@@ -1,8 +1,76 @@

 OpenVPN

-Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>

+Copyright (C) 2002-2008 OpenVPN Solutions LLC <info@openvpn.net>

 $Id$

+2008.06.11 -- Version 2.1_rc8

+

+* Added client authentication and packet filtering capability

+  to management interface.  In addition, allow OpenVPN plugins

+  to take advantage of deferred authentication and packet

+  filtering capability.

+

+* Added support for client-side connection profiles.

+

+* Fixed unbounded memory growth bug in environmental variable

+  code that could have caused long-running OpenVPN sessions

+  with many TLS renegotiations to incrementally

+  increase memory usage over time.

+

+* Windows release now packages openssl-0.9.8h.

+

+* Build system changes -- allow building on Windows using

+  autoconf/automake scripts (Alon Bar-Lev).

+

+* Changes to Windows build system to make it easier to do

+  partial builds, with a reduced set of prerequisites,

+  where only a subset of OpenVPN installer

+  components are built.  See ./domake-win comments.

+

+* Cleanup IP address for persistence interfaces for tap and also

+  using ifconfig, gentoo#209055 (Alon Bar-Lev).

+

+* Fall back to old version of extract_x509_field for OpenSSL 0.9.6.

+

+* Clarified tcp-queue-limit man page entry (Matti Linnanvuori).

+

+* Added new OpenVPN icon and installer graphic.

+

+* Minor pkitool changes.

+

+* Added --pkcs11-id-management option, which will cause OpenVPN to

+  query the management interface via the new NEED-STR asynchronous

+  notification query to get additional PKCS#11 options (Alon Bar-Lev).

+

+* Added NEED-STR management interface asynchronous query and

+  "needstr" management interface command to respond to the query

+  (Alon Bar-Lev).

+

+* Added Dragonfly BSD support (Francis-Gudin).

+

+* Quote device names before passing to up/down script (Josh Cepek).

+

+* Bracketed struct openvpn_pktinfo with #pragma pack(1) to

+  prevent structure padding from causing an incorrect length

+  to be returned by sizeof (struct openvpn_pktinfo) on 64-bit

+  platforms.

+

+* On systems that support res_init, always call it

+  before calling gethostbyname to ensure that

+  resolver configuration state is current.

+

+* Added NTLMv2 proxy support (Miroslav Zajic).

+

+* Fixed an issue in extract_x509_field_ssl where the extraction

+  would fail on the first field of the subject name, such as

+  the common name in:  /CN=foo/emailAddress=foo@bar.com

+

+* Made "Linux ip addr del failed" error nonfatal.

+

+* Amplified --client-cert-not-required warning.

+

+* Added #pragma pack to proto.h.

+

 2008.01.29 -- Version 2.1_rc7

 * Added a few extra files that exist in the svn repo but were

@@ -41,6 +41,10 @@ export KEY_DIR="$EASY_RSA/keys"

 # Issue rm -rf warning

 echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

+# PKCS11 fixes

+export PKCS11_MODULE_PATH="dummy"

+export PKCS11_PIN="dummy"

+

 # Increase this to 2048 if you

 # are paranoid.  This will slow

 # down TLS negotiation performance

@@ -1,5 +1,5 @@

 F=pkcs11-helper-1.05

-OPENSSL_DIR=`pwd`/openssl-0.9.7m

+OPENSSL_DIR=`pwd`/openssl-0.9.8h

 PKCS11_HELPER_DIR=`pwd`/pkcs11-helper

 rm -rf $PKCS11_HELPER_DIR

@@ -12,7 +12,6 @@ tar xfj $tbz

 cd $F

 ./configure \

 	MAN2HTML=true \

-	ac_cv_type_size_t=no \

 	--disable-crypto-engine-gnutls \

         --disable-crypto-engine-nss \

         PKG_CONFIG=true \

@@ -21,3 +20,5 @@ cd $F

 make

 make install DESTDIR="${PKCS11_HELPER_DIR}"

+

+# ./configure doesn't need this any more: ac_cv_type_size_t=no

@@ -1,5 +1,5 @@

 dnl define the OpenVPN version

-define(PRODUCT_VERSION,[2.1_rc7f])

+define(PRODUCT_VERSION,[2.1_rc8])

 dnl define the TAP version

 define(PRODUCT_TAP_ID,[tap0901])

 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])