Browse code
Preparing release 2.5.8
version.m4, ChangeLog, Changes.rst
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering authored on 2022/10/27 16:13:14Showing 3 changed files
| ... | ... |
@@ -1,6 +1,39 @@ |
| 1 | 1 |
OpenVPN Change Log |
| 2 | 2 |
Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net> |
| 3 | 3 |
|
| 4 |
+2022.10.27 -- Version 2.5.8 |
|
| 5 |
+ |
|
| 6 |
+Antonio Quartulli (1): |
|
| 7 |
+ tls-crypt-v2: bail out if the client key is too small |
|
| 8 |
+ |
|
| 9 |
+Arne Schwabe (4): |
|
| 10 |
+ Remove useless empty line from CR_RESPONSE message |
|
| 11 |
+ Allow running a default configuration with TLS libraries without BF-CBC |
|
| 12 |
+ Change command help to match man page and implementation |
|
| 13 |
+ Fix OpenVPN querying user/password if auth-token with user expires |
|
| 14 |
+ |
|
| 15 |
+Frank Lichtenheld (2): |
|
| 16 |
+ t_client: Allow to force FAIL on prerequisite fails |
|
| 17 |
+ t_client.sh: do not require fping6 |
|
| 18 |
+ |
|
| 19 |
+Gert Doering (1): |
|
| 20 |
+ Preparing release 2.5.8 |
|
| 21 |
+ |
|
| 22 |
+Lev Stipakov (1): |
|
| 23 |
+ msvc: add branch name and commit hash to version output |
|
| 24 |
+ |
|
| 25 |
+Martin Janů (1): |
|
| 26 |
+ Update the replay-window backtrack log message |
|
| 27 |
+ |
|
| 28 |
+Selva Nair (5): |
|
| 29 |
+ Do not skip ERROR:/SUCCESS: response from management interface |
|
| 30 |
+ Fix auth-token usage with management-def-auth |
|
| 31 |
+ Allow a few levels of recursion in virtual_output_callback() |
|
| 32 |
+ Ensure --auth-nocache is handled during renegotiation |
|
| 33 |
+ Purge auth-token as well while purging passwords |
|
| 34 |
+ Do not copy auth_token username to itself |
|
| 35 |
+ |
|
| 36 |
+ |
|
| 4 | 37 |
2022.05.24 -- Version 2.5.7 |
| 5 | 38 |
|
| 6 | 39 |
Antonio Quartulli (4): |
| ... | ... |
@@ -1,3 +1,58 @@ |
| 1 |
+Overview of changes in 2.5.8 |
|
| 2 |
+============================ |
|
| 3 |
+ |
|
| 4 |
+New features |
|
| 5 |
+------------ |
|
| 6 |
+- allow running a default configuration with TLS libraries without BF-CBC |
|
| 7 |
+ (even if TLS cipher negotiation would not actually use BF-CBC, the |
|
| 8 |
+ long-term compatibility "default cipher BF-CBC" would trigger an error |
|
| 9 |
+ on such TLS libraries) |
|
| 10 |
+ |
|
| 11 |
+User-visible Changes |
|
| 12 |
+-------------------- |
|
| 13 |
+- add git branch name + commit ID to OpenVPN version string on |
|
| 14 |
+ MSVC builds (windows) |
|
| 15 |
+ |
|
| 16 |
+Testing Enhancements |
|
| 17 |
+-------------------- |
|
| 18 |
+- t_client.sh: if fping is found and fping6 is not, assume we have |
|
| 19 |
+ fping 4.0 and up, and call "fping -6" for IPv6 ping tests |
|
| 20 |
+ |
|
| 21 |
+- t_client.sh: allow to force FAIL on prerequisite fails, so a CI |
|
| 22 |
+ environment will no longer "silently skip" t_client runs if fping (etc) |
|
| 23 |
+ can not be found, but will error out |
|
| 24 |
+ |
|
| 25 |
+Bugfixes |
|
| 26 |
+-------- |
|
| 27 |
+- ``--auth-nocache'' was not always correctly clearing username+password |
|
| 28 |
+ after a renegotiation |
|
| 29 |
+ |
|
| 30 |
+- ensure that auth-token received from server is cleared if requested |
|
| 31 |
+ by the management interface ("forget password" or automatically
|
|
| 32 |
+ via ``--management-forget-disconnect'') |
|
| 33 |
+ |
|
| 34 |
+- in a setup without username+password, but with auth-token and |
|
| 35 |
+ auth-token-username pushed by the server, OpenVPN would start asking |
|
| 36 |
+ for username+password on token expiry. Fix. |
|
| 37 |
+ |
|
| 38 |
+- using ``--auth-token`` together with ``--management-client-auth`` |
|
| 39 |
+ (on the server) would lead to TLS keys getting out of sync and client |
|
| 40 |
+ being disconnected. Fix. |
|
| 41 |
+ |
|
| 42 |
+- management interface would sometimes get stuck if client and server |
|
| 43 |
+ try to write something simultaneously. Fix by allowing a limited |
|
| 44 |
+ level of recursion in virtual_output_callback() |
|
| 45 |
+ |
|
| 46 |
+- fix management interface not returning ERROR:/SUCCESS: response |
|
| 47 |
+ on "signal SIGxxx" commands when in HOLD state |
|
| 48 |
+ |
|
| 49 |
+- tls-crypt-v2: abort connection if client-key is too short |
|
| 50 |
+ |
|
| 51 |
+- make man page agree with actual code on replay-window backtrag log message |
|
| 52 |
+ |
|
| 53 |
+- remove useless empty line from CR_RESPONSE message |
|
| 54 |
+ |
|
| 55 |
+ |
|
| 1 | 56 |
Overview of changes in 2.5.7 |
| 2 | 57 |
============================ |
| 3 | 58 |
|
| ... | ... |
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) |
| 3 | 3 |
define([PRODUCT_TARNAME], [openvpn]) |
| 4 | 4 |
define([PRODUCT_VERSION_MAJOR], [2]) |
| 5 | 5 |
define([PRODUCT_VERSION_MINOR], [5]) |
| 6 |
-define([PRODUCT_VERSION_PATCH], [.7]) |
|
| 6 |
+define([PRODUCT_VERSION_PATCH], [.8]) |
|
| 7 | 7 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) |
| 8 | 8 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) |
| 9 | 9 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) |
| 10 | 10 |
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) |
| 11 |
-define([PRODUCT_VERSION_RESOURCE], [2,5,7,0]) |
|
| 11 |
+define([PRODUCT_VERSION_RESOURCE], [2,5,8,0]) |
|
| 12 | 12 |
dnl define the TAP version |
| 13 | 13 |
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) |
| 14 | 14 |
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |