From: Gert Doering Date: Mon, 23 May 2022 15:46:35 +0000 (+0200) Subject: Preparing release 2.5.7 X-Git-Tag: v2.5.7^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0f9a3e9404c83218004ac584e37a8c5db3ac925;p=thirdparty%2Fopenvpn.git Preparing release 2.5.7 version.m4, ChangeLog, Changes.rst Signed-off-by: Gert Doering --- diff --git a/ChangeLog b/ChangeLog index edc0da3c6..9543682fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,47 @@ OpenVPN Change Log Copyright (C) 2002-2022 OpenVPN Inc +2022.05.24 -- Version 2.5.7 + +Antonio Quartulli (4): + networking: use OPENVPN_ETH_ALEN instead of ETH_ALEN + networking_iproute2: don't pass M_WARN to openvpn_execve_check() + t_net.sh: delete dummy iface using iproute command + auth-pam.c: add missing include limits.h + +Arne Schwabe (11): + Add insecure tls-cert-profile options + Refactor early initialisation and uninitialisation into methods + Allow loading of non default providers + Add ubuntu 22.04 to Github Actions + Add macos OpenSSL 3.0 and ASAN builds + Add --with-openssl-engine autoconf option (auto|yes|no) + Fix allowing/showing unsupported ciphers and digests + Remove dependency on BF-CBC existance from test_ncp + Add message when decoding PKCS12 file fails. + Translate OpenSSL 3.0 digest names to OpenSSL 1.1 digest names + Fix client-pending-auth error message to say ERROR instead of SUCCESS + +Gert Doering (1): + Preparing release 2.5.7 + +Jan Mikkelsen (1): + cipher-negotiation.rst missing from doc/Makefile.am + +Lev Stipakov (5): + vcpkg-ports\pkcs11-helper: shorten patch filename + msvc: adjust build options to harden binaries + vcpkg-ports: remove openssl port + vcpkg: switch to manifest + Fix M_ERRNO behavior on Windows + +Marc Becker (1): + vcpkg-ports/pkcs11-helper: bump to release 1.29 + +Simon Rozman (1): + tapctl: Resolve MSVC C4996 warnings + + 2022.03.16 -- Version 2.5.6 Antonio Quartulli (4): diff --git a/Changes.rst b/Changes.rst index f8259e11a..b5fa12f3b 100644 --- a/Changes.rst +++ b/Changes.rst @@ -14,11 +14,37 @@ New features OpenSSL 3.0 no longer supports the Blowfish (and other deprecated) algorithm by default and the new option ``--providers`` allows loading - the legacy provider to renable these algorithms. + the legacy provider to renable these algorithms. Most notably, + reading of many PKCS#12 files encrypted with the RC2 algorithm fails + unless ``--providers legacy default`` is configured. The OpenSSL engine feature ``--engine`` is not enabled by default anymore if OpenSSL 3.0 is detected. +- print OpenSSL error stack if decoding PKCS12 file fails + +User-visible Changes +-------------------- +- windows vcpkg building includes pkcs11-helper 1.29 now + +- add MSVC build options to harden windows binaries (HW-enforced + stack protection, SHA256 object hashes, SDL). + +Bugfixes +-------- +- fix omission of cipher-negotiation.rst in tarballs + +- fix errno handling on Windows (Windows has different classes of + error codes, GetLastError() and C runtime errno, these should now + be handled correctly) + +- fix PATH_MAX build failure in auth-pam.c + +- fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface + +- fix overlong path names, leading to missing pkcs11-helper patch + in tarball + Overview of changes in 2.5.6 ============================ diff --git a/version.m4 b/version.m4 index 124a50aa2..58b21e73d 100644 --- a/version.m4 +++ b/version.m4 @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [5]) -define([PRODUCT_VERSION_PATCH], [.6]) +define([PRODUCT_VERSION_PATCH], [.7]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,5,6,0]) +define([PRODUCT_VERSION_RESOURCE], [2,5,7,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])