OpenVPN ChangeLog
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
+2023.01.12 -- Version 2.6_rc2
+
+Antonio Quartulli (4):
+ dco: properly re-initialize dco_del_peer_reason
+ dco: bail out when no peer-specific message is delivered
+ dco: improve comment about hidden debug message
+ dco: print proper message in case of transport disconnection
+
+Arne Schwabe (3):
+ Add connect-freq-initial option to limit initial connection responses
+ Log peer-id if loglevel is D_DCO_DEBUG and dco is enabled
+ Deprecate OCC checking
+
+Frank Lichtenheld (7):
+ options.c: fix format security error when compiling without optimization
+ options.c: update usage description of --cipher
+ Update copyright year to 2023
+ xkey_pkcs11h_sign: fix dangling pointer
+ options: Always define options->management_flags
+ check_engine_keys: make pass with OpenSSL 3
+ documentation: update 'unsupported options' section
+
+Gert Doering (3):
+ Undo FreeBSD 12.x workaround on IPv6 ifconfig for 12.4 and up
+ Reduce logspam about 'dco_update_keys: peer_id=-1' in p2p server mode
+ preparing release 2.6_rc2
+
+Lev Stipakov (1):
+ tun: move print_windows_driver() out of tun.h
+
+Selva Nair (11):
+ Properly unmap ring buffer file-map in interactive service
+ Use undo_lists for saving ring-buffer handles in interactive service
+ Cleanup: Close duplicated handles in interactive service
+ Preparing for better signal handling: some code refactoring
+ Refactor signal handling in openvpn_getaddrinfo
+ Use IPAPI for setting ipv6 routes when iservice not available
+ Fix signal handling on Windows
+ Assign and honour signal priority order
+ Distinguish route addition errors from route already exists
+ Propagate route error to initialization_completed()
+ Include CE_DISABLED status of remote in "remote-entry-get" response
+
+
2022.12.29 -- Version 2.6_rc1
Arne Schwabe (17):
+Overview of changes in 2.6_rc2
+==============================
+New features
+------------
+- ``remote-entry-get`` management command will now show enabled/disabled
+ status for each connection entry
+
+- report ``CONNECTED,ROUTE_ERROR`` to management GUI if connection to
+ server succeeds but not all routes can be installed (Windows and
+ Linux/Netlink only, so far)
+
+- add rate limiter for incoming "initial handshake packets", enabled by
+ default with a limit of 100 packets per 10 seconds. New option
+ ``--connect-freq-initial`` to configure values. This change makes
+ OpenVPN servers uninteresting as an UDP reflection DDoS engine.
+
+User-Visible Changes
+--------------------
+- OCC (options compatibility check) log messages are considered obsolete
+ and are only shown on loglevel 7 or higher now
+
+- copyright line has been updated in all files to "xxx-2023"
+
+- include peer-id=nn in multi prefix for DCO servers if loglevel is 7+
+ (helps with DCO debugging)
+
+Bugfixes / minor improvements
+-----------------------------
+- improve documentation on no-longer-supported options
+
+- reduce amount of log messages about "dco_update_keys: peer_id=-1"
+
+- undo FreeBSD "ipv6 ifconfig" workaround for FreeBSD 12.4 and up (Trac 1226)
+
+- fix signal handling issues where a SIGUSR1 "restart" signal could overwrite
+ a SIGTERM/SIGINT "please end!" signal already queued, making OpenVPN hard
+ to stop (Trac 311, Trac 639, GH issue #205)
+
+- fix signal handling issues on windows, where OpenVPN could not be
+ interrupted by ctrl-c when sleep()ing between connection attempts
+
+- use IPAPI for IPv6 route installation on Windows, if OpenVPN runs without
+ service pipe ("run as admin from cmd.exe")
+
+- fix spurious DCO log messages about "peer-id unknown to OpenVPN: -1"
+
+- on Windows, repair wintun buffer cleanup on program end
+
+
Overview of changes in 2.6_rc1
==============================
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [6])
-define([PRODUCT_VERSION_PATCH], [_rc1])
+define([PRODUCT_VERSION_PATCH], [_rc2])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,6,0,3])
+define([PRODUCT_VERSION_RESOURCE], [2,6,0,4])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])