From: Gert Doering Date: Mon, 2 Feb 2026 12:08:48 +0000 (+0100) Subject: preparing release 2.6.18 X-Git-Tag: v2.6.18^0 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=abd5e17911262cdbbb9fbcd7a74e06bce91a39df;p=thirdparty%2Fopenvpn.git preparing release 2.6.18 version.m4, ChangeLog, Changes.rst Signed-off-by: Gert Doering --- diff --git a/ChangeLog b/ChangeLog index fce4a67b6..a4da359b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,36 @@ OpenVPN ChangeLog Copyright (C) 2002-2025 OpenVPN Inc +2026.02.04 -- Version 2.6.18 + +Arne Schwabe (1): + Ensure that all unit tests use unbuffered stdout and stderr + +Brandon Currell (1): + Add check for bind-dev in DCO options + +Frank Lichtenheld (6): + configure: Try to use pkg-config to detect mbedTLS + configure.ac: Remove use of PKCS11_HELPER_LIBS in mbedTLS checks + tests: Allow to override openvpn binary used + multi: Warn about failing read in multi_process_file_closed() + tests/unit_tests: Port to cmocka 2.0.0 API + manage: Do not trigger actions on management disconnect if not authenticated + +Gert Doering (2): + Repair interaction between DCO and persist-tun after reconnection + tunnel_server_*(): close correct inotify fd + +Klemens Nanni (1): + Prevent crash on invalid server-ipv6 argument + +Lev Stipakov (1): + tun.c: set IPv4 address temporary on Windows + +Selva Nair (1): + pull-filter: improve documentation + + 2025.11.28 -- Version 2.6.17 Lev Stipakov (1): diff --git a/Changes.rst b/Changes.rst index b3c51dcc5..27202bceb 100644 --- a/Changes.rst +++ b/Changes.rst @@ -1,3 +1,61 @@ +Overview of changes in 2.6.18 +============================= + +New features / User visible changes +----------------------------------- +- disable DCO if ``--bind-dev`` option is given (no support for this in + the old out-of-kernel Linux DCO implementation) + +- on Windows, if using ``--ip-win32 netsh`` and not using the interactive + service, IPv4 addresses would be installed as "permanent", possibly + causing problems later on with using that IPv4 address on a different + interface. Change to "store=active". (GH: #915) + + +Code maintenance / Compat changes +--------------------------------- +- backport fixes needed to build unit tests with cmocka 2.0.0 and -Werror + (some parts of the old API have been deprecated and would raise warnings) + +- backport "ensure that all unit tests use unbuffered stdout+stderr" change, + otherwise we get no output at all if a unit test crashes + +- add explicit error message for failing read in multi_process_file_closed() + (reported by SRL) + +- test framework: permit overriding the openvpn binary called + +- configure.ac: remove use of PKCS11_HELPER_LIBS in mbedTLS checks + (old code, purpose unclear, effects non-useful) + +- configure.ac: try to use pkg-config to detect mbedTLS + + +Documentation updates +--------------------- +- improve pull-filter documentation, emphasizing possible problems if + used as a naive security measure (reported by SRLabs). + + +Bugfixes +-------- +- p2mp server: fix incorrect file descriptor handling on "inotify" FD + during a SIGUSR1 restart (GH: #966) + +- management interface: fix bug where ``--management-forget-disconnect`` + and ``--management-signal`` could be executed even if password authentication + to managment interface was still pending (Zeropath finding) + +- repair client-side interaction on reconnect between DCO event handling + and ``--persist-tun`` - after a ping timeout and reconnect, the DCO + event handler would not be armed, and the next ping timeout would not + be received by userland, causing non-working connections with nothing + in the openvpn log (Linux and FreeBSD only, GH: #947) + +- prevent crash on invalid server-ipv6 argument, calling freeaddrinfo() + with a NULL pointer. This only affects OpenBSD. (Klemens Nanni). + + Overview of changes in 2.6.17 ============================= Bugfixes diff --git a/version.m4 b/version.m4 index a4fff0d85..752cd63d0 100644 --- a/version.m4 +++ b/version.m4 @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [6]) -define([PRODUCT_VERSION_PATCH], [.17]) +define([PRODUCT_VERSION_PATCH], [.18]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,6,17,0]) +define([PRODUCT_VERSION_RESOURCE], [2,6,18,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])