preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)v2.4.7

Signed-off-by: Gert Doering <gert@greenie.muc.de>

3 files changed, 137 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 2d6f3e5..fc9963a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,80 @@
 OpenVPN Change Log
 Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
 
+2019.02.18 -- Version 2.4.7
+Adam Ciarcin?ski (1):
+      Fix subnet topology on NetBSD (2.4).
+
+Antonio Quartulli (3):
+      add support for %lu in argv_printf and prevent ASSERT
+      buffer_list: add functions documentation
+      ifconfig-ipv6(-push): allow using hostnames
+
+Arne Schwabe (7):
+      Properly free tuntap struct on android when emulating persist-tun
+      Add OpenSSL compat definition for RSA_meth_set_sign
+      Add support for tls-ciphersuites for TLS 1.3
+      Add better support for showing TLS 1.3 ciphersuites in --show-tls
+      Use right function to set TLS1.3 restrictions in show-tls
+      Add message explaining early TLS client hello failure
+      Fallback to password authentication when auth-token fails
+
+Christian Ehrhardt (1):
+      systemd: extend CapabilityBoundingSet for auth_pam
+
+David Sommerseth (1):
+      plugin: Export base64 encode and decode functions
+
+Gert Doering (3):
+      Add %d, %u and %lu tests to test_argv unit tests.
+      Fix combination of --dev tap and --topology subnet across multiple platforms.
+      Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
+
+Gert van Dijk (1):
+      Minor reliability layer documentation fixes
+
+James Bekkema (1):
+      Resolves small IV_GUI_VER typo in the documentation.
+
+Jonathan K. Bullard (1):
+      Clarify and expand management interface documentation
+
+Lev Stipakov (5):
+      Refactor NCP-negotiable options handling
+      init.c: refine functions names and description
+      interactive.c: fix usage of potentially uninitialized variable
+      options.c: fix broken unary minus usage
+      Remove extra token after #endif
+
+Richard van den Berg via Openvpn-devel (1):
+      Fix error message when using RHEL init script
+
+Samy Mahmoudi (1):
+      man: correct a --redirection-gateway option flag
+
+Selva Nair (7):
+      Replace M_DEBUG with D_LOW as the former is too verbose
+      Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
+      Bump version of openvpn plugin argument structs to 5
+      Move get system directory to a separate function
+      Enable dhcp on tap adapter using interactive service
+      Pass the hash without the DigestInfo header to NCryptSignHash()
+      White-list pull-filter and script-security in interactive service
+
+Simon Rozman (2):
+      Add Interactive Service developer documentation
+      Detect TAP interfaces with root-enumerated hardware ID
+
+Steffan Karger (7):
+      man: add security considerations to --compress section
+      mbedtls: print warning if random personalisation fails
+      Fix memory leak after sighup
+      travis: add OpenSSL 1.1 Windows build
+      Fix --disable-crypto build
+      Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
+      buffer_list_aggregate_separator(): simplify code
+
+
 2018.04.19 -- Version 2.4.6
 David Sommerseth (1):
       management: Warn if TCP port is used without password
diff --git a/Changes.rst b/Changes.rst
index b8ed5ce..21960f5 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -320,6 +320,67 @@ Maintainer-visible changes
   use -std=gnu99 in CFLAGS.  This is known to be needed when doing
   i386/i686 builds on RHEL5.
 
+
+Version 2.4.7
+=============
+This is primarily a maintenance release with minor bugfixes and improvements.
+
+New features
+------------
+- ifconfig-ipv6(-push): allow using hostnames (in place of IPv6 addresses)
+
+- new option: --ciphersuites to select TLS 1.3 cipher suites
+  (--cipher selects TLS 1.2 and earlier ciphers)
+
+- enable dhcp on tap adapter using interactive service
+  (previously this required a privileged netsh.exe call from OpenVPN)
+
+- clarify and expand management interface documentation
+
+- add Interactive Service developer documentation
+
+
+User visible changes
+--------------------
+- add message explaining early TLS client hello failure (if TLS 1.0
+  only clients try to connect to TLS 1.3 capable servers)
+
+- --show-tls will now display TLS 1.3 and TLS 1.2 ciphers in separate
+  lists (if built with OpenSSL 1.1.1+)
+
+- don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
+  (unnecessary warnings, and will cause spurious warnings with tls-crypt-v2)
+
+- bump version of openvpn plugin argument structs to 5
+
+- plugin: Export base64 encode and decode functions
+
+- man: add security considerations to --compress section
+
+
+Bug fixes
+---------
+- print port numbers (again) for incoming IPv4 connections received on
+  a dual-stacked IPv6 socket.  This got lost at some point during 
+  rewrite of the dual-stack code and proper printing of IPv4 addresses.
+
+- fallback to password authentication when auth-token fails
+
+- fix combination of --dev tap and --topology subnet across multiple 
+  platforms (BSDs, MacOS, and Solaris).
+
+- fix Windows CryptoAPI usage for TLS 1.2 signatures
+
+- fix option handling in combination with NCP negotiation and OCC
+  (--opt-verify failure on reconnect if NCP modified options and server
+  verified "original" vs. "modified" options)
+
+- mbedtls: print warning if random personalisation fails
+
+- fix subnet topology on NetBSD (2.4).
+
+
+
 Version 2.4.6
 =============
 This is primarily a maintenance release with minor bugfixes and improvements,
diff --git a/version.m4 b/version.m4
index fd4f32a..9628a3d 100644
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [.6])
+define([PRODUCT_VERSION_PATCH], [.7])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,4,6,0])
+define([PRODUCT_VERSION_RESOURCE], [2,4,7,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])