OpenVPN ChangeLog
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
+2023.03.24 -- Version 2.6.2
+
+Antonio Quartulli (6):
+ dco: don't use NetLink to exchange control packets
+ dco: print version to log if available
+ dco-linux: remove M_ERRNO flag when printing netlink error message
+ multi: don't call DCO APIs if DCO is disabled
+ dco-freebsd: use m->instances[] instead of m->hash
+ dco-linux: implement dco_get_peer_stats{, multi} API
+
+Arne Schwabe (12):
+ Set netlink socket to be non-blocking
+ Ensure n = 2 is set in key2 struct in tls_crypt_v2_unwrap_client_key
+ Fix memory leaks in open_tun_dco()
+ Fix memory leaks in HMAC initial packet generation
+ Use key_state instead of multi for tls_send_payload parameter
+ Make sending plain text control message session aware
+ Only update frame calculation if we have a valid link sockets
+ Improve description of compat-mode
+ Simplify --compress parsing in options.c
+ Refuse connection if server pushes an option contradicting allow-compress
+ Add 'allow-compression stub-only' internally for DCO
+ Parse compression options and bail out when compression is disabled
+
+Frank Lichtenheld (1):
+ tests/unit_tests: Fix 'make distcheck' with subdir-objects enabled
+
+Gert Doering (1):
+ preparing release 2.6.2
+
+Heiko Hund (1):
+ dns option: allow up to eight addresses per server
+
+Kristof Provost (1):
+ dco: print FreeBSD version
+
+Lev Stipakov (4):
+ Support --inactive option for DCO
+ Fix '--inactive <time> 0' behavior for DCO
+ Print DCO client stats on SIGUSR2
+ Don't overwrite socket flags when using DCO on Windows
+
+Michael Baentsch (1):
+ using OpenSSL3 API for EVP PKEY type name reporting
+
+Selva Nair (8):
+ Bugfix: Convert ECDSA signature form pkcs11-helper to DER encoded form
+ Import some sample certificates into Windows store for testing
+ Add tests for finding certificates in Windows cert store
+ Refactor SSL_CTX_use_CryptoAPI_certificate()
+ Add a test for signing with certificates in Windows store
+ Unit tests: add test for SSL_CTX_use_Cryptoapi_certificate()
+ Improve error message on short read from socks proxy
+ Make error in setting metric for IPv6 interface non-fatal
+
+
2023.03.08 -- Version 2.6.1
Arne Schwabe (13):
Overview of changes in 2.6.2
============================
+New features
+------------
+- implement byte counter statistics for DCO Linux (p2mp server and client)
+
+- implement byte counter statistics for DCO Windows (client only)
+
+- '--dns server <n> address ...' now permits up to 8 v4 or v6 addresses
+
+- fix a few cases of possibly undefined behaviour detected by ASAN
+
+- add more unit tests for Windows cryptoapi interface
+
+
Bug fixes
---------
- sending of AUTH_PENDING and INFO_PRE messages fixed (OpenVPN/openvpn#256)
+- Windows: do not treat "setting IPv6 interface metric failed" as fatal
+ error on "block-dns" install - this can happen if IPv6 is disabled on
+ the interface and is not harmful in itself (GH #294)
+
+- fix '--inactive' if DCO is in use
+ NOTE: on FreeBSD, this is not working yet (missing per-peer stats)
+
+- DCO-Linux: do not print errno on netlink errors (errno is not set by NL)
+
+- SOCKS client: improve error reporting on server disconnects
+
+- DCO-Linux: fix lockups due to netlink buffer overflows on high
+ client connect/disconnect activity. See "User visible changes" for
+ more details of this.
+
+- fix some uses of the OpenSSL3 API for non-default providers
+ (enable use of quantum-crypto OpenSSL provider)
+
+- fix memory leak of approx. 1600 bytes per incoming initial TLS packet
+
+- fix bug when using ECDSA signatures with OpenSSL 3.0.x and pkcs11-helper
+ (data format conversion was not done properly)
+
+- fix 'make distcheck' - unexpected side effect of 'subdir-objects'
+
+- fix ASSERT() with dynamic tls-crypt and --tls-crypt-v2 (GH #272)
+
+
User visible changes
--------------------
+- print (kernel) DCO version on startup - helpful for getting a more
+ complete picture of the environment in use.
+
+- New control packets flow for data channel offloading on Linux.
+ 2.6.2+ changes the way OpenVPN control packets are handled on
+ Linux when DCO is active, fixing the lockups observed with 2.6.0/2.6.1
+ under high client connect/disconnect activity.
+ This is an *INCOMPATIBLE* change and therefore an ovpn-dco kernel
+ module older than v0.2.20230323 (commit ID 726fdfe0fa21) will not
+ work anymore and must be upgraded. The kernel module was renamed to
+ "ovpn-dco-v2.ko" in order to highlight this change and ensure that
+ users and userspace software could easily understand which version
+ is loaded. Attempting to use the old ovpn-dco with 2.6.2+ will
+ lead to disabling DCO at runtime.
+
- The ``client-pending-auth`` management command now requires also the
key id. The management version has been changed to 5 to indicate this change.
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [6])
-define([PRODUCT_VERSION_PATCH], [.1])
+define([PRODUCT_VERSION_PATCH], [.2])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,6,1,0])
+define([PRODUCT_VERSION_RESOURCE], [2,6,2,0])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
projects / thirdparty / openvpn.git / commitdiff
