From: Gert Doering <gert@greenie.muc.de>
Date: Wed, 11 Jan 2023 15:18:01 +0000 (+0100)
Subject: preparing release 2.6_rc2
X-Git-Tag: v2.6_rc2^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=07d99c209ab4d38c014f440e9f84504fcc65af73;p=thirdparty%2Fopenvpn.git

preparing release 2.6_rc2

version.m4, ChangeLog, Changes.rst

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/ChangeLog b/ChangeLog
index 5fa5a1f55..85712c037 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,50 @@
 OpenVPN ChangeLog
 Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
 
+2023.01.12 -- Version 2.6_rc2
+
+Antonio Quartulli (4):
+      dco: properly re-initialize dco_del_peer_reason
+      dco: bail out when no peer-specific message is delivered
+      dco: improve comment about hidden debug message
+      dco: print proper message in case of transport disconnection
+
+Arne Schwabe (3):
+      Add connect-freq-initial option to limit initial connection responses
+      Log peer-id if loglevel is D_DCO_DEBUG and dco is enabled
+      Deprecate OCC checking
+
+Frank Lichtenheld (7):
+      options.c: fix format security error when compiling without optimization
+      options.c: update usage description of --cipher
+      Update copyright year to 2023
+      xkey_pkcs11h_sign: fix dangling pointer
+      options: Always define options->management_flags
+      check_engine_keys: make pass with OpenSSL 3
+      documentation: update 'unsupported options' section
+
+Gert Doering (3):
+      Undo FreeBSD 12.x workaround on IPv6 ifconfig for 12.4 and up
+      Reduce logspam about 'dco_update_keys: peer_id=-1' in p2p server mode
+      preparing release 2.6_rc2
+
+Lev Stipakov (1):
+      tun: move print_windows_driver() out of tun.h
+
+Selva Nair (11):
+      Properly unmap ring buffer file-map in interactive service
+      Use undo_lists for saving ring-buffer handles in interactive service
+      Cleanup: Close duplicated handles in interactive service
+      Preparing for better signal handling: some code refactoring
+      Refactor signal handling in openvpn_getaddrinfo
+      Use IPAPI for setting ipv6 routes when iservice not available
+      Fix signal handling on Windows
+      Assign and honour signal priority order
+      Distinguish route addition errors from route already exists
+      Propagate route error to initialization_completed()
+      Include CE_DISABLED status of remote in "remote-entry-get" response
+
+
 2022.12.29 -- Version 2.6_rc1
 
 Arne Schwabe (17):
diff --git a/Changes.rst b/Changes.rst
index 800b84630..8e1935aeb 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -1,3 +1,52 @@
+Overview of changes in 2.6_rc2
+==============================
+New features
+------------
+- ``remote-entry-get`` management command will now show enabled/disabled
+  status for each connection entry
+
+- report ``CONNECTED,ROUTE_ERROR`` to management GUI if connection to
+  server succeeds but not all routes can be installed (Windows and
+  Linux/Netlink only, so far)
+
+- add rate limiter for incoming "initial handshake packets", enabled by
+  default with a limit of 100 packets per 10 seconds.  New option
+  ``--connect-freq-initial`` to configure values.  This change makes
+  OpenVPN servers uninteresting as an UDP reflection DDoS engine.
+
+User-Visible Changes
+--------------------
+- OCC (options compatibility check) log messages are considered obsolete
+  and are only shown on loglevel 7 or higher now
+
+- copyright line has been updated in all files to "xxx-2023"
+
+- include peer-id=nn in multi prefix for DCO servers if loglevel is 7+
+  (helps with DCO debugging)
+
+Bugfixes / minor improvements
+-----------------------------
+- improve documentation on no-longer-supported options
+
+- reduce amount of log messages about "dco_update_keys: peer_id=-1"
+
+- undo FreeBSD "ipv6 ifconfig" workaround for FreeBSD 12.4 and up (Trac 1226)
+
+- fix signal handling issues where a SIGUSR1 "restart" signal could overwrite
+  a SIGTERM/SIGINT "please end!" signal already queued, making OpenVPN hard
+  to stop (Trac 311, Trac 639, GH issue #205)
+
+- fix signal handling issues on windows, where OpenVPN could not be
+  interrupted by ctrl-c when sleep()ing between connection attempts
+
+- use IPAPI for IPv6 route installation on Windows, if OpenVPN runs without
+  service pipe ("run as admin from cmd.exe")
+
+- fix spurious DCO log messages about "peer-id unknown to OpenVPN: -1"
+
+- on Windows, repair wintun buffer cleanup on program end
+
+
 Overview of changes in 2.6_rc1
 ==============================
 
diff --git a/version.m4 b/version.m4
index 93eaee8f2..1e5c7c416 100644
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [6])
-define([PRODUCT_VERSION_PATCH], [_rc1])
+define([PRODUCT_VERSION_PATCH], [_rc2])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,6,0,3])
+define([PRODUCT_VERSION_RESOURCE], [2,6,0,4])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])