diff options
author | Gert Doering | 2023-03-08 14:23:59 +0100 |
---|---|---|
committer | Gert Doering | 2023-03-08 15:24:53 +0100 |
commit | 2c2a98a0e559928c2523bf32fbf4c8beaa160b12 (patch) | |
tree | 40689b95755f9ea4b70a18df18f1efe78eb165c6 | |
parent | 26417824ff81ba1dd18b03a40822da533018a892 (diff) | |
download | openvpn-2c2a98a0e559928c2523bf32fbf4c8beaa160b12.zip openvpn-2c2a98a0e559928c2523bf32fbf4c8beaa160b12.tar.gz |
preparing release 2.6.1v2.6.1
version.m4, ChangeLog, Changes.rst
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | ChangeLog | 59 | ||||
-rw-r--r-- | Changes.rst | 76 | ||||
-rw-r--r-- | version.m4 | 4 |
3 files changed, 137 insertions, 2 deletions
@@ -1,6 +1,65 @@ OpenVPN ChangeLog Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net> +2023.03.08 -- Version 2.6.1 + +Arne Schwabe (13): + Fix unaligned access in auth-token + Update LibreSSL to 3.7.0 in Github actions + Add printing USAN stack trace on github actions + Fix LibreSSL not building in Github Actions + Add missing stdint.h includes in unit tests files + Combine extra_tun/frame parameter of frame_calculate_payload_overhead + Update the last sections in the man page to a be a bit less outdated + Add building unit tests with mingw to github actions + Revise the cipher negotiation info about OpenVPN3 in the man page + Exit if a proper message instead of segfault on Android without management + Use proper print format/casting when converting msg_channel handle + Reduce initialisation spam from verb <= 3 and print summary instead + Dynamic tls-crypt for secure soft_reset/session renegotiation + +Frank Lichtenheld (8): + Changes.rst: document removal of --keysize + Windows: fix unused function setenv_foreign_option + Windows: fix unused variables in delete_route_ipv6 + Windows: fix wrong printf format in x_check_status + Windows: fix unused variable in win32_get_arch + configure: enable DCO by default on FreeBSD/Linux + Windows: fix signedness errors with recv/send + configure: fix formatting of --disable-lz4 and --enable-comp-stub + +Gert Doering (2): + Get rid of unused 'bool tuntap_buffer' arguments. + FreeBSD 12.x workaround for IPv6 ifconfig is needed on 12.4 as well + +Kristof Provost (3): + options.c: enforce a minimal fragment size + configure: improve FreeBSD DCO check + dco: define OVPN_DEL_PEER_REASON_TRANSPORT_DISCONNECT on FreeBSD + +Lev Stipakov (6): + Allow certain DHCP options to be used without DHCP server + dco-win: use proper calling convention on x86 + Improve format specifier for socket handle in Windows + Disable DCO if proxy is set via management + Add logging for windows driver selection process + Avoid management log loop with verb >= 6 + +Matthias Andree (1): + make dist: Ship ovpn_dco_freebsd.h, too + +Selva Nair (9): + block-dns using iservice: fix a potential double free + Conditionally add subdir-objects option to automake + Build unit tests in mingw Windows build + cyryptapi.c: log the selected certificate's name + cryptoapi.c: remove pre OpenSSL-3.01 support + cryptoapi.c: simplify parsing of thumbprint hex string + Option --cryptoapicert: support issuer name as a selector + Add a unit test for functions in cryptoapi.c + Do not save pointer to 'struct passwd' returned by getpwnam etc. + + 2023.01.25 -- Version 2.6.0 Antonio Quartulli (1): diff --git a/Changes.rst b/Changes.rst index 7230ab4..ba7952b 100644 --- a/Changes.rst +++ b/Changes.rst @@ -9,6 +9,82 @@ New features previously authenticated peer can do trigger renegotiation and complete renegotiations. +- CryptoAPI (Windows): support issuer name as a selector. + Certificate selection string can now specify a partial + issuer name string as "--cryptoapicert ISSUER:<string>" where + <string> is matched as a substring of the issuer (CA) name in + the certificate. + + +User visible changes +-------------------- +- on crypto initialization, move old "quite verbose" messages to --verb 4 + and only print a more compact summary about crypto and timing parameters + by default + +- configure now enables DCO build by default on FreeBSD and Linux, which + brings in a default dependency for libnl-genl (for Linux distributions + that are too old to have this library, use "configure --disable-dco") + +- make "configure --help" output more consistent + +- CryptoAPI (Windows): remove support code for OpenSSL before 3.0.1 + (this will not affect official OpenVPN for Windows installers, as they + will always be built with OpenSSL 3.0.x) + +- CryptoAPI (Windows): log the selected certificate's name + +- "configure" now uses "subdir-objects", for automake >= 1.16 + (less warnings for recent-enough automake versions, will change + the way .o files are created) + + +Bugfixes / minor improvements +----------------------------- +- fixed old IPv6 ifconfig race condition for FreeBSD 12.4 (trac #1226) + +- fix compile-time breakage related to DCO defines on FreeBSD 14 + +- enforce minimum packet size for "--fragment" (avoid division by zero) + +- some alignment fixes to avoid unaligned memory accesses, which will + bring problems on some architectures (Sparc64, some ARM versions) - + found by USAN clang checker + +- windows source code fixes to reduce number of compile time warnings + (eventual goal is to be able to compile with -Werror on MinGW), mostly + related to signed/unsigned char * conversions, printf() format specifiers + and unused variables. + +- avoid endless loop on logging with --management + --verb 6+ + +- build (but not run) unit tests on MinGW cross compiles, and run them + when building with GitHub Actions. + +- add unit test for parts of cryptoapi.c + +- add debug logging to help with diagnosing windows driver selection + +- disable DCO if proxy config is set via management interface + +- do not crash on Android if run without --management + +- improve documentation about cipher negotiation and OpenVPN3 + +- for x86 windows builds, use proper calling conventions for dco-win + (__stdcall) + +- differentiate "dhcp-option ..." options into "needs an interface with + true DHCP service" (tap-windows) and "can also be installed by IPAPI + or service, and can be used on non-DHCP interfaces" (wintun, dco-win) + +- windows interactive service: fix possible double-free if "--block-dns" + installation fails due to "security products" interfering + (Github OpenVPN/openvpn#232) + +- "make dist": package ovpn_dco_freebsd.h to permit building from tarballs + on FreeBSD 14 + Overview of changes in 2.6.0, relative to 2.6_rc2 ================================================= @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [6]) -define([PRODUCT_VERSION_PATCH], [.0]) +define([PRODUCT_VERSION_PATCH], [.1]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,6,0,5]) +define([PRODUCT_VERSION_RESOURCE], [2,6,1,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |