diff options
| author | Bernhard Schmidt <berni@debian.org> | 2018-03-04 22:22:32 +0100 |
|---|---|---|
| committer | Bernhard Schmidt <berni@debian.org> | 2018-03-04 22:22:32 +0100 |
| commit | cf55ab99392458e723c7ebcc32c19bbd225b1f4b (patch) | |
| tree | b895b41b7629c9a31de5cc15e7aa7805ddac87ce /ChangeLog | |
| parent | 9683f890944ffb114f5f8214f694e0b339cf5a5a (diff) | |
New upstream version 2.4.5
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 189 |
1 files changed, 188 insertions, 1 deletions
@@ -1,5 +1,192 @@ OpenVPN Change Log -Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> +Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> + +2018.02.28 -- Version 2.4.4 +Antonio Quartulli (4): + reload HTTP proxy credentials when moving to the next connection profile + Allow learning iroutes with network made up of all 0s (only if netbits < 8) + mbedtls: fix typ0 in comment + manpage: fix simple typ0 + +Arne Schwabe (2): + Treat dhcp-option DNS6 and DNS identical + show the right string for key-direction + +Bertrand Bonnefoy-Claudet (1): + Fix typo in error message: "optione" -> "option" + +David Sommerseth (8): + lz4: Fix confused version check + lz4: Fix broken builds when pkg-config is not present but system library is + Remove references to keychain-mcd in Changes.rst + lz4: Rebase compat-lz4 against upstream v1.7.5 + systemd: Add and ship README.systemd + Update copyright to include 2018 plus company name change + man: Add .TQ groff support macro + man: Reword --management to prefer unix sockets over TCP + +Emmanuel Deloget (1): + OpenSSL: check EVP_PKEY key types before returning the pkey + +Gert Doering (2): + Remove warning on pushed tun-ipv6 option. + Fix removal of on-link prefix on windows with netsh + +Ilya Shipitsin (2): + travis-ci: add brew cache, remove ccache + travis-ci: modify openssl build script to support openssl-1.1.0 + +James Bottomley (1): + autoconf: Fix engine checks for openssl 1.1 + +Jeremie Courreges-Anglas (2): + Cast time_t to long long in order to print it. + Fix build with LibreSSL + +Selva Nair (14): + Check whether in pull_mode before warning about previous connection blocks + Avoid illegal memory access when malformed data is read from the pipe + Fix missing check for return value of malloc'd buffer + Return NULL if GetAdaptersInfo fails + Use RSA_meth_free instead of free + Bring cryptoapi.c upto speed with openssl 1.1 + Add SSL_CTX_get_max_proto_version() not in openssl 1.0 + TLS v1.2 support for cryptoapicert -- RSA only + Refactor get_interface_metric to return metric and auto flag separately + Ensure strings read from registry are null-terminated + Make most registry values optional + Use lowest metric interface when multiple interfaces match a route + Adapt to RegGetValue brokenness in Windows 7 + Fix format spec errors in Windows builds + +Simon Rozman (11): + Local functions are not supported in MSVC. Bummer. + Mixing wide and regular strings in concatenations is not allowed in MSVC. + RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h + Simplify iphlpapi.dll API calls + Fix local #include to use quoted form + Document ">PASSWORD:Auth-Token" real-time message + Fix typo in "verb" command examples + Uniform swprintf() across MinGW and MSVC compilers + MSVC meta files added to .gitignore list + openvpnserv: Add support for multi-instances + Document missing OpenVPN states + +Steffan Karger (21): + make struct key * argument of init_key_ctx const + buffer_list_aggregate_separator(): add unit tests + Add --tls-cert-profile option. + Use P_DATA_V2 for server->client packets too + Fix memory leak in buffer unit tests + buffer_list_aggregate_separator(): update list size after aggregating + buffer_list_aggregate_separator(): don't exceed max_len + buffer_list_aggregate_separator(): prevent 0-byte malloc + Fix types around buffer_list_push(_data) + ssl_openssl: fix compiler warning by removing getbio() wrapper + travis: use clang's -fsanitize=address to catch more bugs + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ + Add support for TLS 1.3 in --tls-version-{min, max} + Plug memory leak if push is interrupted + Fix format errors when cross-compiling for Windows + Log pre-handshake packet drops using D_MULTI_DROPPED + Enable stricter compiler warnings by default + Get rid of ax_check_compile_flag.m4 + mbedtls: don't use API deprecated in mbed 2.7 + Warn if tls-version-max < tls-version-min + Don't throw fatal errors from create_temp_file() + +hashiz (1): + Fix '--bind ipv6only' + + +2017.09.25 -- Version 2.4.4 +Antonio Quartulli (23): + crypto: correct typ0 in error message + use M_ERRNO instead of explicitly printing errno + don't print errno twice + ntlm: avoid useless cast + ntlm: unwrap multiple function calls + route: improve error message + management: preserve wait_for_push field when asking for user/pass + tls-crypt: avoid warnings when --disable-crypto is used + ntlm: convert binary buffers to uint8_t * + ntlm: restyle compressed multiple function calls + ntlm: improve code style and readability + OpenSSL: remove unreachable call to SSL_CTX_get0_privatekey() + make function declarations C99 compliant + remove unused functions + use NULL instead of 0 when assigning pointers + add missing static attribute to functions + ntlm: avoid breaking anti-aliasing rules + remove the --disable-multi config switch + rename mroute_extract_addr_ipv4 to mroute_extract_addr_ip + route: avoid definition of unused variables in certain configurations + fix a couple of typ0s in comments and strings + fragment.c: simplify boolean expression + tcp-server: ensure AF family is propagated to child context + +Arne Schwabe (2): + Set tls-cipher restriction before loading certificates + Print ec bit details, refuse management-external-key if key is not RSA + +Conrad Hoffmann (2): + Use provided env vars in up/down script. + Document down-root plugin usage in client.down + +David Sommerseth (11): + doc: The CRL processing is not a deprecated feature + cleanup: Move write_pid() to where it is being used + contrib: Remove keychain-mcd code + cleanup: Move init_random_seed() to where it is being used + sample-plugins: fix ASN1_STRING_to_UTF8 return value checks + Highlight deprecated features + Use consistent version references + docs: Replace all PolarSSL references to mbed TLS + systemd: Ensure systemd shuts down OpenVPN in a proper way + systemd: Enable systemd's auto-restart feature for server profiles + lz4: Move towards a newer LZ4 API + +Emmanuel Deloget (3): + OpenSSL: remove pre-1.1 function from the OpenSSL compat interface + OpenSSL: remove EVP_CIPHER_CTX_new() from the compat layer + OpenSSL: remove EVP_CIPHER_CTX_free() from the compat layer + +Gert van Dijk (1): + Warn that DH config option is only meaningful in a tls-server context + +Ilya Shipitsin (3): + travis-ci: add 3 missing patches from master to release/2.4 + travis-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1 + travis-ci: update pkcs11-helper to 1.22 + +Richard Bonhomme (1): + man: Corrections to doc/openvpn.8 + +Steffan Karger (17): + Fix typo in extract_x509_extension() debug message + Move adjust_power_of_2() to integer.h + Undo cipher push in client options state if cipher is rejected + Remove strerror_ts() + Move openvpn_sleep() to manage.c + fixup: also change missed openvpn_sleep() occurrences + Always use default keysize for NCP'd ciphers + Move create_temp_file() out of #ifdef ENABLE_CRYPTO + Deprecate --keysize + Deprecate --no-replay + Move run_up_down() to init.c + tls-crypt: introduce tls_crypt_kt() + crypto: create function to initialize encrypt and decrypt key + Add coverity static analysis to Travis CI config + tls-crypt: don't leak memory for incorrect tls-crypt messages + travis: reorder matrix to speed up build + Fix bounds check in read_key() + +Szilárd Pfeiffer (1): + OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag + +Thomas Veerman via Openvpn-devel (1): + Fix socks_proxy_port pointing to invalid data + 2017.06.21 -- Version 2.4.3 Antonio Quartulli (1): |