openvpn: update to 2.2.2

Change-Id: I38327d829984314d199b31d72288501de2d786ce

Android.mk

@@ -69,7 +69,6 @@ common_SRC_FILES:= \
 	ssl.c ssl.h \
 	status.c status.h \
 	syshead.h \
-	thread.c thread.h \
 	tun.c tun.h \
 	win32.h win32.c \
 	cryptoapi.h cryptoapi.c \

ChangeLog

@@ -1,25 +1,198 @@
 OpenVPN Change Log
-Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
-
-2010.11.04 -- Version 2.1.4
-
-* Fix problem with special case route targets ('remote_host')
-
-  The init_route() function will leave &netlist untouched for
-  get_special_addr() routes ("remote_host" being one of them).
-  netlist is on stack,  contains random garbage, and
-  netlist.len will not be 0 - thus, random stack data is copied from
-  netlist.data[] until the route_list is full.
-  Thanks to Teodo MICU and Gert Doering for finding and fixing this issue.
-
-2010.08.20 -- Version 2.1.3
-
-* Windows build fixes
-  Attempt to fix issue where domake-win build system was not properly
-  signing drivers and .exe files.  This change is only affecting the
-  Windows build scripts and not the OpenVPN code base.
-
-2010.08.09 -- Version 2.1.2
+Copyright (C) 2002-2011 OpenVPN Technologies, Inc. <sales@openvpn.net>
+
+2011.12.14 -- Version 2.2.2
+David Sommerseth (1):
+      Only warn about non-tackled IPv6 packets once
+
+Gert Doering (3):
+      add missing break between "case IPv4" and "case IPv6"
+      bump tap driver version from 9.8 to 9.9
+      log error message and exit for "win32, tun mode, tap driver version 9.8"
+
+Samuli Seppänen (1):
+      Backported pkcs11-related parts of 7a8d707237bb18 to 2.2 branch
+
+2011.07.01 -- Version 2.2.1
+David Sommerseth (4):
+	      Don't define ENABLE_PUSH_PEER_INFO if SSL is not available
+	      Fix compiling issues with pkcs11 when --disable-management is configured
+	      Remove support for Linux 2.2 configuration fallback
+	      Revert "Add new openssl.cnf to easy-rsa/Windows"
+	      Prepared for releasing OpenVPN 2.2.1
+
+Gustavo Zacarias (1):
+	      Fix compile issues when using --enable-small and --disable-ssl/--disable-crypto
+
+Matthew L. Creech (1):
+	      Fix 2.2.0 build failure when management interface disabled
+
+Robert Fischer (2):
+	      Added info about --show-proxy-settings
+	      Documented --x509-username-field option
+
+Samuli Seppänen (5):
+	      Fix a build-ca issue on Windows
+	      Add new openssl.cnf to easy-rsa/Windows
+	      Updated "easy-rsa" for OpenSSL 1.0.0
+	      Made domake-win builds to use easy-rsa/2.0/openssl-1.0.0.cnf
+	      Fixes to easy-rsa/2.0
+
+Simon Matter (1):
+	      Fix issues with some older GCC compilers
+
+2011.04.21 -- Version 2.2.0
+David Sommerseth (4):
+      Fix the --client-cert-not-required feature
+      Change the default --tmp-dir path to a more suitable path
+      Improve the mysprintf() issue in openvpnserv.c
+      Add a simple comment regarding openvpn_snprintf() is duplicated
+
+Gert Doering (1):
+      Add more detailed explanation regarding the function of "--rdns-internal"
+
+Gisle Vanem (1):
+      Avoid re-defining uint32_t when using mingw compiler
+
+James Yonan (1):
+      Fixed bug in port-share that could cause port share process to crash with output like this:
+
+Robert Fischer / rf (4):
+      Update man page with info about --capath
+      Update man page with info about --connect-timeout
+      Update man page with info about --remote-random-hostname
+      Added man page entry for --management-client
+
+Samuli Seppänen (6):
+      Add man page entry for --redirect-private
+      Change all CRLF linefeeds to LF linefeeds
+      Fix a bug in devcon source code handling
+      Removed Win2k from supported platforms list in INSTALL and win/openvpn.nsi
+      Fixed copying of tapinstall.exe to dist/bin when using prebuilt TAP-drivers
+      Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier
+
+chantra (1):
+      Clarify --tmp-dir option
+
+2011.03.24 -- Version 2.2-RC2
+Alon Bar-Lev (1):
+      Windows cross-compile cleanup
+
+David Sommerseth (2):
+      Open log files as text files on Windows
+      Clarify default value for the --inactive option.
+
+Gert Doering (1):
+      Implement IPv6 in TUN mode for Windows TAP driver.
+
+Samuli Seppänen (6):
+      Added support for prebuilt TAP-drivers. Automated embedding manifests.
+      Fixes to win/openvpn.nsi
+      Replaced config-win32.h with win/config.h.in
+      Updated INSTALL-win32.txt
+      Fixes to Makefile.am
+      Clarified --client-config-dir section on the man-page.
+
+Ville Skyttä (1):
+      Fix line continuation in chkconfig init script description.
+
+2011.02.28 -- Version 2.2-RC
+David Sommerseth (3):
+      Make the --x509-username-field feature an opt-in feature
+      Fix compiler warning when compiling against OpenSSL 1.0.0
+      Fix packaging of config-win32.h and service-win32/msvc.mak
+
+James Yonan (1):
+      Minor addition of logging info before and after execution of Windows net commands.
+
+Matthias Andree (1):
+      Change variadic macros to C99 style.
+
+Samuli Seppänen (15):
+      Added ENABLE_PASSWORD_SAVE to config-win32.h
+      Added a nmake makefile for openvpnserv.exe building
+      Moved TAP-driver version info to version.m4. Cleaned up win/settings.in.
+      Added helper functionality to win/wb.py
+      Added support for viewing config-win32.h paramters to win/show.py
+      Added comments and made small modifications to win/msvc.mak.in
+      Added command-line switch to win/build_all.py to skip TAP driver building
+      Added configure.h and version.m4 variable parsing to win/config.py
+      Added openvpnserv.exe building to win/build.py
+      Added comments to win/build_ddk.py
+      Several modifications to win/make_dist.py to allow building the NSI installer
+      Copied install-win32/setpath.nsi to win/setpath.nsi
+      Added first version of NSI installer script to win/openvpn.nsi
+      Changes to buildsystem patchset
+      Temporary snprintf-related fix to service-win32/openvpnserv.c
+
+2010.11.25 -- Version 2.2-beta5
+
+Samuli Seppänen (1):
+      Fixed an issue causing a build failure with MS Visual Studio 2008.
+
+2010.11.18 -- Version 2.2-beta4
+
+David Sommerseth (10):
+      Clarified --explicit-exit-notify man page entry
+      Clean-up: Remove pthread and mutex locking code
+      Clean-up: Remove more dead and inactive code paths
+      Clean-up: Removing useless code - hash related functions
+      Use stricter snprintf() formatting in socks_username_password_auth() (v3)
+      Fix compiler warnings about not used dummy() functions
+      Fixed potential misinterpretation of boolean logic
+      Only add some functions when really needed
+      Removed functions not being used anywhere
+      Merged add_bypass_address() and add_host_route_if_nonlocal()
+
+Gert Doering (3):
+      Integrate support for TAP mode on Solaris, written by Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>.
+      Make "topology subnet" work on Solaris
+      Improved man page entry for script_type
+
+James Yonan (5):
+      Fixed initialization bug in route_list_add_default_gateway (Gert Doering).
+      Implement challenge/response authentication support in client mode
+      Make base64.h have the same conditional compilation expression as base64.c.
+      Fixed compiling issues when using --disable-crypto
+      In verify_callback, the subject var should be freed by OPENSSL_free, not free
+
+Jesse Young (1):
+      Remove hardcoded path to resolvconf
+
+Lars Hupel (1):
+      Add HTTP/1.1 Host header
+
+Pierre Bourdon (1):
+      Adding support for SOCKS plain text authentication
+
+Samuli Seppänen (2):
+      Added check for variable CONFIGURE_DEFINES into options.c
+      Added command-line option parser and an unsigned build option to build_all.py
+
+2010.08.21 -- Version 2.2-beta3
+
+* Attempt to fix issue where domake-win build system was not properly
+  signing drivers and .exe files.
+
+  Added win/tap_span.py for building multiple versions of the TAP driver
+  and tapinstall binaries using different DDK versions to span from Win2K
+  to Win7 and beyond.
+
+* Community patches
+  David Sommerseth (2):
+      Test framework improvment - Do not FAIL if t_client.rc is missing
+      More t_client.sh updates - exit with SKIP when we want to skip
+
+  Gert Doering (4):
+      Fix compile problems on NetBSD and OpenBSD
+      Fix <net/if.h> compile time problems on OpenBSD for good
+      full "VPN client connect" test framework for OpenVPN
+      Build t_client.sh by configure at run-time.
+
+  chantra (1):
+      Fixes openssl-1.0.0 compilation warning
+
+2010.08.16 -- Version 2.2-beta2
 
 * Windows security issue:
   Fixed potential local privilege escalation vulnerability in

INSTALL

@@ -42,7 +42,7 @@ SUPPORTED PLATFORMS:
   (4) Mac OS X Darwin
   (5) FreeBSD
   (6) NetBSD
-  (7) Windows (Win 2K and higher)
+  (7) Windows (WinXP and higher)
 
 SUPPORTED PROCESSOR ARCHITECTURES:
    In general, OpenVPN is word size and endian independent, so
@@ -280,7 +280,7 @@ TUN/TAP Driver Configuration:
   needs to be manually copied to /kernel/drv/sparcv9/ and then a 
   reconfiguration reboot. (boot -r).
 
-* Windows 2000/XP/2003/Vista
+* Windows XP/2003/Vista
 
   See domake-win for building instructions.
   See INSTALL-win32.txt for usage info.

INSTALL-win32.txt

@@ -1,4 +1,4 @@
-IMPORTANT NOTE FOR VISTA USERS
+IMPORTANT NOTE FOR WINDOWS VISTA/7 USERS
 
 Note that on Windows Vista, you will need to run the OpenVPN
 GUI with administrator privileges, so that it can add routes
@@ -9,14 +9,15 @@ desktop icon, and selecting "Run as administrator".
 GENERAL QUICKSTART FOR WINDOWS
 
 The OpenVPN Client requires a configuration file
-and key/certificate files.  You should obtain
-these and save them to \Program Files\OpenVPN\config.
+and key/certificate files. You should obtain
+these and save them to OpenVPN's configuration
+directory, usually C:\Program Files\OpenVPN\config.
 
-To start OpenVPN, first run the OpenVPN GUI by double
-clicking on the desktop icon or start menu icon.
-
-The OpenVPN GUI is a system-tray applet, so an icon for the
-GUI will appear in the lower-right corner of the screen.
-Right click on the system tray icon, and a menu should appear
-showing the names of your OpenVPN configuration files, and
-giving you the option to connect.
+You can run OpenVPN as a Windows system service or by using
+the client GUI. To use the OpenVPN GUI, double click on the
+desktop icon or start menu icon. The OpenVPN GUI is a
+system-tray applet, so an icon for the GUI will appear in
+the lower-right corner of the screen. Right click on the
+system tray icon, and a menu should appear showing the names
+of your OpenVPN configuration files, and giving you the
+option to connect.

Makefile.am

@@ -6,6 +6,7 @@
 #             packet compression.
 #
 #  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+#  Copyright (C) 2010      David Sommerseth <dazo@users.sourceforge.net>
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License version 2
@@ -37,7 +38,7 @@ MAINTAINERCLEANFILES = \
 	$(srcdir)/depcomp $(srcdir)/aclocal.m4 \
 	$(srcdir)/config.guess $(srcdir)/config.sub \
 	$(srcdir)/openvpn.spec
-CLEANFILES = openvpn.8.html
+CLEANFILES = openvpn.8.html configure.h
 
 EXTRA_DIST = \
 	easy-rsa \
@@ -56,22 +57,25 @@ SUBDIRS = \
 	service-win32 \
 	install-win32
 
-TESTS = t_lpback.sh t_cltsrv.sh
+TESTS = t_client.sh t_lpback.sh t_cltsrv.sh
 sbin_PROGRAMS = openvpn
 
-dist_noinst_HEADERS =
+dist_doc_DATA = \
+	management/management-notes.txt
 
 dist_noinst_SCRIPTS = \
 	$(TESTS) \
 	doclean \
 	domake-win \
-	t_cltsrv-down.sh
+	t_cltsrv-down.sh \
+	configure_h.awk configure_log.awk
 
 dist_noinst_DATA = \
 	openvpn.spec \
 	COPYRIGHT.GPL \
 	PORTS \
-	INSTALL-win32.txt
+	INSTALL-win32.txt \
+	service-win32/msvc.mak
 
 openvpn_SOURCES = \
         base64.c base64.h \
@@ -136,11 +140,16 @@ openvpn_SOURCES = \
 	ssl.c ssl.h \
 	status.c status.h \
 	syshead.h \
-	thread.c thread.h \
 	tun.c tun.h \
 	win32.h win32.c \
 	cryptoapi.h cryptoapi.c
 
+nodist_openvpn_SOURCES = configure.h
+options.$(OBJEXT): configure.h
+
+configure.h: Makefile
+	awk -f $(srcdir)/configure_h.awk config.h > $@
+	awk -f $(srcdir)/configure_log.awk config.log >> $@
 
 dist-hook:
 	cd $(distdir) && for i in $(EXTRA_DIST) $(SUBDIRS) ; do find $$i -name .svn -type d -prune -exec rm -rf '{}' ';' ; rm -f `find $$i -type f | grep -E '(^|\/)\.?\#|\~$$|\.s?o$$'` ; done