From 706fcc7d1a24077e2b3c711a5b9ceaa2a93a6a70 Mon Sep 17 00:00:00 2001
From: Gert Doering <gert@greenie.muc.de>
Date: Wed, 28 Jan 2026 14:33:08 +0100
Subject: [PATCH] OpenVPN Release 2.7_rc6

version.m4, ChangeLog, Changes.rst

Changes.rst has not received an "2.7_rc6" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta/rc*
releases it's better to look at git log to see what has been added/fixed.

Notable changes rc5 -> rc6 are:
    - bugfix on restarting a p2mp server instance with SIGUSR1 (inadvertedly
      closing fd 0, causing a crash on the next restart - GH #966)
    - prevent NULL pointer crash on suitable combination of --dns-updown
      statements in openvpn config file (not pushable)
    - prevent inappropriate management interface activity if a password is
      set and --management-forget-disconnect or --management-signal are active
    - more conversion warnings fixed
    - Windows: interactive service - some initial unit tests added for the
      most complex string conversion function (ConvertItfDnsDomains())
    - remove #ifdefs around socket sendbuf/receive buf handling, assuming that
      all platforms that have POSIX sockets have this.
    - add mbedTLS 4 support
    - fix check for failed fork() in port-share code

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 ChangeLog   | 33 +++++++++++++++++++++++++++++++++
 Changes.rst |  4 ++++
 version.m4  |  2 +-
 3 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 3ed3c06e2..037acac4a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,39 @@
 OpenVPN ChangeLog
 Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
 
+2026.01.28 -- Version 2.7_rc6
+
+Arne Schwabe (1):
+      Silence compiler truncation warning by checking snprintf return value
+
+Frank Lichtenheld (16):
+      crypto_openssl: Fix various conversion warnings
+      cryptoapi: Avoid conversion warnings
+      ssl_verify_openssl: Avoid conversion warning in x509_verify_cert_ku
+      socket: Avoid conversion warning in get_addr_generic
+      ssl_ncp: Avoid conversion warning in replace_default_in_ncp_ciphers_option
+      port-share: Check return value of fork()
+      openvpnserv: Fix conversion warnings in interactive.c
+      openvpnserv: Factor out the string conversion from GetItfDnsDomains
+      openvpnserv: Add a first unit test
+      GHA: Update mbedtls to v4
+      route: Fix conversion warnings on BSDs
+      socket: Remove ifdef for SO_{RCV, SND}BUF
+      test_openvpnserv: Make sure to include config.h
+      GHA: Run openvpnserv UT for MinGW builds
+      status: Avoid conversion warnings in status_read/status_printf
+      manage: Do not trigger actions on management disconnect if not authenticated
+
+Gert Doering (1):
+      tunnel_server(): close correct inotify fd
+
+Heiko Hund (1):
+      Prevent NULL pointer dereference with --dns-updown
+
+Max Fillinger (1):
+      Add support for Mbed TLS 4
+
+
 2026.01.15 -- Version 2.7_rc5
 
 Arne Schwabe (5):
diff --git a/Changes.rst b/Changes.rst
index 783f6fa13..d2c6716e1 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -181,6 +181,10 @@ New option ``--tls-crypt-v2-max-age n`` to check tls-crypt-v2 timestamps
    (When a client is older than n days or has no timestamp, the server
     will reject it)
 
+mbedTLS 4 support has been added.  Algorithms need to be translated to
+   mbedTLS 4 internal IDs, and these tables are only very basic right now
+   (but AES-GCM and ChaCha-Poly are in).
+
 
 Deprecated features
 -------------------
diff --git a/version.m4 b/version.m4
index d86423cbb..2f4e874b6 100644
--- a/version.m4
+++ b/version.m4
@@ -3,7 +3,7 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [7])
-define([PRODUCT_VERSION_PATCH], [_rc5])
+define([PRODUCT_VERSION_PATCH], [_rc6])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
-- 
2.47.3