diff options
| author | Gert Doering | 2022-05-23 17:46:35 +0200 |
|---|---|---|
| committer | Gert Doering | 2022-05-24 09:42:14 +0200 |
| commit | a0f9a3e9404c83218004ac584e37a8c5db3ac925 (patch) | |
| tree | 06f747fdf10785951bf2954bc6db25df28bb47d7 | |
| parent | 5288c578b8b45dc1486bd51811a3e4462a8a9597 (diff) | |
| download | openvpn-a0f9a3e9404c83218004ac584e37a8c5db3ac925.zip openvpn-a0f9a3e9404c83218004ac584e37a8c5db3ac925.tar.gz | |
Preparing release 2.5.7v2.5.7
version.m4, ChangeLog, Changes.rst
Signed-off-by: Gert Doering <gert@greenie.muc.de>
| -rw-r--r-- | ChangeLog | 41 | ||||
| -rw-r--r-- | Changes.rst | 28 | ||||
| -rw-r--r-- | version.m4 | 4 |
3 files changed, 70 insertions, 3 deletions
@@ -1,6 +1,47 @@ OpenVPN Change Log Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net> +2022.05.24 -- Version 2.5.7 + +Antonio Quartulli (4): + networking: use OPENVPN_ETH_ALEN instead of ETH_ALEN + networking_iproute2: don't pass M_WARN to openvpn_execve_check() + t_net.sh: delete dummy iface using iproute command + auth-pam.c: add missing include limits.h + +Arne Schwabe (11): + Add insecure tls-cert-profile options + Refactor early initialisation and uninitialisation into methods + Allow loading of non default providers + Add ubuntu 22.04 to Github Actions + Add macos OpenSSL 3.0 and ASAN builds + Add --with-openssl-engine autoconf option (auto|yes|no) + Fix allowing/showing unsupported ciphers and digests + Remove dependency on BF-CBC existance from test_ncp + Add message when decoding PKCS12 file fails. + Translate OpenSSL 3.0 digest names to OpenSSL 1.1 digest names + Fix client-pending-auth error message to say ERROR instead of SUCCESS + +Gert Doering (1): + Preparing release 2.5.7 + +Jan Mikkelsen (1): + cipher-negotiation.rst missing from doc/Makefile.am + +Lev Stipakov (5): + vcpkg-ports\pkcs11-helper: shorten patch filename + msvc: adjust build options to harden binaries + vcpkg-ports: remove openssl port + vcpkg: switch to manifest + Fix M_ERRNO behavior on Windows + +Marc Becker (1): + vcpkg-ports/pkcs11-helper: bump to release 1.29 + +Simon Rozman (1): + tapctl: Resolve MSVC C4996 warnings + + 2022.03.16 -- Version 2.5.6 Antonio Quartulli (4): diff --git a/Changes.rst b/Changes.rst index f8259e1..b5fa12f 100644 --- a/Changes.rst +++ b/Changes.rst @@ -14,11 +14,37 @@ New features OpenSSL 3.0 no longer supports the Blowfish (and other deprecated) algorithm by default and the new option ``--providers`` allows loading - the legacy provider to renable these algorithms. + the legacy provider to renable these algorithms. Most notably, + reading of many PKCS#12 files encrypted with the RC2 algorithm fails + unless ``--providers legacy default`` is configured. The OpenSSL engine feature ``--engine`` is not enabled by default anymore if OpenSSL 3.0 is detected. +- print OpenSSL error stack if decoding PKCS12 file fails + +User-visible Changes +-------------------- +- windows vcpkg building includes pkcs11-helper 1.29 now + +- add MSVC build options to harden windows binaries (HW-enforced + stack protection, SHA256 object hashes, SDL). + +Bugfixes +-------- +- fix omission of cipher-negotiation.rst in tarballs + +- fix errno handling on Windows (Windows has different classes of + error codes, GetLastError() and C runtime errno, these should now + be handled correctly) + +- fix PATH_MAX build failure in auth-pam.c + +- fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface + +- fix overlong path names, leading to missing pkcs11-helper patch + in tarball + Overview of changes in 2.5.6 ============================ @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [5]) -define([PRODUCT_VERSION_PATCH], [.6]) +define([PRODUCT_VERSION_PATCH], [.7]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,5,6,0]) +define([PRODUCT_VERSION_RESOURCE], [2,5,7,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |