summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2018-03-04 22:22:32 +0100
committerBernhard Schmidt <berni@debian.org>2018-03-04 22:22:32 +0100
commitcf55ab99392458e723c7ebcc32c19bbd225b1f4b (patch)
treeb895b41b7629c9a31de5cc15e7aa7805ddac87ce /ChangeLog
parent9683f890944ffb114f5f8214f694e0b339cf5a5a (diff)
New upstream version 2.4.5
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog189
1 files changed, 188 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 537beaa..99772a3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,192 @@
OpenVPN Change Log
-Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
+
+2018.02.28 -- Version 2.4.4
+Antonio Quartulli (4):
+ reload HTTP proxy credentials when moving to the next connection profile
+ Allow learning iroutes with network made up of all 0s (only if netbits < 8)
+ mbedtls: fix typ0 in comment
+ manpage: fix simple typ0
+
+Arne Schwabe (2):
+ Treat dhcp-option DNS6 and DNS identical
+ show the right string for key-direction
+
+Bertrand Bonnefoy-Claudet (1):
+ Fix typo in error message: "optione" -> "option"
+
+David Sommerseth (8):
+ lz4: Fix confused version check
+ lz4: Fix broken builds when pkg-config is not present but system library is
+ Remove references to keychain-mcd in Changes.rst
+ lz4: Rebase compat-lz4 against upstream v1.7.5
+ systemd: Add and ship README.systemd
+ Update copyright to include 2018 plus company name change
+ man: Add .TQ groff support macro
+ man: Reword --management to prefer unix sockets over TCP
+
+Emmanuel Deloget (1):
+ OpenSSL: check EVP_PKEY key types before returning the pkey
+
+Gert Doering (2):
+ Remove warning on pushed tun-ipv6 option.
+ Fix removal of on-link prefix on windows with netsh
+
+Ilya Shipitsin (2):
+ travis-ci: add brew cache, remove ccache
+ travis-ci: modify openssl build script to support openssl-1.1.0
+
+James Bottomley (1):
+ autoconf: Fix engine checks for openssl 1.1
+
+Jeremie Courreges-Anglas (2):
+ Cast time_t to long long in order to print it.
+ Fix build with LibreSSL
+
+Selva Nair (14):
+ Check whether in pull_mode before warning about previous connection blocks
+ Avoid illegal memory access when malformed data is read from the pipe
+ Fix missing check for return value of malloc'd buffer
+ Return NULL if GetAdaptersInfo fails
+ Use RSA_meth_free instead of free
+ Bring cryptoapi.c upto speed with openssl 1.1
+ Add SSL_CTX_get_max_proto_version() not in openssl 1.0
+ TLS v1.2 support for cryptoapicert -- RSA only
+ Refactor get_interface_metric to return metric and auto flag separately
+ Ensure strings read from registry are null-terminated
+ Make most registry values optional
+ Use lowest metric interface when multiple interfaces match a route
+ Adapt to RegGetValue brokenness in Windows 7
+ Fix format spec errors in Windows builds
+
+Simon Rozman (11):
+ Local functions are not supported in MSVC. Bummer.
+ Mixing wide and regular strings in concatenations is not allowed in MSVC.
+ RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h
+ Simplify iphlpapi.dll API calls
+ Fix local #include to use quoted form
+ Document ">PASSWORD:Auth-Token" real-time message
+ Fix typo in "verb" command examples
+ Uniform swprintf() across MinGW and MSVC compilers
+ MSVC meta files added to .gitignore list
+ openvpnserv: Add support for multi-instances
+ Document missing OpenVPN states
+
+Steffan Karger (21):
+ make struct key * argument of init_key_ctx const
+ buffer_list_aggregate_separator(): add unit tests
+ Add --tls-cert-profile option.
+ Use P_DATA_V2 for server->client packets too
+ Fix memory leak in buffer unit tests
+ buffer_list_aggregate_separator(): update list size after aggregating
+ buffer_list_aggregate_separator(): don't exceed max_len
+ buffer_list_aggregate_separator(): prevent 0-byte malloc
+ Fix types around buffer_list_push(_data)
+ ssl_openssl: fix compiler warning by removing getbio() wrapper
+ travis: use clang's -fsanitize=address to catch more bugs
+ Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+ Add support for TLS 1.3 in --tls-version-{min, max}
+ Plug memory leak if push is interrupted
+ Fix format errors when cross-compiling for Windows
+ Log pre-handshake packet drops using D_MULTI_DROPPED
+ Enable stricter compiler warnings by default
+ Get rid of ax_check_compile_flag.m4
+ mbedtls: don't use API deprecated in mbed 2.7
+ Warn if tls-version-max < tls-version-min
+ Don't throw fatal errors from create_temp_file()
+
+hashiz (1):
+ Fix '--bind ipv6only'
+
+
+2017.09.25 -- Version 2.4.4
+Antonio Quartulli (23):
+ crypto: correct typ0 in error message
+ use M_ERRNO instead of explicitly printing errno
+ don't print errno twice
+ ntlm: avoid useless cast
+ ntlm: unwrap multiple function calls
+ route: improve error message
+ management: preserve wait_for_push field when asking for user/pass
+ tls-crypt: avoid warnings when --disable-crypto is used
+ ntlm: convert binary buffers to uint8_t *
+ ntlm: restyle compressed multiple function calls
+ ntlm: improve code style and readability
+ OpenSSL: remove unreachable call to SSL_CTX_get0_privatekey()
+ make function declarations C99 compliant
+ remove unused functions
+ use NULL instead of 0 when assigning pointers
+ add missing static attribute to functions
+ ntlm: avoid breaking anti-aliasing rules
+ remove the --disable-multi config switch
+ rename mroute_extract_addr_ipv4 to mroute_extract_addr_ip
+ route: avoid definition of unused variables in certain configurations
+ fix a couple of typ0s in comments and strings
+ fragment.c: simplify boolean expression
+ tcp-server: ensure AF family is propagated to child context
+
+Arne Schwabe (2):
+ Set tls-cipher restriction before loading certificates
+ Print ec bit details, refuse management-external-key if key is not RSA
+
+Conrad Hoffmann (2):
+ Use provided env vars in up/down script.
+ Document down-root plugin usage in client.down
+
+David Sommerseth (11):
+ doc: The CRL processing is not a deprecated feature
+ cleanup: Move write_pid() to where it is being used
+ contrib: Remove keychain-mcd code
+ cleanup: Move init_random_seed() to where it is being used
+ sample-plugins: fix ASN1_STRING_to_UTF8 return value checks
+ Highlight deprecated features
+ Use consistent version references
+ docs: Replace all PolarSSL references to mbed TLS
+ systemd: Ensure systemd shuts down OpenVPN in a proper way
+ systemd: Enable systemd's auto-restart feature for server profiles
+ lz4: Move towards a newer LZ4 API
+
+Emmanuel Deloget (3):
+ OpenSSL: remove pre-1.1 function from the OpenSSL compat interface
+ OpenSSL: remove EVP_CIPHER_CTX_new() from the compat layer
+ OpenSSL: remove EVP_CIPHER_CTX_free() from the compat layer
+
+Gert van Dijk (1):
+ Warn that DH config option is only meaningful in a tls-server context
+
+Ilya Shipitsin (3):
+ travis-ci: add 3 missing patches from master to release/2.4
+ travis-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1
+ travis-ci: update pkcs11-helper to 1.22
+
+Richard Bonhomme (1):
+ man: Corrections to doc/openvpn.8
+
+Steffan Karger (17):
+ Fix typo in extract_x509_extension() debug message
+ Move adjust_power_of_2() to integer.h
+ Undo cipher push in client options state if cipher is rejected
+ Remove strerror_ts()
+ Move openvpn_sleep() to manage.c
+ fixup: also change missed openvpn_sleep() occurrences
+ Always use default keysize for NCP'd ciphers
+ Move create_temp_file() out of #ifdef ENABLE_CRYPTO
+ Deprecate --keysize
+ Deprecate --no-replay
+ Move run_up_down() to init.c
+ tls-crypt: introduce tls_crypt_kt()
+ crypto: create function to initialize encrypt and decrypt key
+ Add coverity static analysis to Travis CI config
+ tls-crypt: don't leak memory for incorrect tls-crypt messages
+ travis: reorder matrix to speed up build
+ Fix bounds check in read_key()
+
+Szilárd Pfeiffer (1):
+ OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag
+
+Thomas Veerman via Openvpn-devel (1):
+ Fix socks_proxy_port pointing to invalid data
+
2017.06.21 -- Version 2.4.3
Antonio Quartulli (1):