OpenVPN Change Log
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
+2019.02.18 -- Version 2.4.7
+Adam Ciarcin?ski (1):
+ Fix subnet topology on NetBSD (2.4).
+
+Antonio Quartulli (3):
+ add support for %lu in argv_printf and prevent ASSERT
+ buffer_list: add functions documentation
+ ifconfig-ipv6(-push): allow using hostnames
+
+Arne Schwabe (7):
+ Properly free tuntap struct on android when emulating persist-tun
+ Add OpenSSL compat definition for RSA_meth_set_sign
+ Add support for tls-ciphersuites for TLS 1.3
+ Add better support for showing TLS 1.3 ciphersuites in --show-tls
+ Use right function to set TLS1.3 restrictions in show-tls
+ Add message explaining early TLS client hello failure
+ Fallback to password authentication when auth-token fails
+
+Christian Ehrhardt (1):
+ systemd: extend CapabilityBoundingSet for auth_pam
+
+David Sommerseth (1):
+ plugin: Export base64 encode and decode functions
+
+Gert Doering (3):
+ Add %d, %u and %lu tests to test_argv unit tests.
+ Fix combination of --dev tap and --topology subnet across multiple platforms.
+ Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
+
+Gert van Dijk (1):
+ Minor reliability layer documentation fixes
+
+James Bekkema (1):
+ Resolves small IV_GUI_VER typo in the documentation.
+
+Jonathan K. Bullard (1):
+ Clarify and expand management interface documentation
+
+Lev Stipakov (5):
+ Refactor NCP-negotiable options handling
+ init.c: refine functions names and description
+ interactive.c: fix usage of potentially uninitialized variable
+ options.c: fix broken unary minus usage
+ Remove extra token after #endif
+
+Richard van den Berg via Openvpn-devel (1):
+ Fix error message when using RHEL init script
+
+Samy Mahmoudi (1):
+ man: correct a --redirection-gateway option flag
+
+Selva Nair (7):
+ Replace M_DEBUG with D_LOW as the former is too verbose
+ Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
+ Bump version of openvpn plugin argument structs to 5
+ Move get system directory to a separate function
+ Enable dhcp on tap adapter using interactive service
+ Pass the hash without the DigestInfo header to NCryptSignHash()
+ White-list pull-filter and script-security in interactive service
+
+Simon Rozman (2):
+ Add Interactive Service developer documentation
+ Detect TAP interfaces with root-enumerated hardware ID
+
+Steffan Karger (7):
+ man: add security considerations to --compress section
+ mbedtls: print warning if random personalisation fails
+ Fix memory leak after sighup
+ travis: add OpenSSL 1.1 Windows build
+ Fix --disable-crypto build
+ Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
+ buffer_list_aggregate_separator(): simplify code
+
+
2018.04.19 -- Version 2.4.6
David Sommerseth (1):
management: Warn if TCP port is used without password
use -std=gnu99 in CFLAGS. This is known to be needed when doing
i386/i686 builds on RHEL5.
+
+Version 2.4.7
+=============
+This is primarily a maintenance release with minor bugfixes and improvements.
+
+New features
+------------
+- ifconfig-ipv6(-push): allow using hostnames (in place of IPv6 addresses)
+
+- new option: --ciphersuites to select TLS 1.3 cipher suites
+ (--cipher selects TLS 1.2 and earlier ciphers)
+
+- enable dhcp on tap adapter using interactive service
+ (previously this required a privileged netsh.exe call from OpenVPN)
+
+- clarify and expand management interface documentation
+
+- add Interactive Service developer documentation
+
+
+User visible changes
+--------------------
+- add message explaining early TLS client hello failure (if TLS 1.0
+ only clients try to connect to TLS 1.3 capable servers)
+
+- --show-tls will now display TLS 1.3 and TLS 1.2 ciphers in separate
+ lists (if built with OpenSSL 1.1.1+)
+
+- don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
+ (unnecessary warnings, and will cause spurious warnings with tls-crypt-v2)
+
+- bump version of openvpn plugin argument structs to 5
+
+- plugin: Export base64 encode and decode functions
+
+- man: add security considerations to --compress section
+
+
+Bug fixes
+---------
+- print port numbers (again) for incoming IPv4 connections received on
+ a dual-stacked IPv6 socket. This got lost at some point during
+ rewrite of the dual-stack code and proper printing of IPv4 addresses.
+
+- fallback to password authentication when auth-token fails
+
+- fix combination of --dev tap and --topology subnet across multiple
+ platforms (BSDs, MacOS, and Solaris).
+
+- fix Windows CryptoAPI usage for TLS 1.2 signatures
+
+- fix option handling in combination with NCP negotiation and OCC
+ (--opt-verify failure on reconnect if NCP modified options and server
+ verified "original" vs. "modified" options)
+
+- mbedtls: print warning if random personalisation fails
+
+- fix subnet topology on NetBSD (2.4).
+
+
+
Version 2.4.6
=============
This is primarily a maintenance release with minor bugfixes and improvements,
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [.6])
+define([PRODUCT_VERSION_PATCH], [.7])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,4,6,0])
+define([PRODUCT_VERSION_RESOURCE], [2,4,7,0])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
projects / thirdparty / openvpn.git / commitdiff
