OpenVPN ChangeLog
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
+2023.03.08 -- Version 2.6.1
+
+Arne Schwabe (13):
+ Fix unaligned access in auth-token
+ Update LibreSSL to 3.7.0 in Github actions
+ Add printing USAN stack trace on github actions
+ Fix LibreSSL not building in Github Actions
+ Add missing stdint.h includes in unit tests files
+ Combine extra_tun/frame parameter of frame_calculate_payload_overhead
+ Update the last sections in the man page to a be a bit less outdated
+ Add building unit tests with mingw to github actions
+ Revise the cipher negotiation info about OpenVPN3 in the man page
+ Exit if a proper message instead of segfault on Android without management
+ Use proper print format/casting when converting msg_channel handle
+ Reduce initialisation spam from verb <= 3 and print summary instead
+ Dynamic tls-crypt for secure soft_reset/session renegotiation
+
+Frank Lichtenheld (8):
+ Changes.rst: document removal of --keysize
+ Windows: fix unused function setenv_foreign_option
+ Windows: fix unused variables in delete_route_ipv6
+ Windows: fix wrong printf format in x_check_status
+ Windows: fix unused variable in win32_get_arch
+ configure: enable DCO by default on FreeBSD/Linux
+ Windows: fix signedness errors with recv/send
+ configure: fix formatting of --disable-lz4 and --enable-comp-stub
+
+Gert Doering (2):
+ Get rid of unused 'bool tuntap_buffer' arguments.
+ FreeBSD 12.x workaround for IPv6 ifconfig is needed on 12.4 as well
+
+Kristof Provost (3):
+ options.c: enforce a minimal fragment size
+ configure: improve FreeBSD DCO check
+ dco: define OVPN_DEL_PEER_REASON_TRANSPORT_DISCONNECT on FreeBSD
+
+Lev Stipakov (6):
+ Allow certain DHCP options to be used without DHCP server
+ dco-win: use proper calling convention on x86
+ Improve format specifier for socket handle in Windows
+ Disable DCO if proxy is set via management
+ Add logging for windows driver selection process
+ Avoid management log loop with verb >= 6
+
+Matthias Andree (1):
+ make dist: Ship ovpn_dco_freebsd.h, too
+
+Selva Nair (9):
+ block-dns using iservice: fix a potential double free
+ Conditionally add subdir-objects option to automake
+ Build unit tests in mingw Windows build
+ cyryptapi.c: log the selected certificate's name
+ cryptoapi.c: remove pre OpenSSL-3.01 support
+ cryptoapi.c: simplify parsing of thumbprint hex string
+ Option --cryptoapicert: support issuer name as a selector
+ Add a unit test for functions in cryptoapi.c
+ Do not save pointer to 'struct passwd' returned by getpwnam etc.
+
+
2023.01.25 -- Version 2.6.0
Antonio Quartulli (1):
previously authenticated peer can do trigger renegotiation and complete
renegotiations.
+- CryptoAPI (Windows): support issuer name as a selector.
+ Certificate selection string can now specify a partial
+ issuer name string as "--cryptoapicert ISSUER:<string>" where
+ <string> is matched as a substring of the issuer (CA) name in
+ the certificate.
+
+
+User visible changes
+--------------------
+- on crypto initialization, move old "quite verbose" messages to --verb 4
+ and only print a more compact summary about crypto and timing parameters
+ by default
+
+- configure now enables DCO build by default on FreeBSD and Linux, which
+ brings in a default dependency for libnl-genl (for Linux distributions
+ that are too old to have this library, use "configure --disable-dco")
+
+- make "configure --help" output more consistent
+
+- CryptoAPI (Windows): remove support code for OpenSSL before 3.0.1
+ (this will not affect official OpenVPN for Windows installers, as they
+ will always be built with OpenSSL 3.0.x)
+
+- CryptoAPI (Windows): log the selected certificate's name
+
+- "configure" now uses "subdir-objects", for automake >= 1.16
+ (less warnings for recent-enough automake versions, will change
+ the way .o files are created)
+
+
+Bugfixes / minor improvements
+-----------------------------
+- fixed old IPv6 ifconfig race condition for FreeBSD 12.4 (trac #1226)
+
+- fix compile-time breakage related to DCO defines on FreeBSD 14
+
+- enforce minimum packet size for "--fragment" (avoid division by zero)
+
+- some alignment fixes to avoid unaligned memory accesses, which will
+ bring problems on some architectures (Sparc64, some ARM versions) -
+ found by USAN clang checker
+
+- windows source code fixes to reduce number of compile time warnings
+ (eventual goal is to be able to compile with -Werror on MinGW), mostly
+ related to signed/unsigned char * conversions, printf() format specifiers
+ and unused variables.
+
+- avoid endless loop on logging with --management + --verb 6+
+
+- build (but not run) unit tests on MinGW cross compiles, and run them
+ when building with GitHub Actions.
+
+- add unit test for parts of cryptoapi.c
+
+- add debug logging to help with diagnosing windows driver selection
+
+- disable DCO if proxy config is set via management interface
+
+- do not crash on Android if run without --management
+
+- improve documentation about cipher negotiation and OpenVPN3
+
+- for x86 windows builds, use proper calling conventions for dco-win
+ (__stdcall)
+
+- differentiate "dhcp-option ..." options into "needs an interface with
+ true DHCP service" (tap-windows) and "can also be installed by IPAPI
+ or service, and can be used on non-DHCP interfaces" (wintun, dco-win)
+
+- windows interactive service: fix possible double-free if "--block-dns"
+ installation fails due to "security products" interfering
+ (Github OpenVPN/openvpn#232)
+
+- "make dist": package ovpn_dco_freebsd.h to permit building from tarballs
+ on FreeBSD 14
+
Overview of changes in 2.6.0, relative to 2.6_rc2
=================================================
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [6])
-define([PRODUCT_VERSION_PATCH], [.0])
+define([PRODUCT_VERSION_PATCH], [.1])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,6,0,5])
+define([PRODUCT_VERSION_RESOURCE], [2,6,1,0])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
projects / thirdparty / openvpn.git / commitdiff
