Tags: fxckgfw/openvpn
Tags
OpenVPN v2.3.8 2015.08.03 -- Version 2.3.8 Arne Schwabe (2): Report missing endtags of inline files as warnings Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit Gert Doering (2): Produce a meaningful error message if --daemon gets in the way of asking for passwords. Document --daemon changes and consequences (--askpass, --auth-nocache). Holger Kummert (1): Del ipv6 addr on close of linux tun interface James Geboski (1): Fix --askpass not allowing for password input via stdin Steffan Karger (5): write pid file immediately after daemonizing Make __func__ work with Visual Studio too fix regression: query password before becoming daemon Fix using management interface to get passwords. Fix overflow check in openvpn_decrypt()
OpenVPN v2.3.7 2015.06.02 -- Version 2.3.7 Alexander Pyhalov (1): Default gateway can't be determined on illumos/Solaris platforms Arne Schwabe (1): Warn that tls-auth with free form files is going to be removed from OpenVPN 2.4 David Sommerseth (6): autotools: Fix wrong ./configure help screen default values down-root plugin: Replaced system() calls with execve() down-root: Improve error messages plugin, down-root: Fix compiler warnings sockets: Remove the limitation of --tcp-nodelay to be server-only plugins, down-root: Code style clean-up David Woodhouse (2): pkcs11: Load p11-kit-proxy.so module by default Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present Felix Janda (1): Use OPENVPN_ETH_P_* so that <netinet/if_ether.h> is unecessary Gert Doering (17): New approach to handle peer-id related changes to link-mtu (2.3 version) Fix incorrect use of get_ipv6_addr() for iroute options. Print helpful error message on --mktun/--rmtun if not available. explain effect of --topology subnet on --ifconfig Add note about file permissions and --crl-verify to manpage. repair --dev null breakage caused by db950be assume res_init() is always there. Correct note about DNS randomization in openvpn.8 Disallow usage of --server-poll-timeout in --secret key mode. slightly enhance documentation about --cipher Enforce "serial-tests" behaviour for tests/Makefile Revert "Enforce "serial-tests" behaviour for tests/Makefile" On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo(). Use configure.ac hack to apply serial_test AM option only if supported. Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo(). Move res_init() call to inner openvpn_getaddrinfo() loop Fix FreeBSD ifconfig for topology subnet tunnels. Guy Yur (1): Fix --redirect-private in --dev tap mode. Jan Just Keijser (1): include ifconfig_ environment variables in --up-restart env set Jonathan K. Bullard (1): Fix null pointer dereference in options.c Lev Stipakov (1): Fix mssfix default value in connection_list context Matthias Andree (1): Manual page update for Re-enabled TLS version negotiation. Mike Gilbert (1): Include systemd units in the source tarball (make dist) Robert Fischer (1): Updated manpage for --rport and --lport Samuli Seppänen (2): Properly escape dashes on the man-page Improve documentation in --script-security section of the man-page Steffan Karger (14): Really fix '--cipher none' regression Update doxygen (a bit) Set tls-version-max to 1.1 if cryptoapicert is used Account for peer-id in frame size calculation Disable SSL compression Fix frame size calculation for non-CBC modes. Allow for CN/username of 64 characters (fixes off-by-one) Remove unneeded parameter 'first_time' from possibly_become_daemon() Re-enable TLS version negotiation by default Remove size limit for files inlined in config Improve --tls-cipher and --show-tls man page description Re-read auth-user-pass file on (re)connect if required Clarify --capath option in manpage Call daemon() before initializing crypto library
OpenVPN 2.2.3 2014.11.30 -- Version 2.2.3 Christian Niessner (1): Fix corner case in NTLM authentication (trac OpenVPN#172) Gert Doering (1): Fix client crash on double PUSH_REPLY. Jens Wagner (1): Fix spurious ignoring of pushed config options (trac#349). Matthias Andree (1): Enable TCP_NODELAY configuration on FreeBSD. Steffan Karger (2): Drop too-short control channel packets instead of asserting out. Use constant time memcmp when comparing HMACs in openvpn_decrypt.
OpenVPN v2.3.6 OpenVPN Change Log Copyright (C) 2002-2014 OpenVPN Technologies, Inc. <[email protected]> 2014.11.28 -- Version 2.3.6 David Sommerseth (1): systemd: Reworked the systemd unit file to handle server and client configs better Gert Doering (1): Add client-only support for peer-id. Samuli Seppänen (1): Fix to --shaper documentation on the man-page Steffan Karger (4): Fix assertion error when using --cipher none Add --tls-version-max Modernize sample keys and sample configs Drop too-short control channel packets instead of asserting out.
OpenVPN v2.3.5 2014.10.24 -- Version 2.3.5 Andris Kalnozols (2): Fix some typos in the man page. Do not upcase x509-username-field for mixed-case arguments. Arne Schwabe (1): Fix server routes not working in topology subnet with --server [v3] David Sommerseth (4): Improve error reporting on file access to --client-config-dir and --ccd-exclusive Don't let openvpn_popen() keep zombies around Add systemd unit file for OpenVPN systemd: Use systemd functions to consider systemd availability Gert Doering (3): Drop incoming fe80:: packets silently now. Fix t_lpback.sh platform-dependent failures Call init script helpers with explicit path (./) Heiko Hund (1): refine assertion to allow other modes than CBC Hubert Kario (2): ocsp_check - signature verification and cert staus results are separate ocsp_check - double check if ocsp didn't report any errors in execution James Bekkema (1): Fix socket-flag/TCP_NODELAY on Mac OS X James Yonan (6): Fixed several instances of declarations after statements. In socket.c, fixed issue where uninitialized value (err) is being passed to to gai_strerror. Explicitly cast the third parameter of setsockopt to const void * to avoid warning. MSVC 2008 doesn't support dimensioning an array with a const var nor using %z as a printf format specifier. Define PATH_SEPARATOR for MSVC builds. Fixed some compile issues with show_library_versions() Jann Horn (1): Remove quadratic complexity from openvpn_base64_decode() Mike Gilbert (1): Add configure check for the path to systemd-ask-password Philipp Hagemeister (2): Add topology in sample server configuration file Implement on-link route adding for iproute2 Samuel Thibault (1): Ensure that client-connect files are always deleted Steffan Karger (13): Remove function without effect (cipher_ok() always returned true). Remove unneeded wrapper functions in crypto_openssl.c Fix bug that incorrectly refuses oid representation eku's in polar builds Update README.polarssl Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure. Add proper check for crypto modes (CBC or OFB/CFB) Improve --show-ciphers to show if a cipher can be used in static key mode Extend t_lpback tests to test all ciphers reported by --show-ciphers Don't exit daemon if opening or parsing the CRL fails. Fix typo in cipher_kt_mode_{cbc, ofb_cfb}() doxygen. Fix regression with password protected private keys (polarssl) ssl_polarssl.c: fix includes and make casts explicit Remove unused variables from ssl_verify_openssl.c extract_x509_extension() TDivine (1): Fix "code=995" bug with windows NDIS6 tap driver.
OpenVPN 2.3.4 2014.04.30 -- Version 2.3.4 Arne Schwabe (1): Fix man page and OSCP script: tls_serial_{n} is decimal Dmitrij Tejblum (1): Fix is_ipv6 in case of tap interface. Gert Doering (7): IPv6 address/route delete fix for Win8 Add SSL library version reporting. Minor t_client.sh cleanups Repair --multihome on FreeBSD for IPv4 sockets. Rewrite manpage section about --multihome More IPv6-related updates to the openvpn man page. Conditionalize calls to print_default_gateway on !ENABLE_SMALL James Yonan (2): Use native strtoull() with MSVC 2013. When tls-version-min is unspecified, revert to original versioning approach. Steffan Karger (4): Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning. Fix OCSP_check.sh to also use decimal for stdout verification. Fix build system to accept non-system crypto library locations for plugins. Make serial env exporting consistent amongst OpenSSL and PolarSSL builds. Yawning Angel (1): Fix SOCKSv5 method selection kangsterizer (1): Fix typo in sample build script to use LDFLAGS
v2.3.3 OpenVPN v2.3.3 2014.04.08 -- Version 2.3.3 Alon Bar-Lev (1): pkcs11: use generic evp key instead of rsa Arne Schwabe (8): Add support of utun devices under Mac OS X Add support to ignore specific options. Add a note what setenv opt does for OpenVPN < 2.3.3 Add reporting of UI version to basic push-peer-info set. Fix compile error in ssl_openssl introduced by polar external-management patch Fix assertion when SIGUSR1 is received while getaddrinfo is successful Add warning for using connection block variables after connection blocks Introduce safety check for http proxy options David Sommerseth (5): man page: Update man page about the tls_digest_{n} environment variable Remove the --disable-eurephia configure option plugin: Extend the plug-in v3 API to identify the SSL implementation used autoconf: Fix typo Fix file checks when --chroot is being used Davide Brini (1): Document authfile for socks server Gert Doering (9): Fix IPv6 examples in t_client.rc-sample Fix slow memory drain on each client renegotiation. t_client.sh: ignore fields from "ip -6 route show" output that distort results. Make code and documentation for --remote-random-hostname consistent. Reduce IV_OPENVPN_GUI_VERSION= to IV_GUI_VER= Document issue with --chroot, /dev/urandom and PolarSSL. Rename 'struct route' to 'struct route_ipv4' Replace copied structure elements with including <net/route.h> Workaround missing SSL_OP_NO_TICKET in earlier OpenSSL versions Heikki Hannikainen (1): Always load intermediate certificates from a PKCS#12 file Heiko Hund (2): Support non-ASCII TAP adapter names on Windows Support non-ASCII characters in Windows tmp path James Yonan (3): TLS version negotiation Added "setenv opt" directive prefix. Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption. Jens Wagner (1): Fix spurious ignoring of pushed config options (trac#349). Joachim Schipper (3): Refactor tls_ctx_use_external_private_key() --management-external-key for PolarSSL external_pkcs1_sign: Support non-RSA_SIG_RAW hash_ids Josh Cepek (2): Correct error text when no Windows TAP device is present Require a 1.2.x PolarSSL version Klee Dienes (1): tls_ctx_load_ca: Improve certificate error messages Max Muster (1): Remove duplicate cipher entries from TLS translation table. Peter Sagerson (1): Fix configure interaction with static OpenSSL libraries Steffan Karger (7): Do not pass struct tls_session* as void* in key_state_ssl_init(). Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915. Use RSA_generate_key_ex() instead of deprecated, RSA_generate_key() Also update TLSv1_method() calls in support code to SSLv23_method() calls. Update TLSv1 error messages to SSLv23 to reflect changes from commit 4b67f98 If --tls-cipher is supplied, make --show-tls parse the list. Add openssl-specific common cipher list names to ssl.c. Tamas TEVESZ (1): Add support for client-cert-not-required for PolarSSL. Thomas Veerman (1): Fix "." in description of utun.
OpenVPN v2.3.2 2013.05.31 -- Version 2.3.2 Arne Schwabe (3): Only print script warnings when a script is used. Remove stray mention of script-security system. Move settings of user script into set_user_script function Move checking of script file access into set_user_script Davide Brini (1): Provide more accurate warning message Gert Doering (2): Fix NULL-pointer crash in route_list_add_vpn_gateway(). Fix problem with UDP tunneling due to mishandled pktinfo structures. James Yonan (1): Always push basic set of peer info values to server. Jan Just Keijser (1): make 'explicit-exit-notify' pullable again Josh Cepek (2): Fix proto tcp6 for server & non-P2MP modes Fix Windows script execution when called from script hooks Steffan Karger (2): Fixed tls-cipher translation bug in openssl-build Fixed usage of stale define USE_SSL to ENABLE_SSL svimik (1): Fix segfault when enabling pf plug-ins
2013.03.29 -- Version 2.3.1 Arne Schwabe (4): Remove dead code path and putenv functionality Remove unused function xor Move static prototype definition from header into c file Remove unused function no_tap_ifconfig Christian Hesse (1): fix build with automake 1.13(.1) Christian Niessner (1): Fix corner case in NTLM authentication (trac OpenVPN#172) Gert Doering (5): Update README.IPv6 to match what is in 2.3.0 Repair "tcp server queue overflow" brokenness, more <stdbool.h> fallout. Permit pool size of /64.../112 for ifconfig-ipv6-pool Add MIN() compatibility macro Fix directly connected routes for "topology subnet" on Solaris. Heiko Hund (5): close more file descriptors on exec Ignore UTF-8 byte order mark reintroduce --no-name-remapping option make --tls-remote compatible with pre 2.3 configs add new option for X.509 name verification Jan Just Keijser (1): man page patch for missing options Josh Cepek (2): Fix parameter listing in non-debug builds at verb 4 (updated) [PATCH] Warn when using verb levels >=7 without debug Matthias Andree (1): Enable TCP_NODELAY configuration on FreeBSD. Samuli Seppänen (4): Removed ChangeLog.IPv6 Added cross-compilation information INSTALL-win32.txt Updated README Cleaned up and updated INSTALL Steffan Karger (7): PolarSSL-1.2 support Improve PolarSSL key_state_read_{cipher, plain}text messages Improve verify_callback messages Config compatibility patch. Added translate_cipher_name. Switch to IANA names for TLS ciphers. Fixed autoconf script to properly detect missing pkcs11 with polarssl. Use constant time memcmp when comparing HMACs in openvpn_decrypt.
PreviousNext