diff options
author | Bernhard Schmidt <berni@debian.org> | 2019-03-07 21:38:56 +0100 |
---|---|---|
committer | Bernhard Schmidt <berni@debian.org> | 2019-03-07 21:38:56 +0100 |
commit | cfcec33bd88faeb354a33bd5f8052486ac848f9a (patch) | |
tree | 8e1ace9a34f5ee12b34416b02d514da67d54c907 /ChangeLog | |
parent | 7486cf05cdeb6996fdf249e5a2f15d93a47dbac1 (diff) | |
parent | a351f71e82badcc71a2ce881bbb97eccfcebc06b (diff) |
Merge tag 'debian/2.4.7-1' into stretch-backports
openvpn Debian release 2.4.7-1
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 200 |
1 files changed, 199 insertions, 1 deletions
@@ -1,5 +1,203 @@ OpenVPN Change Log -Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> +Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> + +2019.02.18 -- Version 2.4.7 +Adam Ciarcin?ski (1): + Fix subnet topology on NetBSD (2.4). + +Antonio Quartulli (3): + add support for %lu in argv_printf and prevent ASSERT + buffer_list: add functions documentation + ifconfig-ipv6(-push): allow using hostnames + +Arne Schwabe (7): + Properly free tuntap struct on android when emulating persist-tun + Add OpenSSL compat definition for RSA_meth_set_sign + Add support for tls-ciphersuites for TLS 1.3 + Add better support for showing TLS 1.3 ciphersuites in --show-tls + Use right function to set TLS1.3 restrictions in show-tls + Add message explaining early TLS client hello failure + Fallback to password authentication when auth-token fails + +Christian Ehrhardt (1): + systemd: extend CapabilityBoundingSet for auth_pam + +David Sommerseth (1): + plugin: Export base64 encode and decode functions + +Gert Doering (3): + Add %d, %u and %lu tests to test_argv unit tests. + Fix combination of --dev tap and --topology subnet across multiple platforms. + Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6. + +Gert van Dijk (1): + Minor reliability layer documentation fixes + +James Bekkema (1): + Resolves small IV_GUI_VER typo in the documentation. + +Jonathan K. Bullard (1): + Clarify and expand management interface documentation + +Lev Stipakov (5): + Refactor NCP-negotiable options handling + init.c: refine functions names and description + interactive.c: fix usage of potentially uninitialized variable + options.c: fix broken unary minus usage + Remove extra token after #endif + +Richard van den Berg via Openvpn-devel (1): + Fix error message when using RHEL init script + +Samy Mahmoudi (1): + man: correct a --redirection-gateway option flag + +Selva Nair (7): + Replace M_DEBUG with D_LOW as the former is too verbose + Correct the declaration of handle in 'struct openvpn_plugin_args_open_return' + Bump version of openvpn plugin argument structs to 5 + Move get system directory to a separate function + Enable dhcp on tap adapter using interactive service + Pass the hash without the DigestInfo header to NCryptSignHash() + White-list pull-filter and script-security in interactive service + +Simon Rozman (2): + Add Interactive Service developer documentation + Detect TAP interfaces with root-enumerated hardware ID + +Steffan Karger (7): + man: add security considerations to --compress section + mbedtls: print warning if random personalisation fails + Fix memory leak after sighup + travis: add OpenSSL 1.1 Windows build + Fix --disable-crypto build + Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth' + buffer_list_aggregate_separator(): simplify code + + +2018.04.19 -- Version 2.4.6 +David Sommerseth (1): + management: Warn if TCP port is used without password + +Gert Doering (2): + Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4 + Fix potential double-free() in Interactive Service (CVE-2018-9336) + +Gert van Dijk (1): + manpage: improve description of --status and --status-version + +Joost Rijneveld (1): + Make return code external tls key match docs + +Selva Nair (3): + Delete the IPv6 route to the "connected" network on tun close + Management: warn about password only when the option is in use + Avoid overflow in wakeup time computation + +Simon Matter (1): + Add missing #ifdef SSL_OP_NO_TLSv1_1/2 + +Steffan Karger (1): + Check for more data in control channel + + +2018.02.28 -- Version 2.4.5 +Antonio Quartulli (4): + reload HTTP proxy credentials when moving to the next connection profile + Allow learning iroutes with network made up of all 0s (only if netbits < 8) + mbedtls: fix typ0 in comment + manpage: fix simple typ0 + +Arne Schwabe (2): + Treat dhcp-option DNS6 and DNS identical + show the right string for key-direction + +Bertrand Bonnefoy-Claudet (1): + Fix typo in error message: "optione" -> "option" + +David Sommerseth (8): + lz4: Fix confused version check + lz4: Fix broken builds when pkg-config is not present but system library is + Remove references to keychain-mcd in Changes.rst + lz4: Rebase compat-lz4 against upstream v1.7.5 + systemd: Add and ship README.systemd + Update copyright to include 2018 plus company name change + man: Add .TQ groff support macro + man: Reword --management to prefer unix sockets over TCP + +Emmanuel Deloget (1): + OpenSSL: check EVP_PKEY key types before returning the pkey + +Gert Doering (2): + Remove warning on pushed tun-ipv6 option. + Fix removal of on-link prefix on windows with netsh + +Ilya Shipitsin (2): + travis-ci: add brew cache, remove ccache + travis-ci: modify openssl build script to support openssl-1.1.0 + +James Bottomley (1): + autoconf: Fix engine checks for openssl 1.1 + +Jeremie Courreges-Anglas (2): + Cast time_t to long long in order to print it. + Fix build with LibreSSL + +Selva Nair (14): + Check whether in pull_mode before warning about previous connection blocks + Avoid illegal memory access when malformed data is read from the pipe + Fix missing check for return value of malloc'd buffer + Return NULL if GetAdaptersInfo fails + Use RSA_meth_free instead of free + Bring cryptoapi.c upto speed with openssl 1.1 + Add SSL_CTX_get_max_proto_version() not in openssl 1.0 + TLS v1.2 support for cryptoapicert -- RSA only + Refactor get_interface_metric to return metric and auto flag separately + Ensure strings read from registry are null-terminated + Make most registry values optional + Use lowest metric interface when multiple interfaces match a route + Adapt to RegGetValue brokenness in Windows 7 + Fix format spec errors in Windows builds + +Simon Rozman (11): + Local functions are not supported in MSVC. Bummer. + Mixing wide and regular strings in concatenations is not allowed in MSVC. + RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h + Simplify iphlpapi.dll API calls + Fix local #include to use quoted form + Document ">PASSWORD:Auth-Token" real-time message + Fix typo in "verb" command examples + Uniform swprintf() across MinGW and MSVC compilers + MSVC meta files added to .gitignore list + openvpnserv: Add support for multi-instances + Document missing OpenVPN states + +Steffan Karger (21): + make struct key * argument of init_key_ctx const + buffer_list_aggregate_separator(): add unit tests + Add --tls-cert-profile option. + Use P_DATA_V2 for server->client packets too + Fix memory leak in buffer unit tests + buffer_list_aggregate_separator(): update list size after aggregating + buffer_list_aggregate_separator(): don't exceed max_len + buffer_list_aggregate_separator(): prevent 0-byte malloc + Fix types around buffer_list_push(_data) + ssl_openssl: fix compiler warning by removing getbio() wrapper + travis: use clang's -fsanitize=address to catch more bugs + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ + Add support for TLS 1.3 in --tls-version-{min, max} + Plug memory leak if push is interrupted + Fix format errors when cross-compiling for Windows + Log pre-handshake packet drops using D_MULTI_DROPPED + Enable stricter compiler warnings by default + Get rid of ax_check_compile_flag.m4 + mbedtls: don't use API deprecated in mbed 2.7 + Warn if tls-version-max < tls-version-min + Don't throw fatal errors from create_temp_file() + +hashiz (1): + Fix '--bind ipv6only' + 2017.09.25 -- Version 2.4.4 Antonio Quartulli (23): |