From e8df2e64d6f817e63025f78b29bc624772d5c3d6 Mon Sep 17 00:00:00 2001
From: Gert Doering <gert@greenie.muc.de>
Date: Tue, 15 Mar 2022 20:25:30 +0100
Subject: [PATCH] Preparing release 2.5.6

version.m4, ChangeLog, Changes.rst

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 ChangeLog   | 35 +++++++++++++++++++++++++++
 Changes.rst | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 version.m4  |  4 ++--
 3 files changed, 106 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index df9eb373b..edc0da3c6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,41 @@
 OpenVPN Change Log
 Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
 
+2022.03.16 -- Version 2.5.6
+
+Antonio Quartulli (4):
+      GitHub Actions: update script to same version as master
+      update copyright year to 2022
+      keyingmaterialexporter.c: include strings.h
+      remove unused sitnl.h file
+
+David Sommerseth (2):
+      sample-plugin: New plugin for testing multiple auth plugins
+      plug-ins: Disallow multiple deferred authentication plug-ins
+
+Frank Lichtenheld (2):
+      doc/Makefile: rebuild rst docs if input files change
+      doc/options: clean up documentation for --proto and related options
+
+Gert Doering (4):
+      fix Changes.rst errors in 2.5.3 and 2.5.5 announcement
+      Repair --inactive with 'bytes' argument larger 2Gbytes.
+      Fix --mtu-disc maybe|yes on Linux.
+      Preparing release 2.5.6
+
+Ilya Shipitsin (1):
+      CI: github actions: keep "pdb" in artifacts
+
+Lev Stipakov (7):
+      auth_token.c: add NULL initialization
+      vcpkg-ports/pkcs11-helper: bump to release 1.28
+      vcpkg-ports/pkcs11-helper: indicate OpenSSL EC support
+      msvc: cleanup
+      vcpkg: link lzo statically
+      vcpkg-ports/pkcs11-helper: adapt to new upstream URL
+      vcpkg-ports: add openssl 1.1.1n
+
+
 2021.12.14 -- Version 2.5.5
 
 Adrian (1):
diff --git a/Changes.rst b/Changes.rst
index 4e4f20181..45d2c3f39 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -1,3 +1,72 @@
+Overview of changes in 2.5.6
+============================
+
+User-visible Changes
+--------------------
+- update copyright year to 2022
+
+New features
+------------
+- new plugin (sample-plugin/defer/multi-auth.c) to help testing with
+  multiple parallel plugins that succeed/fail in direct/deferred mode
+
+- various build improvements (github actions etc)
+
+- upgrade pkcs11-helper to release 1.28.4
+
+Bugfixes
+--------
+- CVE-2022-0547
+  see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
+
+  If openvpn is configured with multiple authentication plugins and
+  more than one plugin tries to do deferred authentication, the result
+  is not well-defined - creating a possible authentication bypass.
+
+  In this situation the server process will now abort itself with a clear
+  log message.  Only one plugin is allowed to do deferred authentication.
+
+- Fix "--mtu-disc maybe|yes" on Linux
+
+  Due to configure/syshead.h/#ifdef confusion, the code in question was
+  not compiled-in since a long time.  Fixed.  Trac: #1452
+
+- Fix $common_name variable passed to scripts when username-as-common-name
+  is in effect.
+
+  This was not consistently set - sometimes, OpenVPN exported the username,
+  sometimes the common name from the client cert.  Fixed.  Trac: #1434
+
+- Fix potential memory leaks in add_route() and add_route_ipv6().
+
+- Apply connect-retry backoff only to one side of the connection in
+  p2p mode.  Without that fix/enhancement, two sides could end up
+  only sending packets when the other end is not ready.  Trac: #1010, #1384
+
+- remove unused sitnl.h file
+
+- clean up msvc build files, remove unused MSVC build .bat files
+
+- repair "--inactive" handling with a 'bytes' parameter larger than 2 Gbytes
+
+  due to integer overflow, this ended up being "0" on Linux, but on
+  Windows with MSVC it ends up being "always 2 Gbyte", both not doing
+  what is requested. Trac: #1448
+
+- repair handling of EC certificates on Windows with pkcs11-helper
+
+  (wrong compile-time defines for OpenSSL 1.1.1)
+
+Documentation
+-------------
+- documentation improvements related to DynDNS.  Trac: #1417
+
+- clean up documentation for --proto and related options
+
+- rebuild rst docs if input files change (proper dependency handling)
+
+
+
 Overview of changes in 2.5.5
 ============================
 
diff --git a/version.m4 b/version.m4
index a94177ea3..124a50aa2 100644
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [5])
-define([PRODUCT_VERSION_PATCH], [.5])
+define([PRODUCT_VERSION_PATCH], [.6])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,5,5,0])
+define([PRODUCT_VERSION_RESOURCE], [2,5,6,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
-- 
2.47.2