GitList

Browse code

Preparing OpenVPN v2.4_beta2 release

This also adds a few missing details from Changes.rst

Signed-off-by: David Sommerseth <davids@openvpn.net>

David Sommerseth authored on 2016/11/24 23:04:51
Showing 3 changed files

ChangeLog index 991aeb6..abb9d38 100644
Changes.rst index 90c3772..6d7bd69 100644
version.m4 index ab8ea42..b5fb234 100644

@@ -1,6 +1,36 @@
                      OpenVPN Change Log
                      Copyright (C) 2002-2016 OpenVPN Technologies, Inc. <sales@openvpn.net>
                     +2016.11.24 -- Version 2.4_beta2
                     +Arne Schwabe (5):
                     +      Document that tls-crypt also supports inline
                     +      Fix warning that RAND_bytes is undeclared
                     +      Remove compat-stdbool.h.
                     +      Fix various compiler warnings
                     +      Handle DNS6 option on Android
+                    +
                     +David Sommerseth (2):
                     +      Changes.rst: Fixing wrong formatting
                     +      Document the --auth-token option
+                    +
                     +Gert Doering (2):
                     +      Remove remaining traces of compat-stdbool.h
                     +      Stub implementation of "--dhcp-option DNS6 <v6addr>"
+                    +
                     +Selva Nair (3):
                     +      Do not set ipv6 address if '--ip-win32 manual' is used
                     +      Handle --dhcp-option DNS6 on Windows using netsh
                     +      Set IPv6 DNS servers using interactive service
+                    +
                     +Steffan Karger (6):
                     +      multi_process_float: revert part of c14c4a9e
                     +      --tls-crypt fixes
                     +      Change cmocka remote to use https in stead of git protocol
                     +      generate_key_expansion: make assumption explicit, use C99 features
                     +      Poor man's NCP for non-NCP peers
                     +      Refactor data channel key generation API
+                    +
+                    +
 .11.17 -- Version 2.4_beta1
                      Arne Schwabe (1):
                            Make Changes.rst nicer for 2.4 release

Changes.rst

History View file @ 9bc2be7

@@ -18,6 +18,19 @@ Cipher negotiation
                          to use that cipher.  Data channel cipher negotiation can be controlled
                          using ``--ncp-ciphers`` and ``--ncp-disable``.
                     +    A more limited version also works in client-to-server and server-to-client
                     +    scenarios where one of the end points uses a v2.4 client or server and the
                     +    other side uses an older version.  In such scenarios the v2.4 side will
                     +    change to the ``--cipher`` set by the remote side, if permitted by by
                     +    ``--ncp-ciphers``.  For example, a v2.4 client with ``--cipher BF-CBC``
                     +    and ``ncp-ciphers AES-256-GCM:AES-256-CBC`` can connect to both a v2.3
                     +    server with ``cipher BF-CBC`` as well as a server with
                     +    ``cipher AES-256-CBC`` in its config.  The other way around, a v2.3 client
                     +    with either ``cipher BF-CBC`` or ``cipher AES-256-CBC`` can connect to a
                     +    v2.4 server with e.g. ``cipher BF-CBC`` and
                     +    ``ncp-ciphers AES-256-GCM:AES-256-CBC`` in its config.  For this to work
                     +    it requires that OpenVPN was built without disabling OCC support.
+                    +
                      AEAD (GCM) data channel cipher support
                          The data channel now supports AEAD ciphers (currently only GCM).  The AEAD
                          packet format has a smaller overhead than the CBC packet format, (e.g. 20
@@ -32,6 +45,18 @@ Dualstack client connect
                          Instead of only using the first address of each ``--remote`` OpenVPN
                          will now try all addresses (IPv6 and IPv4) of a ``--remote`` entry.
                     +Support for providing IPv6 DNS servers
                     +     A new DHCP sub-options ``DNS6`` is added alongside with the already existing
                     +     ``DNS`` sub-option.  This is used to provide DNS resolvers available over
                     +     IPv6.  This will be pushed to clients and `` --up`` scripts and ``--plugin``
                     +     can act upon it through the ``foreign_option_<n>`` environment variables.
+                    +
                     +     Support for the Windows client picking up this new sub-option is added,
                     +     however IPv6 DNS resolvers needs to be configured via ``netsh`` which requires
                     +     administrator privileges if the new interactive services on Windows is not
                     +     being used.  If the interactive services is used, this service will execute
                     +     ``netsh`` in the background with the proper privileges.
+                    +
                      New improved Windows Background service
                          The new OpenVPNService is based on openvpnserv2, a complete rewrite of the OpenVPN
                          service wrapper. It is intended for launching OpenVPN instances that should be

version.m4

History View file @ 9bc2be7

@@ -3,7 +3,7 @@ define([PRODUCT_NAME], [OpenVPN])
                      define([PRODUCT_TARNAME], [openvpn])
                      define([PRODUCT_VERSION_MAJOR], [2])
                      define([PRODUCT_VERSION_MINOR], [4])
                     -define([PRODUCT_VERSION_PATCH], [_beta1])
                     +define([PRODUCT_VERSION_PATCH], [_beta2])
                      m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
                      m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
                      m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])