1 files changed, 170 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 6018bd9..0f091bb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,174 @@
 OpenVPN Change Log
-Copyright (C) 2002-2012 OpenVPN Technologies, Inc. <sales@openvpn.net>
+Copyright (C) 2002-2015 OpenVPN Technologies, Inc. <sales@openvpn.net>
+
+2015.06.02 -- Version 2.3.7
+Alexander Pyhalov (1):
+      Default gateway can't be determined on illumos/Solaris platforms
+
+Arne Schwabe (1):
+      Warn that tls-auth with free form files is going to be removed from OpenVPN 2.4
+
+David Sommerseth (6):
+      autotools: Fix wrong ./configure help screen default values
+      down-root plugin: Replaced system() calls with execve()
+      down-root: Improve error messages
+      plugin, down-root: Fix compiler warnings
+      sockets: Remove the limitation of --tcp-nodelay to be server-only
+      plugins, down-root: Code style clean-up
+
+David Woodhouse (2):
+      pkcs11: Load p11-kit-proxy.so module by default
+      Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present
+
+Felix Janda (1):
+      Use OPENVPN_ETH_P_* so that <netinet/if_ether.h> is unecessary
+
+Gert Doering (17):
+      New approach to handle peer-id related changes to link-mtu (2.3 version)
+      Fix incorrect use of get_ipv6_addr() for iroute options.
+      Print helpful error message on --mktun/--rmtun if not available.
+      explain effect of --topology subnet on --ifconfig
+      Add note about file permissions and --crl-verify to manpage.
+      repair --dev null breakage caused by db950be85d37
+      assume res_init() is always there.
+      Correct note about DNS randomization in openvpn.8
+      Disallow usage of --server-poll-timeout in --secret key mode.
+      slightly enhance documentation about --cipher
+      Enforce "serial-tests" behaviour for tests/Makefile
+      Revert "Enforce "serial-tests" behaviour for tests/Makefile"
+      On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo().
+      Use configure.ac hack to apply serial_test AM option only if supported.
+      Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo().
+      Move res_init() call to inner openvpn_getaddrinfo() loop
+      Fix FreeBSD ifconfig for topology subnet tunnels.
+
+Guy Yur (1):
+      Fix --redirect-private in --dev tap mode.
+
+Jan Just Keijser (1):
+      include ifconfig_ environment variables in --up-restart env set
+
+Jonathan K. Bullard (1):
+      Fix null pointer dereference in options.c
+
+Lev Stipakov (1):
+      Fix mssfix default value in connection_list context
+
+Matthias Andree (1):
+      Manual page update for Re-enabled TLS version negotiation.
+
+Mike Gilbert (1):
+      Include systemd units in the source tarball (make dist)
+
+Robert Fischer (1):
+      Updated manpage for --rport and --lport
+
+Samuli Seppänen (2):
+      Properly escape dashes on the man-page
+      Improve documentation in --script-security section of the man-page
+
+Steffan Karger (14):
+      Really fix '--cipher none' regression
+      Update doxygen (a bit)
+      Set tls-version-max to 1.1 if cryptoapicert is used
+      Account for peer-id in frame size calculation
+      Disable SSL compression
+      Fix frame size calculation for non-CBC modes.
+      Allow for CN/username of 64 characters (fixes off-by-one)
+      Remove unneeded parameter 'first_time' from possibly_become_daemon()
+      Re-enable TLS version negotiation by default
+      Remove size limit for files inlined in config
+      Improve --tls-cipher and --show-tls man page description
+      Re-read auth-user-pass file on (re)connect if required
+      Clarify --capath option in manpage
+      Call daemon() before initializing crypto library
+
+
+2014.11.28 -- Version 2.3.6
+David Sommerseth (1):
+      systemd: Reworked the systemd unit file to handle server and client configs better
+
+Gert Doering (1):
+      Add client-only support for peer-id.
+
+Samuli Seppänen (1):
+      Fix to --shaper documentation on the man-page
+
+Steffan Karger (4):
+      Fix assertion error when using --cipher none
+      Add --tls-version-max
+      Modernize sample keys and sample configs
+      Drop too-short control channel packets instead of asserting out.
+
+
+2014.10.24 -- Version 2.3.5
+Andris Kalnozols (2):
+      Fix some typos in the man page.
+      Do not upcase x509-username-field for mixed-case arguments.
+
+Arne Schwabe (1):
+      Fix server routes not working in topology subnet with --server [v3]
+
+David Sommerseth (4):
+      Improve error reporting on file access to --client-config-dir and --ccd-exclusive
+      Don't let openvpn_popen() keep zombies around
+      Add systemd unit file for OpenVPN
+      systemd: Use systemd functions to consider systemd availability
+
+Gert Doering (3):
+      Drop incoming fe80:: packets silently now.
+      Fix t_lpback.sh platform-dependent failures
+      Call init script helpers with explicit path (./)
+
+Heiko Hund (1):
+      refine assertion to allow other modes than CBC
+
+Hubert Kario (2):
+      ocsp_check - signature verification and cert staus results are separate
+      ocsp_check - double check if ocsp didn't report any errors in execution
+
+James Bekkema (1):
+      Fix socket-flag/TCP_NODELAY on Mac OS X
+
+James Yonan (6):
+      Fixed several instances of declarations after statements.
+      In socket.c, fixed issue where uninitialized value (err) is being passed to to gai_strerror.
+      Explicitly cast the third parameter of setsockopt to const void * to avoid warning.
+      MSVC 2008 doesn't support dimensioning an array with a const var nor using %z as a printf format specifier.
+      Define PATH_SEPARATOR for MSVC builds.
+      Fixed some compile issues with show_library_versions()
+
+Jann Horn (1):
+      Remove quadratic complexity from openvpn_base64_decode()
+
+Mike Gilbert (1):
+      Add configure check for the path to systemd-ask-password
+
+Philipp Hagemeister (2):
+      Add topology in sample server configuration file
+      Implement on-link route adding for iproute2
+
+Samuel Thibault (1):
+      Ensure that client-connect files are always deleted
+
+Steffan Karger (13):
+      Remove function without effect (cipher_ok() always returned true).
+      Remove unneeded wrapper functions in crypto_openssl.c
+      Fix bug that incorrectly refuses oid representation eku's in polar builds
+      Update README.polarssl
+      Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.
+      Add proper check for crypto modes (CBC or OFB/CFB)
+      Improve --show-ciphers to show if a cipher can be used in static key mode
+      Extend t_lpback tests to test all ciphers reported by --show-ciphers
+      Don't exit daemon if opening or parsing the CRL fails.
+      Fix typo in cipher_kt_mode_{cbc, ofb_cfb}() doxygen.
+      Fix regression with password protected private keys (polarssl)
+      ssl_polarssl.c: fix includes and make casts explicit
+      Remove unused variables from ssl_verify_openssl.c extract_x509_extension()
+
+TDivine (1):
+      Fix "code=995" bug with windows NDIS6 tap driver.
+
 
 2014.04.30 -- Version 2.3.4
 Arne Schwabe (1):