx3ImVPsNG50H NdUOShn+X/+JlatF6lYd2vBqU7vwDUFXn2TqMaOy+l6yMEh3qOVF8i9RZMCjyU/frwvg yymha6ZD+GkwHIWZOWkLZHD+W+wK9bkVvzMqFdbzBX+ZexFw3yJ419Pi8ti1JSQfuZiR uBvCV+ezd4Pq6HwdbB4qEIEF1cmGIlQMBTJiN6wTID+lRHRZ8lIJJmxN0/+42pa+tdJ0 OClH7NzuZsEXm3BS+f7Ggxv7XzzkmU12iZZGOHpRdWrd5fdipJo/003JZssgCZN0EO2j rmJA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ReR00NGF; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hcFWiWEt; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=EMP8Oan0; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id ca18e2360f4ac-85519a90184si575747839f.16.2025.02.12.05.54.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Feb 2025 05:54:54 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ReR00NGF; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hcFWiWEt; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=EMP8Oan0; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tiDCT-0001jk-NX; Wed, 12 Feb 2025 13:54:50 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tiDCQ-0001jQ-Iy for openvpn-devel@lists.sourceforge.net; Wed, 12 Feb 2025 13:54:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=iO43vwZljoRAr8lTvszY+gEFMca0UKCTa4YVlCOu1KM=; b=ReR00NGFryQLMejhKpTq+VOWSU k0wlnj7WYuyioIbSFUj5H9NeppgUM1Q3h1i0N+gmA4bTNy3dNcG3l3jJ6zp01CQYqSv2ENEHbP6Fu 1toWM1Mu2zNZsYZqVD+CkiB0y6sfZ9R+7NG8Nlukb6thaFIdMeWgo0SuiRcBH6xbMg58=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=iO43vwZljoRAr8lTvszY+gEFMca0UKCTa4YVlCOu1KM=; b=h cFWiWEtmAfHoNUdpKJfFHULIdNmjEBgiavPeLizA3c4uWVlg6DMAoaQQ2FEwV1IWUgkx5/1Rig3wx 6wa+mLzmjgi9iILQYcq4hZsfOxEeuw1UbkDzdS0SMQ5NndXT9KyGxqL32RJf3NqyLR4zJBdGlIyB7 lKtM3h4XbBawWuLM=; Received: from mail-wm1-f46.google.com ([209.85.128.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tiDCP-0002sd-5Z for openvpn-devel@lists.sourceforge.net; Wed, 12 Feb 2025 13:54:47 +0000 Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4395817a7f2so6496035e9.1 for ; Wed, 12 Feb 2025 05:54:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1739368479; x=1739973279; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=iO43vwZljoRAr8lTvszY+gEFMca0UKCTa4YVlCOu1KM=; b=EMP8Oan0kCooyuLmsZ8ileQwq0A1Z1VqhB+TtHmYoeWt895V6i+y4n7ER3mPDf5YMp /hfIKqr+gyMlhiUd0CZTD8I/nBbujho00Wbv78/CJpDhkv0OazdHPx/E5B6rLVaKMGPJ QaSYmRviEpAUQU12GAW/2n/Jt/UhCmmkvYoLdO5AoqsxhT17/ZR2wv0oYKO2o9xC29gT jb/S5+V53pAcUmnCS4Ehu/90zbSzeR1+r+FDwY77/loqlgU5uNwjJj9DNthpljCJTFfc hN5QmgaPTeKqNzv+ZMlxPa7TzY3HyDbkyDfnVZr+GfbGLt/xBb65kPEGCnHZz3BvgSSF XIag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739368479; x=1739973279; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iO43vwZljoRAr8lTvszY+gEFMca0UKCTa4YVlCOu1KM=; b=v8NlqYCWUCKIgLO4l2KA7owtoS9wQROE5bkMc+VQVyvYutT3xFfBQ+AHYaaEGgowuM YdFWe9xqXB/ffY/g4h9zuzB/B6zS09mWtvP1Q9lr11DZZlgnR0lA04tjuBIrlM/Yiosd qws5OjqUdtQV1micvEpQQI1+EUwzu9WX27KsP4JSzHDRVu44BkDxb2YXIQXFPvuYdBmF vsv6xy5lFh8oI6EPAwJenOouHNfLtjryFMuZDfyNe5t4DZTo17k7m+RD+5WcMLpyeQ9i GWu/jLADIrVYucwM5ACXvIE86XZMsTu56WhXP0TyFg1aPlL3Dmg4isbdQ8POPqTs9v0i 5dVQ== X-Gm-Message-State: AOJu0Ywo57uImHh/FrdjkC7rB6zLnQyiVvlURy+1al3djs8fuwn4IaUT XePegdG9ulVeDrwrQ4liQnID3ZdYLMVJ+kkk73b8JUlyxRKWxVkN7F+B74bLrbc= X-Gm-Gg: ASbGncsOd2FvrgMvQ6TxNPBXUWiniRu4YdUi4rtiqoc8roiN5/G+h39DANFYGiMcsQi nZG8eDXpjwj95AYMbKvjclJ43MSZM3mh+jZtt6uWADsftY11QMATsPeu0n3UsvmURxllB38EsmT GBneKoEPkfoxODaxyZKjO3/wvNEEt1NUsO56++esrX+fB8SsQr/YG5rWd5FTrAeUbxiHv/bABI5 3XzKvx1kF50LgdTHvlF4ZCot9g3BkkxENw97fO0TAa3BLUwJa2lMYmXNi40dQLRYPEKRfp2QFnr y2BdULhXg5Yy9T18RN9JBJ7nsSgjDG+9M61+Oo3gLOhmOoalGc2O1M2EzqU52LLrcJdY9kN8LmV w43XsFsg= X-Received: by 2002:a05:600c:4791:b0:439:5a37:815f with SMTP id 5b1f17b1804b1-4395a37826emr29236135e9.30.1739368477253; Wed, 12 Feb 2025 05:54:37 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4395a053fb3sm20900345e9.16.2025.02.12.05.54.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Feb 2025 05:54:36 -0800 (PST) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Wed, 12 Feb 2025 13:54:36 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I29b68675143988c3304395d9d5ec62289cf519a7 X-Gerrit-Change-Number: 893 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 01ab5c2b8c5afa2ae08a1e983db6115be7886971 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.46 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.46 listed in bl.score.senderscore.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.46 listed in sa-accredit.habeas.com] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.46 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tiDCP-0002sd-5Z Subject: [Openvpn-devel] [M] Change in openvpn[release/2.6]: GHA: Drop Ubuntu 20.04 and other maintenance (2.6) X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1823860058478157914?= X-GMAIL-MSGID: =?utf-8?q?1823860058478157914?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/893?usp=email to review the following change. Change subject: GHA: Drop Ubuntu 20.04 and other maintenance (2.6) ...................................................................... GHA: Drop Ubuntu 20.04 and other maintenance (2.6) - Drop Ubuntu 20.04 GHA runners will go away in April 2025 - Change ubuntu-latest to ubuntu-24.04 to make sure we are not surprised by future changes. - Update vcpkg digest to latest 33e9c99 - Update github actions to latest Backport changes: Sync 2.6 GHA with master GHA by - pinning action references - adding Ubuntu 24.04 builds - updating libressl - updating ASAN builds to include "undefined" checker Change-Id: I29b68675143988c3304395d9d5ec62289cf519a7 Signed-off-by: Frank Lichtenheld (cherry picked from commit c26b2e2c5581ad4e14b737df9178a03d6403a5f7) --- M .github/workflows/build.yaml M .github/workflows/coverity-scan.yml 2 files changed, 45 insertions(+), 63 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/93/893/1 diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d930197..5b1c797 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,7 +13,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y uncrustify - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: openvpn - name: Show uncrustify version @@ -27,7 +27,7 @@ - name: Show changes on standard output run: git diff working-directory: openvpn - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: uncrustify-changes.patch path: 'openvpn/uncrustify-changes.patch' @@ -42,29 +42,29 @@ arch: [x86, x64] name: "gcc-mingw - ${{ matrix.arch }} - OSSL" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: VCPKG_ROOT: ${{ github.workspace }}/vcpkg steps: - name: Install dependencies run: sudo apt update && sudo apt install -y mingw-w64 unzip cmake ninja-build build-essential wget python3-docutils man2html-base - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Restore from cache and install vcpkg - uses: lukka/run-vcpkg@v11 + uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: - vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e + vcpkgGitCommitId: 33e9c99208736b713cabe4490e15235f62f893d4 vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest - uses: lukka/run-cmake@v10 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 with: configurePreset: mingw-${{ matrix.arch }} buildPreset: mingw-${{ matrix.arch }} buildPresetAdditionalArgs: "['--config Debug']" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: openvpn-mingw-${{ matrix.arch }} path: | @@ -72,7 +72,7 @@ ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll !${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: | @@ -91,7 +91,7 @@ name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" steps: - name: Retrieve mingw unittest - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: unittests @@ -102,56 +102,35 @@ strategy: fail-fast: false matrix: - os: [ubuntu-20.04, ubuntu-22.04] - sslpkg: [libmbedtls-dev] - ssllib: [mbedtls] - libname: [mbed TLS] - include: - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl + - os: ubuntu-22.04 + sslpkg: libmbedtls-dev + ssllib: mbedtls + libname: mbed TLS 2.28.0 - os: ubuntu-22.04 sslpkg: "libssl-dev" libname: OpenSSL 3.0.2 ssllib: openssl - - os: ubuntu-20.04 + pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin" + extraconf: --enable-pkcs11 + - os: ubuntu-24.04 sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 + libname: OpenSSL 3.0.13 ssllib: openssl - extraconf: "--enable-iproute2" - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl - extraconf: "--enable-async-push" - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl - extraconf: "--disable-management" - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl - extraconf: "--enable-small" - - os: ubuntu-20.04 - sslpkg: "libssl-dev" - libname: OpenSSL 1.1.1 - ssllib: openssl - extraconf: "--disable-lzo --disable-lz4" + pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin" + extraconf: --enable-pkcs11 name: "gcc - ${{matrix.os}} - ${{matrix.libname}} ${{matrix.extraconf}}" env: SSLPKG: "${{matrix.sslpkg}}" + PKCS11PKG: "${{matrix.pkcs11pkg}}" runs-on: ${{matrix.os}} steps: - name: Install dependencies - run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} + run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} ${PKCS11PKG} - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: autoconf run: autoreconf -fvi - name: configure @@ -165,7 +144,7 @@ strategy: fail-fast: false matrix: - os: [ubuntu-20.04] + os: [ubuntu-22.04, ubuntu-24.04] ssllib: [mbedtls, openssl] name: "clang-asan - ${{matrix.os}} - ${{matrix.ssllib}}" @@ -178,11 +157,11 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf libmbedtls-dev - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: autoconf run: autoreconf -fvi - name: configure - run: CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}} + run: CFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}} - name: make all run: make -j3 - name: make check @@ -197,8 +176,8 @@ os: [macos-13, macos-14, macos-15] include: - build: asan - cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address + cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all # Our build system ignores LDFLAGS for plugins configureflags: --disable-plugin-auth-pam --disable-plugin-down-root - build: normal @@ -216,7 +195,7 @@ - name: Install dependencies run: brew install ${{matrix.ssllib}} lzo lz4 man2html cmocka libtool automake autoconf - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set environment run: | cat >>$GITHUB_ENV <