diff options
author | Gert Doering | 2019-02-18 18:55:36 +0100 |
---|---|---|
committer | Gert Doering | 2019-02-18 18:55:36 +0100 |
commit | 2b8aec62d5db2c17d5d4052991bc18272748bf29 (patch) | |
tree | 5e2a107dc86e9a406af1028eb0c7808eb4610c86 | |
parent | b8190ecb33f8949f1b881c1cd240e8c1ea4fe144 (diff) | |
download | openvpn-2.4.7.zip openvpn-2.4.7.tar.gz |
preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)v2.4.7
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | ChangeLog | 74 | ||||
-rw-r--r-- | Changes.rst | 61 | ||||
-rw-r--r-- | version.m4 | 4 |
3 files changed, 137 insertions, 2 deletions
@@ -1,6 +1,80 @@ OpenVPN Change Log Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> +2019.02.18 -- Version 2.4.7 +Adam Ciarcin?ski (1): + Fix subnet topology on NetBSD (2.4). + +Antonio Quartulli (3): + add support for %lu in argv_printf and prevent ASSERT + buffer_list: add functions documentation + ifconfig-ipv6(-push): allow using hostnames + +Arne Schwabe (7): + Properly free tuntap struct on android when emulating persist-tun + Add OpenSSL compat definition for RSA_meth_set_sign + Add support for tls-ciphersuites for TLS 1.3 + Add better support for showing TLS 1.3 ciphersuites in --show-tls + Use right function to set TLS1.3 restrictions in show-tls + Add message explaining early TLS client hello failure + Fallback to password authentication when auth-token fails + +Christian Ehrhardt (1): + systemd: extend CapabilityBoundingSet for auth_pam + +David Sommerseth (1): + plugin: Export base64 encode and decode functions + +Gert Doering (3): + Add %d, %u and %lu tests to test_argv unit tests. + Fix combination of --dev tap and --topology subnet across multiple platforms. + Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6. + +Gert van Dijk (1): + Minor reliability layer documentation fixes + +James Bekkema (1): + Resolves small IV_GUI_VER typo in the documentation. + +Jonathan K. Bullard (1): + Clarify and expand management interface documentation + +Lev Stipakov (5): + Refactor NCP-negotiable options handling + init.c: refine functions names and description + interactive.c: fix usage of potentially uninitialized variable + options.c: fix broken unary minus usage + Remove extra token after #endif + +Richard van den Berg via Openvpn-devel (1): + Fix error message when using RHEL init script + +Samy Mahmoudi (1): + man: correct a --redirection-gateway option flag + +Selva Nair (7): + Replace M_DEBUG with D_LOW as the former is too verbose + Correct the declaration of handle in 'struct openvpn_plugin_args_open_return' + Bump version of openvpn plugin argument structs to 5 + Move get system directory to a separate function + Enable dhcp on tap adapter using interactive service + Pass the hash without the DigestInfo header to NCryptSignHash() + White-list pull-filter and script-security in interactive service + +Simon Rozman (2): + Add Interactive Service developer documentation + Detect TAP interfaces with root-enumerated hardware ID + +Steffan Karger (7): + man: add security considerations to --compress section + mbedtls: print warning if random personalisation fails + Fix memory leak after sighup + travis: add OpenSSL 1.1 Windows build + Fix --disable-crypto build + Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth' + buffer_list_aggregate_separator(): simplify code + + 2018.04.19 -- Version 2.4.6 David Sommerseth (1): management: Warn if TCP port is used without password diff --git a/Changes.rst b/Changes.rst index b8ed5ce..21960f5 100644 --- a/Changes.rst +++ b/Changes.rst @@ -320,6 +320,67 @@ Maintainer-visible changes use -std=gnu99 in CFLAGS. This is known to be needed when doing i386/i686 builds on RHEL5. + +Version 2.4.7 +============= +This is primarily a maintenance release with minor bugfixes and improvements. + +New features +------------ +- ifconfig-ipv6(-push): allow using hostnames (in place of IPv6 addresses) + +- new option: --ciphersuites to select TLS 1.3 cipher suites + (--cipher selects TLS 1.2 and earlier ciphers) + +- enable dhcp on tap adapter using interactive service + (previously this required a privileged netsh.exe call from OpenVPN) + +- clarify and expand management interface documentation + +- add Interactive Service developer documentation + + +User visible changes +-------------------- +- add message explaining early TLS client hello failure (if TLS 1.0 + only clients try to connect to TLS 1.3 capable servers) + +- --show-tls will now display TLS 1.3 and TLS 1.2 ciphers in separate + lists (if built with OpenSSL 1.1.1+) + +- don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth' + (unnecessary warnings, and will cause spurious warnings with tls-crypt-v2) + +- bump version of openvpn plugin argument structs to 5 + +- plugin: Export base64 encode and decode functions + +- man: add security considerations to --compress section + + +Bug fixes +--------- +- print port numbers (again) for incoming IPv4 connections received on + a dual-stacked IPv6 socket. This got lost at some point during + rewrite of the dual-stack code and proper printing of IPv4 addresses. + +- fallback to password authentication when auth-token fails + +- fix combination of --dev tap and --topology subnet across multiple + platforms (BSDs, MacOS, and Solaris). + +- fix Windows CryptoAPI usage for TLS 1.2 signatures + +- fix option handling in combination with NCP negotiation and OCC + (--opt-verify failure on reconnect if NCP modified options and server + verified "original" vs. "modified" options) + +- mbedtls: print warning if random personalisation fails + +- fix subnet topology on NetBSD (2.4). + + + Version 2.4.6 ============= This is primarily a maintenance release with minor bugfixes and improvements, @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [4]) -define([PRODUCT_VERSION_PATCH], [.6]) +define([PRODUCT_VERSION_PATCH], [.7]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,4,6,0]) +define([PRODUCT_VERSION_RESOURCE], [2,4,7,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |