@@ -1,6 +1,65 @@

 OpenVPN ChangeLog

 Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>

+2023.03.08 -- Version 2.6.1

+

+Arne Schwabe (13):

+      Fix unaligned access in auth-token

+      Update LibreSSL to 3.7.0 in Github actions

+      Add printing USAN stack trace on github actions

+      Fix LibreSSL not building in Github Actions

+      Add missing stdint.h includes in unit tests files

+      Combine extra_tun/frame parameter of frame_calculate_payload_overhead

+      Update the last sections in the man page to a be a bit less outdated

+      Add building unit tests with mingw to github actions

+      Revise the cipher negotiation info about OpenVPN3 in the man page

+      Exit if a proper message instead of segfault on Android without management

+      Use proper print format/casting when converting msg_channel handle

+      Reduce initialisation spam from verb <= 3 and print summary instead

+      Dynamic tls-crypt for secure soft_reset/session renegotiation

+

+Frank Lichtenheld (8):

+      Changes.rst: document removal of --keysize

+      Windows: fix unused function setenv_foreign_option

+      Windows: fix unused variables in delete_route_ipv6

+      Windows: fix wrong printf format in x_check_status

+      Windows: fix unused variable in win32_get_arch

+      configure: enable DCO by default on FreeBSD/Linux

+      Windows: fix signedness errors with recv/send

+      configure: fix formatting of --disable-lz4 and --enable-comp-stub

+

+Gert Doering (2):

+      Get rid of unused 'bool tuntap_buffer' arguments.

+      FreeBSD 12.x workaround for IPv6 ifconfig is needed on 12.4 as well

+

+Kristof Provost (3):

+      options.c: enforce a minimal fragment size

+      configure: improve FreeBSD DCO check

+      dco: define OVPN_DEL_PEER_REASON_TRANSPORT_DISCONNECT on FreeBSD

+

+Lev Stipakov (6):

+      Allow certain DHCP options to be used without DHCP server

+      dco-win: use proper calling convention on x86

+      Improve format specifier for socket handle in Windows

+      Disable DCO if proxy is set via management

+      Add logging for windows driver selection process

+      Avoid management log loop with verb >= 6

+

+Matthias Andree (1):

+      make dist: Ship ovpn_dco_freebsd.h, too

+

+Selva Nair (9):

+      block-dns using iservice: fix a potential double free

+      Conditionally add subdir-objects option to automake

+      Build unit tests in mingw Windows build

+      cyryptapi.c: log the selected certificate's name

+      cryptoapi.c: remove pre OpenSSL-3.01 support

+      cryptoapi.c: simplify parsing of thumbprint hex string

+      Option --cryptoapicert: support issuer name as a selector

+      Add a unit test for functions in cryptoapi.c

+      Do not save pointer to 'struct passwd' returned by getpwnam etc.

+

+

 2023.01.25 -- Version 2.6.0

 Antonio Quartulli (1):

@@ -9,6 +9,82 @@ New features

   previously authenticated peer can do trigger renegotiation and complete

   renegotiations.

+- CryptoAPI (Windows): support issuer name as a selector.

+  Certificate selection string can now specify a partial

+  issuer name string as "--cryptoapicert ISSUER:<string>" where

+  <string> is matched as a substring of the issuer (CA) name in

+  the certificate.

+

+

+User visible changes

+--------------------

+- on crypto initialization, move old "quite verbose" messages to --verb 4

+  and only print a more compact summary about crypto and timing parameters

+  by default

+

+- configure now enables DCO build by default on FreeBSD and Linux, which

+  brings in a default dependency for libnl-genl (for Linux distributions

+  that are too old to have this library, use "configure --disable-dco")

+

+- make "configure --help" output more consistent

+

+- CryptoAPI (Windows): remove support code for OpenSSL before 3.0.1

+  (this will not affect official OpenVPN for Windows installers, as they

+  will always be built with OpenSSL 3.0.x)

+

+- CryptoAPI (Windows): log the selected certificate's name

+

+- "configure" now uses "subdir-objects", for automake >= 1.16

+  (less warnings for recent-enough automake versions, will change

+  the way .o files are created)

+

+

+Bugfixes / minor improvements

+-----------------------------

+- fixed old IPv6 ifconfig race condition for FreeBSD 12.4 (trac #1226)

+

+- fix compile-time breakage related to DCO defines on FreeBSD 14

+

+- enforce minimum packet size for "--fragment" (avoid division by zero)

+

+- some alignment fixes to avoid unaligned memory accesses, which will

+  bring problems on some architectures (Sparc64, some ARM versions) -

+  found by USAN clang checker

+

+- windows source code fixes to reduce number of compile time warnings

+  (eventual goal is to be able to compile with -Werror on MinGW), mostly

+  related to signed/unsigned char * conversions, printf() format specifiers

+  and unused variables.

+

+- avoid endless loop on logging with --management + --verb 6+

+

+- build (but not run) unit tests on MinGW cross compiles, and run them

+  when building with GitHub Actions.

+

+- add unit test for parts of cryptoapi.c

+

+- add debug logging to help with diagnosing windows driver selection

+

+- disable DCO if proxy config is set via management interface

+

+- do not crash on Android if run without --management

+

+- improve documentation about cipher negotiation and OpenVPN3

+

+- for x86 windows builds, use proper calling conventions for dco-win

+  (__stdcall)

+

+- differentiate "dhcp-option ..." options into "needs an interface with

+  true DHCP service" (tap-windows) and "can also be installed by IPAPI

+  or service, and can be used on non-DHCP interfaces" (wintun, dco-win)

+

+- windows interactive service: fix possible double-free if "--block-dns"

+  installation fails due to "security products" interfering

+  (Github OpenVPN/openvpn#232)

+

+- "make dist": package ovpn_dco_freebsd.h to permit building from tarballs

+  on FreeBSD 14

+

 Overview of changes in 2.6.0, relative to 2.6_rc2

 =================================================

@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])

 define([PRODUCT_TARNAME], [openvpn])

 define([PRODUCT_VERSION_MAJOR], [2])

 define([PRODUCT_VERSION_MINOR], [6])

-define([PRODUCT_VERSION_PATCH], [.0])

+define([PRODUCT_VERSION_PATCH], [.1])

 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])

 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])

 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])

 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])

-define([PRODUCT_VERSION_RESOURCE], [2,6,0,5])

+define([PRODUCT_VERSION_RESOURCE], [2,6,1,0])

 dnl define the TAP version

 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])

 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])