From: Jeremie Courreges-Anglas <jca@wxcvbn.org>
Subject: Re: [pretest] openvpn-2.7_rc1
To: Klemens Nanni <kn@openbsd.org>
Cc: ports@openbsd.org
Date: Sat, 6 Dec 2025 16:56:18 +0100

On Sat, Dec 06, 2025 at 01:09:54PM +0000, Klemens Nanni wrote:
> 01.11.2025 14:21, Jeremie Courreges-Anglas пишет:
> > On Sat, Nov 01, 2025 at 11:50:36AM +0100, Jeremie Courreges-Anglas wrote:
> >>
> >> If you depend on OpenVPN, better test this rc now. :)
> > 
> > Requested by Landry:
> > https://github.com/OpenVPN/openvpn/blob/v2.7_rc1/Changes.rst#new-features
> > 
> > The automatic resolv.conf handling appears to work but doesn't know
> > about resolvd.  I might tweak this at some point.
> > 
> > The multiple sockets support should allow us to listen both on 0.0.0.0
> > and :: using a single config and server instance.
> > 
> > https://github.com/OpenVPN/openvpn/blob/v2.7_rc1/Changes.rst#user-visible-changes
> 
> Thanks for the hint, dual-socket works for me, simplifying my setup from
> two rc.d instances, openvpn config-sharing glue and partially duplicated
> pf.conf rules into one daemon with one file on one interface.
> 
> > 
> > Better check your server config!
> > 
> 
> Here's an rc3 diff

Heh, thanks.  FWIW I intend to make --disable-dns-updown-by-default
the default.

> plus a fix for crashes on bogus server-ipv6 arguments
> that I've already sent upstream.

Ugh, the freeaddrinfo(NULL) quirk bites again.  I didn't check, but I
strongly suspect we're the only odd ones out there and other
implementations just ignore a NULL parameter, just like free(3).

> diff --git net/openvpn/patches/patch-src_openvpn_socket_c net/openvpn/patches/patch-src_openvpn_socket_c
> new file mode 100644
> index 00000000000..a679edf59bf
> --- /dev/null
> +++ net/openvpn/patches/patch-src_openvpn_socket_c
> @@ -0,0 +1,17 @@
> +pending https://github.com/OpenVPN/openvpn/pull/930
> +
> +Index: src/openvpn/socket.c
> +--- src/openvpn/socket.c.orig
> ++++ src/openvpn/socket.c
> +@@ -189,7 +189,10 @@ get_addr_generic(sa_family_t af, unsigned int flags, c
> +         *sep = '/';
> +     }
> + out:
> +-    freeaddrinfo(ai);
> ++    if (ai)
> ++    {
> ++        freeaddrinfo(ai);
> ++    }
> +     free(var_host);
> + 
> +     return ret;

-- 
jca