diff options
author | Gert Doering | 2022-10-27 09:13:14 +0200 |
---|---|---|
committer | Gert Doering | 2022-10-28 08:44:17 +0200 |
commit | 0357ceb877687faa2f3c671fcb8bc88b5a69b449 (patch) | |
tree | e5df6d51b29e3ca04312c511a55f2782c1b89868 | |
parent | cd50cf021bcfb797b6dacbe853e4c08b21a8e89d (diff) | |
download | openvpn-0357ceb877687faa2f3c671fcb8bc88b5a69b449.zip openvpn-0357ceb877687faa2f3c671fcb8bc88b5a69b449.tar.gz |
Preparing release 2.5.8v2.5.8
version.m4, ChangeLog, Changes.rst
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | ChangeLog | 33 | ||||
-rw-r--r-- | Changes.rst | 55 | ||||
-rw-r--r-- | version.m4 | 4 |
3 files changed, 90 insertions, 2 deletions
@@ -1,6 +1,39 @@ OpenVPN Change Log Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net> +2022.10.27 -- Version 2.5.8 + +Antonio Quartulli (1): + tls-crypt-v2: bail out if the client key is too small + +Arne Schwabe (4): + Remove useless empty line from CR_RESPONSE message + Allow running a default configuration with TLS libraries without BF-CBC + Change command help to match man page and implementation + Fix OpenVPN querying user/password if auth-token with user expires + +Frank Lichtenheld (2): + t_client: Allow to force FAIL on prerequisite fails + t_client.sh: do not require fping6 + +Gert Doering (1): + Preparing release 2.5.8 + +Lev Stipakov (1): + msvc: add branch name and commit hash to version output + +Martin Janů (1): + Update the replay-window backtrack log message + +Selva Nair (5): + Do not skip ERROR:/SUCCESS: response from management interface + Fix auth-token usage with management-def-auth + Allow a few levels of recursion in virtual_output_callback() + Ensure --auth-nocache is handled during renegotiation + Purge auth-token as well while purging passwords + Do not copy auth_token username to itself + + 2022.05.24 -- Version 2.5.7 Antonio Quartulli (4): diff --git a/Changes.rst b/Changes.rst index b5fa12f..cafb1f2 100644 --- a/Changes.rst +++ b/Changes.rst @@ -1,3 +1,58 @@ +Overview of changes in 2.5.8 +============================ + +New features +------------ +- allow running a default configuration with TLS libraries without BF-CBC + (even if TLS cipher negotiation would not actually use BF-CBC, the + long-term compatibility "default cipher BF-CBC" would trigger an error + on such TLS libraries) + +User-visible Changes +-------------------- +- add git branch name + commit ID to OpenVPN version string on + MSVC builds (windows) + +Testing Enhancements +-------------------- +- t_client.sh: if fping is found and fping6 is not, assume we have + fping 4.0 and up, and call "fping -6" for IPv6 ping tests + +- t_client.sh: allow to force FAIL on prerequisite fails, so a CI + environment will no longer "silently skip" t_client runs if fping (etc) + can not be found, but will error out + +Bugfixes +-------- +- ``--auth-nocache'' was not always correctly clearing username+password + after a renegotiation + +- ensure that auth-token received from server is cleared if requested + by the management interface ("forget password" or automatically + via ``--management-forget-disconnect'') + +- in a setup without username+password, but with auth-token and + auth-token-username pushed by the server, OpenVPN would start asking + for username+password on token expiry. Fix. + +- using ``--auth-token`` together with ``--management-client-auth`` + (on the server) would lead to TLS keys getting out of sync and client + being disconnected. Fix. + +- management interface would sometimes get stuck if client and server + try to write something simultaneously. Fix by allowing a limited + level of recursion in virtual_output_callback() + +- fix management interface not returning ERROR:/SUCCESS: response + on "signal SIGxxx" commands when in HOLD state + +- tls-crypt-v2: abort connection if client-key is too short + +- make man page agree with actual code on replay-window backtrag log message + +- remove useless empty line from CR_RESPONSE message + + Overview of changes in 2.5.7 ============================ @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [5]) -define([PRODUCT_VERSION_PATCH], [.7]) +define([PRODUCT_VERSION_PATCH], [.8]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,5,7,0]) +define([PRODUCT_VERSION_RESOURCE], [2,5,8,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |