OpenVPN ChangeLog
Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
+2026.02.04 -- Version 2.6.18
+
+Arne Schwabe (1):
+ Ensure that all unit tests use unbuffered stdout and stderr
+
+Brandon Currell (1):
+ Add check for bind-dev in DCO options
+
+Frank Lichtenheld (6):
+ configure: Try to use pkg-config to detect mbedTLS
+ configure.ac: Remove use of PKCS11_HELPER_LIBS in mbedTLS checks
+ tests: Allow to override openvpn binary used
+ multi: Warn about failing read in multi_process_file_closed()
+ tests/unit_tests: Port to cmocka 2.0.0 API
+ manage: Do not trigger actions on management disconnect if not authenticated
+
+Gert Doering (2):
+ Repair interaction between DCO and persist-tun after reconnection
+ tunnel_server_*(): close correct inotify fd
+
+Klemens Nanni (1):
+ Prevent crash on invalid server-ipv6 argument
+
+Lev Stipakov (1):
+ tun.c: set IPv4 address temporary on Windows
+
+Selva Nair (1):
+ pull-filter: improve documentation
+
+
2025.11.28 -- Version 2.6.17
Lev Stipakov (1):
+Overview of changes in 2.6.18
+=============================
+
+New features / User visible changes
+-----------------------------------
+- disable DCO if ``--bind-dev`` option is given (no support for this in
+ the old out-of-kernel Linux DCO implementation)
+
+- on Windows, if using ``--ip-win32 netsh`` and not using the interactive
+ service, IPv4 addresses would be installed as "permanent", possibly
+ causing problems later on with using that IPv4 address on a different
+ interface. Change to "store=active". (GH: #915)
+
+
+Code maintenance / Compat changes
+---------------------------------
+- backport fixes needed to build unit tests with cmocka 2.0.0 and -Werror
+ (some parts of the old API have been deprecated and would raise warnings)
+
+- backport "ensure that all unit tests use unbuffered stdout+stderr" change,
+ otherwise we get no output at all if a unit test crashes
+
+- add explicit error message for failing read in multi_process_file_closed()
+ (reported by SRL)
+
+- test framework: permit overriding the openvpn binary called
+
+- configure.ac: remove use of PKCS11_HELPER_LIBS in mbedTLS checks
+ (old code, purpose unclear, effects non-useful)
+
+- configure.ac: try to use pkg-config to detect mbedTLS
+
+
+Documentation updates
+---------------------
+- improve pull-filter documentation, emphasizing possible problems if
+ used as a naive security measure (reported by SRLabs).
+
+
+Bugfixes
+--------
+- p2mp server: fix incorrect file descriptor handling on "inotify" FD
+ during a SIGUSR1 restart (GH: #966)
+
+- management interface: fix bug where ``--management-forget-disconnect``
+ and ``--management-signal`` could be executed even if password authentication
+ to managment interface was still pending (Zeropath finding)
+
+- repair client-side interaction on reconnect between DCO event handling
+ and ``--persist-tun`` - after a ping timeout and reconnect, the DCO
+ event handler would not be armed, and the next ping timeout would not
+ be received by userland, causing non-working connections with nothing
+ in the openvpn log (Linux and FreeBSD only, GH: #947)
+
+- prevent crash on invalid server-ipv6 argument, calling freeaddrinfo()
+ with a NULL pointer. This only affects OpenBSD. (Klemens Nanni).
+
+
Overview of changes in 2.6.17
=============================
Bugfixes
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [6])
-define([PRODUCT_VERSION_PATCH], [.17])
+define([PRODUCT_VERSION_PATCH], [.18])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,6,17,0])
+define([PRODUCT_VERSION_RESOURCE], [2,6,18,0])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
projects / thirdparty / openvpn.git / commitdiff
