Tags: OpenVPN/openvpn
Tags
OpenVPN Release v2.6.13
2025.01.15 -- Version 2.6.13
Arne Schwabe (2):
Refuse clients if username or password is longer than USER_PASS_LEN
Improve peer fingerprint documentation
Ben Boeckel (1):
console_systemd: remove the timeout when using 'systemd-ask-password'
Frank Lichtenheld (5):
Fix missing spaces in various messages
GHA: Update macOS runners
GHA: Simplify macOS builds
Various typo fixes
forward: Fix potential unaligned access in drop_if_recursive_routing
Gert Doering (2):
send uname() release as IV_PLAT_VER= on non-windows versions
preparing release 2.6.13
Gianmarco De Gregori (1):
Route: remove incorrect routes on exit
Lev Stipakov (1):
Use a more robust way to get dco-win version
Ralf Lici (1):
Fix check_addr_clash argument order
Rémi Farault (1):
Add calls to nvlist_destroy to avoid leaks
Selva Nair (3):
proxy.c: Clear sensitive data after use
Protect cached username, password and token on client
Fix more of uninitialized struct user_pass local vars
corubba (2):
Fix IPv6 in port-share journal
Fix port-share journal doc
OpenVPN Release v2.6.12
2024.07.17 -- Version 2.6.12
Arne Schwabe (1):
Allow trailing \r and \n in control channel message
Frank Lichtenheld (1):
configure: Try to detect LZO with pkg-config
Gianmarco De Gregori (1):
Http-proxy: fix bug preventing proxy credentials caching
OpenVPN Release v2.6.11
2024.06.20 -- Version 2.6.11
5andr0 (1):
Implement server_poll_timeout for socks
Arne Schwabe (6):
Use snprintf instead of sprintf for get_ssl_library_version
Add bracket in fingerprint message and do not warn about missing verification
Replace macos11 with macos14 in github runners
Only run coverity scan in OpenVPN/OpenVPN repository
Workaround issue in LibreSSL crashing when enumerating digests/ciphers
Properly handle null bytes and invalid characters in control messages
Franco Fichtner (1):
Allow to set ifmode for existing DCO interfaces in FreeBSD
Frank Lichtenheld (6):
samples: Update sample configurations
documentation: make section levels consistent
phase2_tcp_server: fix Coverity issue 'Dereference after null check'
script-options.rst: Update ifconfig_* variables
LZO: do not use lzoutils.h macros
Remove "experimental" denotation for --fast-io
Heiko Wundram (1):
Implement Windows CA template match for Crypto-API selector
Lev Stipakov (2):
misc.c: remove unused code
interactive.c: Improve access control for gui<->service pipe
Reynir Björnsson (1):
Only schedule_exit() once
OpenVPN v2.5.10 release
2024.03.21 -- Version 2.5.10
Arne Schwabe (1):
Add Apache2 linking with for new commits
George Pchelkin (1):
fix typo: dhcp-options to dhcp-option in vpn-network-options.rst
Lev Stipakov (3):
win32: Enforce loading of plugins from a trusted directory
interactive.c: disable remote access to the service pipe
interactive.c: Fix potential stack overflow issue
OpenVPN Release v2.6.10
2024.03.20 -- Version 2.6.10
Christoph Schug (1):
Update documentation references in systemd unit files
Frank Lichtenheld (6):
Fix typo --data-cipher-fallback
samples: Remove tls-*.conf
check_compression_settings_valid: Do not test for LZ4 in LZO check
t_client.sh: Allow to skip tests
Update Copyright statements to 2024
GHA: general update March 2024
Lev Stipakov (4):
win32: Enforce loading of plugins from a trusted directory
interactive.c: disable remote access to the service pipe
interactive.c: Fix potential stack overflow issue
Disable DCO if proxy is set via management
Martin Rys (1):
openvpn-[client|server].service: Remove syslog.target
Max Fillinger (1):
Remove license warning from README.mbedtls
Selva Nair (1):
Document that auth-user-pass may be inlined
wellweek (1):
remove repetitive words in documentation and comments
OpenVPN Release v2.6.9
2024.02.11 -- Version 2.6.9
Arne Schwabe (15):
Remove unused function prototype crypto_adjust_frame_parameters
Log SSL alerts more prominently
Document tls-exit option mainly as test option
Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway
Fix check_session_buf_not_used using wrong index
Add missing check for nl_socket_alloc failure
Add check for nice in cmake config
Remove compat versionhelpers.h and remove cmake/configure check for it
Extend the error message when TLS 1.0 PRF fails
Fix unaligned access in macOS, FreeBSD, Solaris hwaddr
Check PRF availability on initialisation and add --force-tls-key-material-export
Make it more explicit and visible when pkg-config is not found
Clarify that the tls-crypt-v2-verify has a very limited env set
Implement the --tls-export-cert feature
Remove conditional text for Apache2 linking exception
David Sommerseth (2):
Remove --tls-export-cert
Remove superfluous x509_write_pem()
Frank Lichtenheld (14):
sample-keys: renew for the next 10 years
GHA: clean up libressl builds with newer libressl
configure.ac: Remove unused AC_TYPE_SIGNAL macro
documentation: remove reference to removed option --show-proxy-settings
unit_tests: remove includes for mock_msg.h
documentation: improve documentation of --x509-track
NTLM: add length check to add_security_buffer
NTLM: increase size of phase 2 response we can handle
proxy-options.rst: Add proper documentation for --http-proxy-user-pass
buf_string_match_head_str: Fix Coverity issue 'Unsigned compared against 0'
--http-proxy-user-pass: allow to specify in either order with --http-proxy
README.cmake.md: Document minimum required CMake version for --preset
documentation: Update and fix documentation for --push-peer-info
documentation: Fixes for previous fixes to --push-peer-info
Gert Doering (4):
OpenBSD: repair --show-gateway
get_default_gateway() HWADDR overhaul
fix uncrustify complaints about previous patch
preparing release 2.6.9
Kristof Provost (1):
dco-freebsd: dynamically re-allocate buffer if it's too small
Lev Stipakov (1):
tun.c: don't attempt to delete DNS and WINS servers if they're not set
Marc Becker (1):
vcpkg-ports/pkcs11-helper: bump to version 1.30
Max Fillinger (4):
Add support for mbedtls 3.X.Y
Update README.mbedtls
Disable TLS 1.3 support with mbed TLS
Enable key export with mbed TLS 3.x.y
Reynir Bjoernsson (1):
protocol_dump: tls-crypt support
Steffan Karger (1):
Fix IPv6 route add/delete message log level
yatta (1):
fix(ssl): init peer_id when init tls_multi
OpenVPN Release v2.6.8
2023.11.17 -- Version 2.6.8
Aquila Macedo (1):
doc: Correct typos in multiple documentation files
Arne Schwabe (1):
Do not check key_state buffers that are in S_UNDEF state
Frank Lichtenheld (1):
platform.c: Do not depend Windows build on HAVE_CHDIR
Lev Stipakov (3):
config.h: fix incorrect defines for _wopen()
Make --dns options apply for tap-windows6 driver
Warn if pushed options require DHCP
OpenVPN v2.6.7 release
2023.11.08 -- Version 2.6.7
Antonio Quartulli (1):
dco: fix crash when --multihome is used with --proto tcp
Arne Schwabe (8):
Mock openvpn_exece on win32 also for test_tls_crypt
Add warning for the --show-groups command that some groups are missing
Print peer temporary key details
Add warning if a p2p NCP client connects to a p2mp server
Remove openssl engine method for loading the key
Remove saving initial frame code
Double check that we do not use a freed buffer when freeing a session
Fix using to_link buffer after freed
Frank Lichtenheld (7):
GHA: do not trigger builds in openvpn-build anymore
GHA: new workflow to submit scan to Coverity Scan service
buffer: use memcpy in buf_catrunc
vcpkg-ports/pkcs11-helper: Backport MinGW series from master to release/2.6
CMake: backport CMake buildsystem from master to release/2.6
Remove all traces of the previous MSVC build system
doc: fix argument name in --route-delay documentation
Heiko Hund (1):
dns option: remove support for exclude-domains
Lev Stipakov (3):
Warn user if INFO control command is too long
dco-win: get driver version
dco: warn if DATA_V1 packets are sent to userspace
Selva Nair (2):
Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant
Log OpenSSL errors on failure to set certificate
orbea (1):
configure: disable engines if OPENSSL_NO_ENGINE is defined
OpenVPN Relase v2.6.6
2023.08.14 -- Version 2.6.6
Antonio Quartulli (1):
configure.ac: fix typ0 in LIBCAPNG_CFALGS
Arne Schwabe (8):
Avoid unused function warning/error on FreeBSD (and potientially others)
fix warning with gcc 12.2.0 (compiler bug?)
Fix CR_RESPONSE mangaement message using wrong key_id
Print a more user-friendly error when tls-crypt-v2 client auth fails
Ignore Ipv6 route delete request on Android and set ipv4 verbosity to 7
Revert commit 423ced9
Implement using --peer-fingerprint without CA certificates
show extra info for OpenSSL errors
David Sommerseth (1):
ntlm: Clarify details on NTLM phase 3 decoding
Frank Lichtenheld (8):
dist: add more missing files only used in the MSVC build
dist: Include all documentation in distribution
unit_tests: Add missing cert_data.h to source list for unit tests
test_tls_crypt: Improve mock() usage to be more portable
Remove old Travis CI related files
options: Do not hide variables from parent scope
pkcs11_openssl: Disable unused code
route: Fix overriding return value of add_route3
George Pchelkin (1):
fix typo: dhcp-options to dhcp-option in vpn-network-options.rst
Gert Doering (1):
Make received OCC exit messages more visible in log.
Heiko Hund (1):
work around false positive warning with mingw 12
Lev Stipakov (3):
tun.c: enclose DNS domain in single quotes in WMIC call
manage.c: document missing KID parameter
Set WINS servers via interactice service
Sergey Korolev (1):
dco-linux: fix counter print format
PreviousNext