OpenVPN Change Log
Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
+2022.10.27 -- Version 2.5.8
+
+Antonio Quartulli (1):
+ tls-crypt-v2: bail out if the client key is too small
+
+Arne Schwabe (4):
+ Remove useless empty line from CR_RESPONSE message
+ Allow running a default configuration with TLS libraries without BF-CBC
+ Change command help to match man page and implementation
+ Fix OpenVPN querying user/password if auth-token with user expires
+
+Frank Lichtenheld (2):
+ t_client: Allow to force FAIL on prerequisite fails
+ t_client.sh: do not require fping6
+
+Gert Doering (1):
+ Preparing release 2.5.8
+
+Lev Stipakov (1):
+ msvc: add branch name and commit hash to version output
+
+Martin Janů (1):
+ Update the replay-window backtrack log message
+
+Selva Nair (5):
+ Do not skip ERROR:/SUCCESS: response from management interface
+ Fix auth-token usage with management-def-auth
+ Allow a few levels of recursion in virtual_output_callback()
+ Ensure --auth-nocache is handled during renegotiation
+ Purge auth-token as well while purging passwords
+ Do not copy auth_token username to itself
+
+
2022.05.24 -- Version 2.5.7
Antonio Quartulli (4):
+Overview of changes in 2.5.8
+============================
+
+New features
+------------
+- allow running a default configuration with TLS libraries without BF-CBC
+ (even if TLS cipher negotiation would not actually use BF-CBC, the
+ long-term compatibility "default cipher BF-CBC" would trigger an error
+ on such TLS libraries)
+
+User-visible Changes
+--------------------
+- add git branch name + commit ID to OpenVPN version string on
+ MSVC builds (windows)
+
+Testing Enhancements
+--------------------
+- t_client.sh: if fping is found and fping6 is not, assume we have
+ fping 4.0 and up, and call "fping -6" for IPv6 ping tests
+
+- t_client.sh: allow to force FAIL on prerequisite fails, so a CI
+ environment will no longer "silently skip" t_client runs if fping (etc)
+ can not be found, but will error out
+
+Bugfixes
+--------
+- ``--auth-nocache'' was not always correctly clearing username+password
+ after a renegotiation
+
+- ensure that auth-token received from server is cleared if requested
+ by the management interface ("forget password" or automatically
+ via ``--management-forget-disconnect'')
+
+- in a setup without username+password, but with auth-token and
+ auth-token-username pushed by the server, OpenVPN would start asking
+ for username+password on token expiry. Fix.
+
+- using ``--auth-token`` together with ``--management-client-auth``
+ (on the server) would lead to TLS keys getting out of sync and client
+ being disconnected. Fix.
+
+- management interface would sometimes get stuck if client and server
+ try to write something simultaneously. Fix by allowing a limited
+ level of recursion in virtual_output_callback()
+
+- fix management interface not returning ERROR:/SUCCESS: response
+ on "signal SIGxxx" commands when in HOLD state
+
+- tls-crypt-v2: abort connection if client-key is too short
+
+- make man page agree with actual code on replay-window backtrag log message
+
+- remove useless empty line from CR_RESPONSE message
+
+
Overview of changes in 2.5.7
============================
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [5])
-define([PRODUCT_VERSION_PATCH], [.7])
+define([PRODUCT_VERSION_PATCH], [.8])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,5,7,0])
+define([PRODUCT_VERSION_RESOURCE], [2,5,8,0])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
projects / thirdparty / openvpn.git / commitdiff
