Menu
▾
▴
[Openvpn-commits] SF.net Git: OpenVPN with experimental and new features - which requires a lot of testing annotated tag, v2.2-beta4, created. v2.2-beta4
|
From: <ope...@li...> - 2010-11-21 15:17:55
|
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenVPN with experimental and new features - which requires a lot of testing".
The annotated tag, v2.2-beta4 has been created
at d4d7ed7ad950613e25c8df5d24922bfe3fbfe582 (tag)
tagging 4729263dbe01afc078d6b7cf7167122d50e65533 (commit)
tagged by David Sommerseth
on Sun Nov 21 16:05:24 2010 +0100
- Log -----------------------------------------------------------------
2010.11.18 -- Version 2.2-beta4
David Sommerseth (10):
Clarified --explicit-exit-notify man page entry
Clean-up: Remove pthread and mutex locking code
Clean-up: Remove more dead and inactive code paths
Clean-up: Removing useless code - hash related functions
Use stricter snprintf() formatting in socks_username_password_auth() (v3)
Fix compiler warnings about not used dummy() functions
Fixed potential misinterpretation of boolean logic
Only add some functions when really needed
Removed functions not being used anywhere
Merged add_bypass_address() and add_host_route_if_nonlocal()
Gert Doering (3):
Integrate support for TAP mode on Solaris, written by Kazuyoshi Aizawa <ad...@wh...>.
Make "topology subnet" work on Solaris
Improved man page entry for script_type
James Yonan (5):
Fixed initialization bug in route_list_add_default_gateway (Gert Doering).
Implement challenge/response authentication support in client mode
Make base64.h have the same conditional compilation expression as base64.c.
Fixed compiling issues when using --disable-crypto
In verify_callback, the subject var should be freed by OPENSSL_free, not free
Jesse Young (1):
Remove hardcoded path to resolvconf
Lars Hupel (1):
Add HTTP/1.1 Host header
Pierre Bourdon (1):
Adding support for SOCKS plain text authentication
Samuli Seppänen (2):
Added check for variable CONFIGURE_DEFINES into options.c
Added command-line option parser and an unsigned build option to build_all.py
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEABECAAYFAkzpNV0ACgkQDC186MBRfrpSVACgmYoFm5crsgZQ8IqUgvqK+0BZ
Tb8An2derWC5IoxS20wLGuvKH5XujdtJ
=A/u+
-----END PGP SIGNATURE-----
Alberto Gonzalez Iniesta (1):
Debian patch: Fix spelling in log message
Dan Nelson (1):
bash->bourne script cleanup
Daniel Johnson (1):
When I began testing OpenVPN v2.1_rc9 I was having trouble authenticating to the MS Active Directory through auth-pam and Samba. I used the following line in my configs (without the linebreak of course):
David Sommerseth (57):
Added mapping files from SVN commit ID to more descriptive commit IDs.
Do not randomize resolving of IP addresses in getaddr()
verb 5 logging wrongly reports received bytes
Added mapping files from SVN commit ID to more descriptive commit IDs.
Merge branch 'master' into bugfix2.1
Add comile time information/settings from ./configure to --version
Fix dependency checking for configure.h (v2)
Make use of automake CLEANFILES variable instead of clean-local rule
Don't add compile time information if --enable-small is used
Revamped the script-security warning logging (version 2)
Added mapping files from SVN commit ID to more descriptive commit IDs.
verb 5 logging wrongly reports received bytes
On TARGET_LINUX define _GNU_SOURCE if not defined
Fix autotools cross-compiling support
Make use of counter_type instead of int when counting bytes and network packets
Harden create_temp_filename() (version 2)
Renamed all calls to create_temp_filename()
Updated the man page to reflect the behavioural change of create_temp_file()
Removed no longer needed delete_file() call
Fixed potential NULL pointer issue
Avoid repetition of "this config may cache passwords in memory" (v2)
OCSP_check.sh: new check logic
Fixed client hang when server don't PUSH (aka the NO_SOUP_FOR_YOU patch)
Fix multiple configured scripts conflicts issue (version 2)
Test framework improvment - Do not FAIL if t_client.rc is missing
More t_client.sh updates - exit with SKIP when we want to skip
Fixed compiler warnings reported on Ubuntu 10.04
Reworked the eurephia patch for inclusion to the openvpn-testing tree
Add comile time information/settings from ./configure to --version
Fix dependency checking for configure.h (v2)
Make use of automake CLEANFILES variable instead of clean-local rule
Don't add compile time information if --enable-small is used
Revamped the script-security warning logging (version 2)
Solved hidden merge conflict between feat_misc and bugfix2.1
Fixed compiler warning in ssl.c
Preparing for v2.2-beta3
Clarified --explicit-exit-notify man page entry
Merge branch 'svn-BETA21' into bugfix2.1
Merge branch 'svn-BETA21' into beta2.2
Merge branch 'bugfix2.1' into beta2.2
Merge branch 'feat_misc' into beta2.2
Merge branch 'feat_misc' into beta2.2
Clean-up: Remove pthread and mutex locking code
Clean-up: Remove more dead and inactive code paths
Clean-up: Removing useless code - hash related functions
Merge branch 'bugfix2.1' into beta2.2
Merge branch 'svn-BETA21' into bugfix2.1
Use stricter snprintf() formatting in socks_username_password_auth() (v3)
Fix compiler warnings about not used dummy() functions
Fixed potential misinterpretation of boolean logic
Only add some functions when really needed
Removed functions not being used anywhere
Merged add_bypass_address() and add_host_route_if_nonlocal()
Merge branch 'bugfix2.1' into beta2.2
Merge branch 'feat_misc' into beta2.2
Updated ChangeLog with info about last merges
Prepared for v2.2-beta4 for release
Davide Brini (5):
The man page does not mention that the default value of "mssfix" is 1450.
Enhance contrib/pull-resolv-conf/client.{up,down} scripts
Fix missing /bin/bash -> /bin/sh
Fix certificate serial number export
Exclude ping and control packets from activity
Emilien Mantel (4):
Choose a different field in X509 to be username
Fixed static defined length check to use sizeof()
Choose a different field in X509 to be username
Fixed static defined length check to use sizeof()
Enrico Scholz (2):
Allow 'lport 0' setup for random port binding
Allow 'lport 0' setup for random port binding
Fabian Knittel (2):
ssl.c: fix use of openvpn_run_script()'s return value
ssl.c: fix use of openvpn_run_script()'s return value
Gert Doering (10):
remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfig
remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfig
Fix compile problems on NetBSD and OpenBSD
Fix <net/if.h> compile time problems on OpenBSD for good
full "VPN client connect" test framework for OpenVPN
Build t_client.sh by configure at run-time.
Fix problem with special case route targets ('remote_host')
Integrate support for TAP mode on Solaris, written by Kazuyoshi Aizawa <ad...@wh...>.
Make "topology subnet" work on Solaris (ifconfig + route metric changes by Kazuyoshi Aizawa, adding of local "connected subnet" route by me)
Improved man page entry for script_type
James Yonan (41):
Fixed an issue in the Management Interface that could cause
Fixed an issue where if reneg-sec was set to 0 on the client,
Trivial fix to proxy.c -- #define proxy auth type as UP_TYPE_PROXY.
Added stub directive "remote-ip-hint".
Modified ">PASSWORD:Verification Failed" management interface
Version 2.1.1c
Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
Updated MSVC build scripts to Visual Studio 2008:
Management interface performance optimizations:
Minor change to doclean script:
Added Python-based build system for Windows in
Updated copyright date to 2010.
Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
Proxy improvements:
Minor fixes to recent HTTP proxy changes:
Implemented http-proxy-override and http-proxy-fallback directives to make it
Implemented a key/value auth channel from client to server.
Fixed issue where bad creds provided by the management interface
Added support for MSVC debugging of openvpn.exe in settings.in:
Fixed bug in proxy fallback capability where openvpn.exe could
Version 2.1.1k
Implemented multi-address DNS expansion on the network field of route
Added --register-dns option for Windows.
Added win/build_exe.py script, which is similar to
Fixed typo: missing comment close.
Fixed an issue where application payload transmissions on the
Added "net stop dnscache" and "net start dnscache" in front
Distribute win directory (Python/MSVC-based build system)
Added warning about tls-remote in man page.
Windows security issue:
Attempt to fix issue where domake-win build system was not properly
Allow PKCS12 file content to be included inline in configuration file,
Don't configure Linux tun/tap txqueuelen setting if OpenVPN
Added --proto-force directive.
Fixed initialization bug in route_list_add_default_gateway
Implement challenge/response authentication support in client mode,
Make base64.h have the same conditional compilation expression as
Version 2.1.3b
Fixed compiling issues when using --disable-crypto
In verify_callback, the subject var should be freed by OPENSSL_free,
Fixes to prevent compile breakage when --disable-crypto is used.
Jan Brinkmann (2):
The man page needs dash escaping in UTF-8 environments
The man page needs dash escaping in UTF-8 environments
Jesse Young (1):
Remove hardcoded path to resolvconf
Karl O. Pinc (4):
Change verify-cn so cn is no longer hardcoded in openvpn's config file
Several updates to openvpn.8 (man page updates)
Change verify-cn so cn is no longer hardcoded in openvpn's config file
Several updates to openvpn.8 (man page updates)
Lars Hupel (1):
Add HTTP/1.1 Host header
Mathieu GIANNECCHINI (2):
enhance tls-verify possibility
enhance tls-verify possibility
Pierre Bourdon (1):
Adding support for SOCKS plain text authentication
Samuli Seppänen (2):
Added check for variable CONFIGURE_DEFINES into options.c
Added command-line option parser and an unsigned build option to build_all.py
Wil Cooley (2):
pkitool lacks expected option "--help"
pkitool lacks expected option "--help"
chantra (3):
Handle non standard subnets in PF grammar
Fix errors in openvpn-plugin.h documentation
Fixes openssl-1.0.0 compilation warning
james (429):
This is the start of the BETA21 branch.
version 2.1_beta1
Added scripting code to Makefile.am to ignore .svn
svn merge -r 582:585 $SO/trunk/openvpn
Renamed sample-keys/tmp-ca.crt to ca.crt.
version 2.1_beta1
Fixed an oops -- compression debugging output was turned on.
Fixed version oops in ChangeLog.
Added support for openvpn_plugin_select_initialization_point_v1
svn merge -r 585:599 https://svn.openvpn.net/projects/openvpn/trunk
version 2.1_beta2
Makefile.am needs to do a rm -rf on .svn directories
Renamed plugin to plugins to work around
Merged PKCS#11 patch.
added *.orig to .svnignore
Minor PKCS#11 changes.
added *.rej to .svnignore
Enable the use of --ca together with --pkcs12. If --ca is
Merged --capath patch (Thomas Noel).
svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn
svn merge -r 614:615 $SO/patches/openvpn-2-1_alpha3a-tcpbind
Minor style cleanup for --enable-pedantic.
Changed tap-win32 version number in
Fixed some minor build issues with PKCS11 patch:
VERSION 2.1_beta3
Fixed bug introduced in 2.1-beta3 where management
ChangeLog edit
Reverted plugin directory location.
VERSION 2.1_beta4
VERSION 2.1_beta4 (re-released)
Brought up-to-date with Alon's PKCS11 patch at
Brought up-to-date with Alon's PKCS11 patch at
Fixed double fork bug.
Merged with Alon's tree @ r660
svn merge -r 670:672 $SO/trunk/openvpn
Allow OPT_P_SOCKFLAGS to be specified in
Moved socket setting log info to --verb 3 from 4.
Make sure that install-win32/prebuild gets
Merged with Alon's r688.
Addition of M_NOLF to error.h means that we need
Modified get_default_gateway code for Windows
Modified get_default_gateway code for Linux
ChangeLog edit
Some changes to GET_USER_PASS_NEED_OK flag to
Added actual remote address used to the ">STATE" alert
ChangeLog edit
Merge with https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21@712
Removed #warn from ssl.c
Merge with https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21@719
Merge with https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21@726
svn merge -r 672:731 $SO/trunk/openvpn
Changes to Windows build configuration to
Windows reliability changes:
svn merge -r 734:737 $SO/trunk/openvpn
ChangeLog edit
VERSION 2.1_beta5
Merged 2.0.4 changes.
More PKCS#11 changes.
VERSION 2.1_beta6
Moved easy-rsa 2.0 scripts to easy-rsa/2.0 to
Edited prebuild to properly get the easy-rsa/1.0
ChangeLog edit
svn merge -r 760:764 $SO/trunk/openvpn
Documented --route-nopull.
Documented --ip-win32 adaptive.
Changelog note about Windows build
svn merge -r 770:771 $SO/trunk/openvpn
Allow blank passwords to be passed via the management interface.
svn merge -r 771:780 $SO/trunk/openvpn
Merged /contrib/alon/BETA21@778
Added ENABLE_INLINE_FILES feature.
Removed annoying 'i' variable from add_option.
Merged (with some changes) Alon's
updated version number to 2.1_beta7
Fixed update_time to use a better algorithm for
Backed out change to update_time to handle time
Merged --remote-cert-ku, --remote-cert-eku, and
Fixed minor typos in --remote-cert-* documentation.
Reduce sensitivity to system clock instability
PKCS#11 fixes to interact with new backtrack-hardened
For Windows, set ip-win32 default back to dynamic.
Version 2.1_beta7 released
Merged PKCS11 changes from Alon:
Fixed minor man page formatting issue.
--remap-usr1 will now also remap signals thrown during initialization.
Added --connect-timeout option to control the timeout
Modified nonblocking connect code so that this works as it should:
svn merge -r 823:825 $SO/contrib/alon/BETA21/openvpn .
svn merge -r 780:820 $SO/trunk/openvpn .
Patch to support --topology subnet on Mac OS X (Mathias Sundman).
Fixed segfault that occurred if remote_cert_eku is undefined and no
Fixed some gcc 4 warnings in misc.c.
Inline file capability now works for
First attempt at automatic proxy detection,
Added --auto-proxy directive to auto-detect HTTP or SOCKS
Don't warn user if he uses user/group/chroot and
svn merge -r 845:854 $SO/trunk/openvpn .
Fixed bug in automatic Win32 PATH setting code.
--ip-win32 adaptive is now the default.
Added new option --route-method adaptive (Win32)
Man page and usage message changes to reflect
Some PKCS11-related code wasn't properly #ifdefed.
Minor ChangeLog edit.
Added OPENVPN_PLUGIN_TLS_FINAL plugin callback.
svn merge -r 854:863 $SO/trunk/openvpn
Fixed bug with tls-auth and key-direction parameter
Added patch to modify openvpn.nsi for building
incremented version number to 2.1_beta7b
Version 2.1_beta8 released
Small fixes:
pkcs11 fixes.
Added --management-client option to connect as a client to
Added feature to --management-client to confirm connection
Added "bytecount" command to management interface.
Added --port-share option for allowing OpenVPN and HTTPS
svn merge -r 888:889 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21 21
Version 2.1_beta9 released
Version 2.1_beta10 released
Added comments to ps.c (port share proxy code).
ps.c debug code
Port share proxy bug fixes.
Version 2.1_beta11 released
Minor fixes for gcc (GCC) 4.0.2 warnings.
Security Vulnerability -- An OpenVPN client connecting to a
"topology subnet" fix for FreeBSD (Benoit Bourdin).
Added man page entry for --setenv-safe.
I've recently worked on a better version of pkcs11-helper. I've also merged
svn merge -r 886:987 $SO/trunk/openvpn .
Version 2.1_beta12 released
Added credit and CVE number to security vulnerability fix in 2.0.6.
svn merge -r 999:1000 $SO/trunk/openvpn .
Version 2.1_beta13 released
Temporarily backed out time backtrack handling code
Merged PKCS#11 extensions to easy-rsa/2.0 (Alon Bar-Lev).
Re-added backtrack handling code.
ChangeLog edits.
Version number increment.
Added --route-metric option to set a default route metric
Added --lladdr option to specify the link layer (MAC) address
Version 2.1_beta14 released
Added credit for CAN-2005-2532.
A few more updates:
Added optional minimum-number-of-bytes
-r 1026:1032
Eliminated gcc 3.3.3 warnings on NetBSD
Modified --port-share code to remove the assumption that
Removed spurious executable propset from
Removed 'keywords' propset from everything
Minor syshead.h change for NetBSD to allow
Added two new management states:
pkcs11 changes:
Fixed bug introduced with the --port-share directive
Comment about assertion being hit.
Version 2.1_beta15 released
TAP-Win32 fixes to run on Windows Vista.
Fixed bug in loopback self-test introduced
ChangeLog edits for r1229 and r1230.
Documented --socket-flags and the TCP_NODELAY flag.
For Windows build, updated OpenSSL to 0.9.7l.
Version 2.1_beta16 released
Merged Alon's branch:
auth-pam change: link with -lpam rather
Prevent SIGUSR1 or SIGHUP from causing program
SO_REUSEADDR should not be set on Windows TCP sockets because
Fixed typo in tapdrvr.c -- the fix is functionally cosmetic
PROTO_TCPv4 is never used as an index into
Added #ifdefed out AUTO_USERID feature.
Added time_ascii, time_duration, and time_unix
Interim snapshot 2.1_rc1a
Fixed issue where OpenVPN does not apply the --txqueuelen option
Backed out AUTO_USERID feature introduced in r1436.
Attempt at rational signal handling when in the
New try at AUTO_USERID.
Revert TAP-Win64 binaries to tapbin64-0801
Interim snapshot 2.1_rc1b
Fixed issue where struct env_set methods that
updated valgrind-suppress for OpenSSL 0.9.8
Interim snapshot 2.1_rc1c
--reneg-sec clarification in man page.
Renamed TAP-Win32 driver from tap0801.sys to tap0901.sys
The Windows version will now use a default route-delay
Worked around an incompatibility in the Windows Vista
On Windows, revert to "ip-win32 dynamic" as the default.
Version 2.1_rc2 released
Include tap.cat (TAP driver catalog file) in Windows
TAP driver fix for Vista x64 BSOD.
Allow installation of TAP-Win64
Changes to Windows build environment, to allow straightforward building
Added service configuration to install-win32/winconfig
Added maketap and signtap scripts.
Added maketapinstall.
./domake-win will now do a full build of the installer
Forgot to svn add buildinstaller before last commit.
Cleaned up Windows build scripts.
Windows TAP driver license text changes.
Don't build special x64 version of tapinstall.exe
Revert r1773
Added options to version.nsi that allow prebuilt
Updated build system and tap driver to work with
Use Server 2003 rather than Vista as x64 target for tap/tapinstall.
Clean up configure on FreeBSD for recent autotool versions that
The easy-rsa directory installed by the windows installer comes with the
Added OpenVPN GUI (Mathias Sundman version) as install
Added a Windows README file to the installer than
Moved OpenVPN version number from configure.ac
Version is now specified in version.m4 for both
Version 2.1_rc3
Forgot to add changelog item about OpenVPN GUI being
TAP driver now passes signing tests on Vista x64.
misc Windows build system changes
Fixed 64-bit portability bug in time_string function (Thomas Habets).
Version 2.1_rc4
script comment changes
Fixed a variable declaration that wasn't at the start
updated icon
config-win32.h and install-win32/openvpn.nsi are no longer generated
AUTO_USERID feature -- if the auth-user-pass option is used
Add "forget-passwords" command to the management interface (Alon Bar-Lev).
Added --management-signal option to signal SIGUSR1 when the management
Modified command line and config file parser to allow
Use pkcs11-helper as external library, can be downloaded
PKCS-11 fixups (Alon Bar-Lev).
Added note about alternative version of easy-rsa
Fixed interim memory growth issue in TCP connect loop where
epoll driver in event.c should be prepared to handle an
Simple fix where options->ca_file was used without
Define ALLOW_NON_CBC_CIPHERS for people who don't
Added PLUGIN_LIBDIR preprocessor string to prepend a default plugin
Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS
Allow OpenVPN to run completely unprivileged under Linux
Fixed --disable-iproute2 in ./configure to actually disable
Changed ASSERT(0) to a more descriptive fatal error in tun.c
Incremented version number to 2.1_rc4a.
Upgraded TAP build scripts to use WDK 6001.17121
Added --management-forget-disconnect option -- forget
Incremented TAP version number to 9.4.
Squashed Win2K TAP bug that was introduced by Vista fixes.
Forgot to put struct WIN2K_NDIS_MINIPORT_BLOCK outside
VERSION 2.1_rc5
Fixed pkcs11_private_mode undef.
VERSION 2.1_rc6
Added a few extra files that exist in the svn repo
Fixup null interface on close, don't use ip addr flush
Version 2.1_rc7
Changes to Windows build system to make it easier to do
Changes to Windows build system: added GENOUT_PREBUILT mode
Cleanup IP address for persistence interfaces for tap and also using
The new function extract_x509_field_ssl tends to break
Clarified tcp-queue-limit man page entry
Version 2.1_rc7a.
Added new OpenVPN icon and installer graphic.
First working version of XGUI inclusion.
Set tool defaults in pkitool.
Misc XGUI fixes.
Moved branch into official BETA21 position.
Modified .svnignore to only ignore files generated
Did:
Support asynchronous/deferred authentication in
Fixed a bug in plugin.c that caused openvpn_plugin_client_destructor_v1
Incremented version to 2.1_rc7d.
In auth-pam authentication module, even when in debug mode,
Fixed an issue in extract_x509_field_ssl where the extraction
Fixed unbounded memory growth bug in
Added support for building and linking with
Updated version to 2.1_rc7e.
Merged connection profiles from
Updated version & changelog.
Updated copyright notice to 2008.
Version 2.1_rc8
Copyright change OpenVPN Solutions LLC -> Telethra, Inc.
Added likely() and unlikely() branch prediction hint macros
Used unlikely() macro to tell compiler that msg() will
In the Windows version of tun_finalize, on errors that would
Added SOCKET_SND_RCV_BUF_MAX constant (set to 1000000) to limit the
Fixed issue in read_key_file, where the return value of
Fixed a potential information leak in the new NTLM phase 3 code,
Support wraparound of reliable.[ch] packet IDs. In
Removed old version of extract_x509_field.
Check for multiplication overflow on ALLOC_ARRAY* functions.
Added warning when using chroot without specifying user and group.
Call prng_init after fork in background process
gen_path now rejects filenames that match Windows
Previously, OpenVPN might log a client's auth-user-pass
Modified create_temp_filename to create unpredictable
Fixed code inclusion bug that was erroneously testing
gen_path will no longer silently truncate the generated
status_printf function will now set error flag on
Fixed format string issue in read_inline_file,
Reverted some recent buffer.[ch] changes, including r3058 (except for
Added a warning when plugins are specified without
Replace leading dash ('-') characters in an X509 name with underbars ('_')
Modified extract_x509_field_ssl to return a status value indicating
buf_printf will now return false on errors, such as truncation
Added argv_x functions to buffer.[ch] to be used to safely build
Completely revamped the system for calling external programs and scripts:
Fixed compiler warnings in Windows build (MinGW).
Perform additional input validation on options pulled
Added a warning message when passwords are cached in memory.
Added additional defensive programming to buffer.[ch] functions.
Added additional warnings for:
Updated ChangeLog and version number.
In Windows build, package a statically linked openssl.exe to work around
Version 2.1_rc9
Added "--server-bridge" (without parameters) to enable
Fixed minor issue with --redirect-gateway bypass-dhcp or bypass-dns
Added additional warnings to flag common gotchas:
Workaround for MinGW autoconf issue where HAVE_SETSOCKOPT,
Reverted r3181, accomplish the same thing via a special case
Updated openvpn/t_cltsrv.sh (used by "make check") to conform to new
Tagged security fix in 2.1-rc9 as CVE-2008-3459.
Fixed build issue with ./configure --disable-socks --disable-http.
Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, which
LZO compression buffer overflow errors will now invalidate
Fixed minor compile issue in ntlm.c (mid-block declaration).
Added --allow-pull-fqdn option which allows client to pull DNS names
2.1_rc8 and earlier did implicit shell expansion on script
Modified ip_or_dns_addr_safe, which validates pulled DNS names,
Fixed bug in intra-session TLS key rollover that was introduced with
Version 2.1_rc9b
Version 2.1_rc10
Version 2.1_rc11
Patched Makefile.am so that the new t_cltsrv-down.sh script becomes
Fixed --lladdr bug introduced in 2.1-rc9 where input validation code
Version 2.1_rc12
Management interface can now listen on a unix
Copyright notice changed to reflect change in name of
Version 2.1_rc13
Added AC_GNU_SOURCE to configure.ac to enable struct ucred,
Added additional warning messages about --script-security 2
Modified Windows domake-win build system to write all openvpn.nsi
Added optional files SAMPCONF_CONF2 (second sample configuration
Extended Management Interface "bytecount" command
Fixed informational message in ssl.c to properly indicate
Save X509 Subject fields to environment, using the naming convention:
Change to pkitool/openssl.cnf so that calling scripts can
Added server-side --auth-user-pass-optional directive, to allow
Added man page entry for new environmental variable set
Modified pkitool to allow flexibility in separating
Added --status-version 3 which is the same as version 2
Added --no-name-remapping option to allow Common Name, X509 Subject,
Updated docs to reflect the addition of
Fixed some ifconfig-pool issues that precluded
Fixed revoke-full to deal with issue arising from addition
Added config file option "setenv FORWARD_COMPATIBLE 1" to relax
Minor fix to previous commit (r3476).
Interim release.
* Added additional method parameter to --script-security to preserve
Version 2.1_rc14
Added --prng option to control PRNG (pseudo-random
Added server-side --opt-verify option: clients that connect
Minor options check fix: --no-name-remapping is a
Cleaned up man page synopsis.
Added --tcp-nodelay option: Macro that sets TCP_NODELAY socket
Fixed issue introduced in 2.1_rc14 that may cause a
Version 2.1_rc15
Added optional "nogw" (no gateway) flag to --server-bridge
Added new management interface command "pid" to show the
Added ExtractAuxFile capability to Windows Installer.
Added MultiFileExtract capability to Windows Installer.
Added "nclients" command to management interface to
Added n_clients environmental variable to information passed
Version 2.1_rc15b
Fixed issue where SIGUSR1 restarts would fail if private
Added daemon_start_time and daemon_pid environmental variables.
In Windows installer generator, don't sign the installer .exe
Version 2.1_rc15e
Fixed some issues with C++ style comments that leaked into the code.
Fixed some compile-time warnings.
Updated configure.ac to work on MinGW.
Updated common.h types for _WIN64.
Fixed issue involving an #ifdef in a macro reference that breaks early gcc
install-win32/buildinstaller will now always sign executable
Added the ability to read the configuration file
Allow "management-client" directive to be used
Added errors-to-stderr option. When enabled, fatal errors
Updated Windows build scripts to package openssl-0.9.8k,
Version 2.1_rc16
Reduce the debug level (--verb) at which received management interface
Fixed race condition in management interface recv code on
Added "redirect-private" option which allows private subnets
Added new 'autolocal' redirect-gateway flag. When enabled, the OpenVPN
Fixed issue of symbol conflicts interfering with Windows CryptoAPI
Fixed bug where the remote_X environmental variables were not being
Update copyright to 2009.
Version 2.1_rc17
Fixed compile error on ./configure --enable-small
Fixed issue introduced in r4475 (2.1-rc17) where cryptoapi.c change
Version 2.1_rc18
In configure.ac, use datadir instead of datarootdir for compatibility
Rename generated tapdrvr.cod to a unique name to avoid the issue where
In Windows TAP driver, refactor DHCP/ARP packet injection code to
OpenVPN version 2.1_rc19 released
Fixed build problem when ./configure --disable-server is used.
Fixed ifconfig command for "topology subnet" on FreeBSD (Stefan Bethke).
Added --remote-random-hostname option.
Added "load-stats" management interface command to get global
Added PLATFORM-SPECIFIC comment tag to platform-specific functions
Added new ./configure flags:
Added "setcon" directive for interoperability with SELinux
Updated version number to 2.1_rc19c.
Modified client to send a PUSH_REQUEST message to server 1 second
The maximum number of "route" directives (specified in the config
Eliminated the limitation on the number of options that can be pushed
Added --server-poll-timeout option : when polling possible remote
Fixed a bug introduced in r4436 (2.1_rc17) where using the
Added the ability for the server to provide a custom reason string
Minor fix: management interface shouldn't echo 'load-stats' commands to
client-kill management interface command, when issued on server, will
Version 2.1_rc20
Fixed issue where some .svn directories were being inadvertently
Added "setenv GENERIC_CONFIG" directive, for generic configs
On server, lock session username against changes in mid-session TLS
Change to doval valgrind script. The openvpn command parameter is now
On server, lock client-provided certs against mid-session TLS
Version 2.1_rc20a
Version 2.1_rc21
Increase MAX_CERT_DEPTH to 16 (from 8), and when exceeded,
Fixed a client-side bug that occurred when the "dhcp-pre-release"
Version 2.1_rc22
Fixed a couple issues in sample plugins auth-pam.c and down-root.c:
Documented --multihome in the man page.
Clarified that TAP-Win32 driver is licensed under GPL 2.
Version 2.1.0
Fixed some breakage in openvpn.spec (which is required to build an
When aborting in a non-graceful way, try to execute do_close_tun in
Fixed an issue where AUTH_FAILED was not being properly delivered
Don't advance the connection list on AUTH_FAILED errors.
Version 2.1.1b
Fixed an issue in the Management Interface that could cause
-----------------------------------------------------------------------
hooks/post-receive
--
OpenVPN with experimental and new features - which requires a lot of testing
|
