wiki:ChangesInOpenvpn22
OpenVPN Change Log

Copyright (C) 2002-2011 OpenVPN Technologies, Inc. 

2011.12.22 -- Version 2.2.2

David Sommerseth (1):
      Only warn about non-tackled IPv6 packets once

Gert Doering (3):
      Add missing break between "case IPv4" and "case IPv6", leading to the     
      Bump tap driver version from 9.8 to 9.9
      Log error message and exit for "win32, tun mode, tap driver version 9.8"

Samuli Seppänen (1):
      Backported pkcs11-related parts of 7a8d707237bb18 to 2.2 branch

2011.07.06 -- Version 2.2.1

David Sommerseth (3):
      Don't define ENABLE_PUSH_PEER_INFO if SSL is not available
      Fix compiling issues with pkcs11 when --disable-management is configured
      Remove support for Linux 2.2 configuration fallback

Gustavo Zacarias (1):
      Fix compile issues when using --enable-small and --disable-ssl/--disable-crypto

Matthew L. Creech (1):
      Fix 2.2.0 build failure when management interface disabled

Robert Fischer (2):
      Added info about --show-proxy-settings
      Documented --x509-username-field option

Samuli Seppänen (4):
      Updated "easy-rsa" for OpenSSL 1.0.0
      Fixes to easy-rsa/2.0
      Made domake-win builds to use easy-rsa/2.0/openssl-1.0.0.cnf
      Fix a build-ca issue on Windows

Simon Matter (1):
      Fix issues with some older GCC compilers

2011.04.26 -- Version 2.2.0

David Sommerseth (4):
      Fix the --client-cert-not-required feature
      Change the default --tmp-dir path to a more suitable path
      Improve the mysprintf() issue in openvpnserv.c
      Add a simple comment regarding openvpn_snprintf() is duplicated

Gert Doering (1):
      Add more detailed explanation regarding the function of "--rdns-internal"

Gisle Vanem (1):
      Avoid re-defining uint32_t when using mingw compiler

James Yonan (1):
      Fixed bug in port-share that could cause port share process to crash

Robert Fischer (2):
      Update man page with info about --capath
      Update man page with info about --connect-timeout

Samuli Seppänen (6):
      Add man page entry for --redirect-private
      Change all CRLF linefeeds to LF linefeeds
      Fix a bug in devcon source code handling
      Removed Win2k from supported platforms list in INSTALL and win/openvpn.nsi
      Fixed copying of tapinstall.exe to dist/bin when using prebuilt TAP-drivers
      Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier

chantra (1):
      Clarify --tmp-dir option

rf (2):
      Update man page with info about --remote-random-hostname
      Added man page entry for --management-client

2011.03.25 -- Version 2.2-RC2

Alon Bar-Lev (1):
      Windows cross-compile cleanup

David Sommerseth (2):
      Open log files as text files on Windows
      Clarify default value for the --inactive option.

Gert Doering (1):
      Implement IPv6 in TUN mode for Windows TAP driver.

Samuli Seppänen (6):
      Added support for prebuilt TAP-drivers. Automated embedding manifests.
      Fixes to win/openvpn.nsi
      Replaced config-win32.h with win/config.h.in
      Updated INSTALL-win32.txt
      Fixes to Makefile.am
      Clarified --client-config-dir section on the man-page.

Ville Skyttä (1):
      Fix line continuation in chkconfig init script description.

2011.02.28 -- Version 2.2-RC

David Sommerseth (3):
      Make the --x509-username-field feature an opt-in feature
      Fix compiler warning when compiling against OpenSSL 1.0.0
      Fix packaging of config-win32.h and service-win32/msvc.mak

James Yonan (1):
      Minor addition of logging info before and after execution of Windows net commands.

Matthias Andree (1):
      Change variadic macros to C99 style.

Samuli Seppänen (15):
      Added ENABLE_PASSWORD_SAVE to config-win32.h
      Added a nmake makefile for openvpnserv.exe building
      Moved TAP-driver version info to version.m4. Cleaned up win/settings.in.
      Added helper functionality to win/wb.py
      Added support for viewing config-win32.h paramters to win/show.py
      Added comments and made small modifications to win/msvc.mak.in
      Added command-line switch to win/build_all.py to skip TAP driver building
      Added configure.h and version.m4 variable parsing to win/config.py
      Added openvpnserv.exe building to win/build.py
      Added comments to win/build_ddk.py
      Several modifications to win/make_dist.py to allow building the NSI installer
      Copied install-win32/setpath.nsi to win/setpath.nsi
      Added first version of NSI installer script to win/openvpn.nsi
      Changes to buildsystem patchset
      Temporary snprintf-related fix to service-win32/openvpnserv.c

2010.11.25 -- Version 2.2-beta5

Samuli Seppänen (1):
      Fixed an issue causing a build failure with MS Visual Studio 2008.

2010.11.18 -- Version 2.2-beta4

David Sommerseth (10):
      Clarified --explicit-exit-notify man page entry
      Clean-up: Remove pthread and mutex locking code
      Clean-up: Remove more dead and inactive code paths
      Clean-up: Removing useless code - hash related functions
      Use stricter snprintf() formatting in socks_username_password_auth() (v3)
      Fix compiler warnings about not used dummy() functions
      Fixed potential misinterpretation of boolean logic
      Only add some functions when really needed
      Removed functions not being used anywhere
      Merged add_bypass_address() and add_host_route_if_nonlocal()

Gert Doering (3):
      Integrate support for TAP mode on Solaris, written by Kazuyoshi Aizawa .
      Make "topology subnet" work on Solaris
      Improved man page entry for script_type

James Yonan (5):
      Fixed initialization bug in route_list_add_default_gateway (Gert Doering).
      Implement challenge/response authentication support in client mode
      Make base64.h have the same conditional compilation expression as base64.c.
      Fixed compiling issues when using --disable-crypto
      In verify_callback, the subject var should be freed by OPENSSL_free, not free

Jesse Young (1):
      Remove hardcoded path to resolvconf

Lars Hupel (1):
      Add HTTP/1.1 Host header

Pierre Bourdon (1):
      Adding support for SOCKS plain text authentication

Samuli Seppänen (2):
      Added check for variable CONFIGURE_DEFINES into options.c
      Added command-line option parser and an unsigned build option to build_all.py


2010.08.21 -- Version 2.2-beta3


* Attempt to fix issue where domake-win build system was not properly
  signing drivers and .exe files.

  Added win/tap_span.py for building multiple versions of the TAP driver
  and tapinstall binaries using different DDK versions to span from Win2K
  to Win7 and beyond.

* Community patches

  David Sommerseth (2):

      Test framework improvment - Do not FAIL if t_client.rc is missing
      More t_client.sh updates - exit with SKIP when we want to skip

  Gert Doering (4):

      Fix compile problems on NetBSD and OpenBSD
      Fix  compile time problems on OpenBSD for good
      full "VPN client connect" test framework for OpenVPN
      Build t_client.sh by configure at run-time.

  chantra (1):

      Fixes openssl-1.0.0 compilation warning

2010.08.16 -- Version 2.2-beta2


* Windows security issue:

  Fixed potential local privilege escalation vulnerability in
  Windows service. The Windows service did not properly quote the
  executable filename passed to CreateService.  A local attacker
  with write access to the root directory C:\ could create an
  executable that would be run with the same privilege level as
  the OpenVPN Windows service.  However, since non-Administrative
  users normally lack write permission on C:\, this vulnerability
  is generally not exploitable except on older versions of Windows
  (such as Win2K) where the default permissions on C:\ would allow
  any user to create files there.

  Credit:  Scott Laurie, MWR InfoSecurity

* Added Python-based based alternative build system for Windows using
  Visual Studio 2008 (in win directory).

* Fixed compiler warning in ssl.c when compiling with --enable-strict

2010.08.10 -- Version 2.2-beta1

* When aborting in a non-graceful way, try to execute do_close_tun in
  init.c prior to daemon exit to ensure that the tun/tap interface is
  closed and any added routes are deleted.

* Fixed an issue where AUTH_FAILED was not being properly delivered
  to the client when a bad password is given for mid-session reauth,
  causing the connection to fail without an error indication.

* Don't advance to the next connection profile on AUTH_FAILED errors.

* Fixed an issue in the Management Interface that could cause
  a process hang with 100% CPU utilization in --management-client
  mode if the management interface client disconnected at the
  point where credentials are queried.

* Fixed an issue where if reneg-sec was set to 0 on the client,
  so that the server-side value would take precedence,
  the auth_deferred_expire_window function would incorrectly
  return a window period of 0 seconds.  In this case, the
  correct window period should be the handshake window
  period.

* Modified ">PASSWORD:Verification Failed" management interface
  notification to include a client reason string:

    >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']

* Enable exponential backoff in reliability layer
  retransmits.

* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
  socket is created rather than waiting until after connect/listen.

* Management interface performance optimizations:

  1. Added env-filter MI command to perform filtering on env vars
     passed through as a part of --management-client-auth

  2. man_write will now try to aggregate output into larger blocks
     (up to 1024 bytes) for more efficient i/o

* Fixed minor issue in Windows TAP driver DEBUG builds
  where non-null-terminated unicode strings were being
  printed incorrectly.


* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
  was not being compiled in.

* Proxy improvements:

  Improved the ability of http-auth "auto" flag to dynamically detect
  the auth method required by the proxy.

  Added http-auth "auto-nct" flag to reject weak proxy auth methods.

  Added HTTP proxy digest authentication method.

  Removed extraneous openvpn_sleep calls from proxy.c.

* Implemented http-proxy-override and http-proxy-fallback directives to make it
  easier for OpenVPN client UIs to start a pre-existing client config file with
  proxy options, or to adaptively fall back to a proxy connection if a direct
  connection fails.

* Implemented a key/value auth channel from client to server.

* Fixed issue where bad creds provided by the management interface
  for HTTP Proxy Basic Authentication would go into an infinite
  retry-fail loop instead of requerying the management interface for
  new creds.

* Added support for MSVC debugging of openvpn.exe in settings.in:

  # Build debugging version of openvpn.exe
  !define PRODUCT_OPENVPN_DEBUG

* Implemented multi-address DNS expansion on the network field of route
  commands.

  When only a single IP address is desired from a multi-address DNS
  expansion, use the first address rather than a random selection.

* Added --register-dns option for Windows.

  Fixed some issues on Windows with --log, subprocess creation
  for command execution, and stdout/stderr redirection.

* Fixed an issue where application payload transmissions on the
  TLS control channel (such as AUTH_FAILED) that occur during
  or immediately after a TLS renegotiation might be dropped.

* Added warning about tls-remote option in man page.

* Community patches (from openvpn-testing.git tree)

  Alberto Gonzalez Iniesta (1):
      Debian patch: Fix spelling in log message

  Dan Nelson (1):
      bash->bourne script cleanup

  Daniel Johnson (1):
      auth-pam plugin update: Support DOMAIN+USERNAME in config

  David Sommerseth (22):
      Reworked the eurephia patch for inclusion to the openvpn-testing tree
      Added mapping files from SVN commit ID to more descriptive commit IDs.
      verb 5 logging wrongly reports received bytes
      On TARGET_LINUX define _GNU_SOURCE if not defined
      Fix autotools cross-compiling support
      Add comile time information/settings from ./configure to --version
      Make use of counter_type instead of int when counting bytes and network packets
      Updated the man page to reflect the behavioural change of create_temp_file()
      Removed no longer needed delete_file() call
      Fixed potential NULL pointer issue
      Fix dependency checking for configure.h (v2)
      Make use of automake CLEANFILES variable instead of clean-local rule
      Don't add compile time information if --enable-small is used
      Harden create_temp_filename() (version 2)
      Renamed all calls to create_temp_filename()
      Updated the man page to reflect the behavioural change of create_temp_file()
      Removed no longer needed delete_file() call
      Avoid repetition of "this config may cache passwords in memory" (v2)
      Revamped the script-security warning logging (version 2)
      Fixed client hang when server don't PUSH (aka the NO_SOUP_FOR_YOU patch)
      Solved hidden merge conflict between changes in feat_misc and bugfix2.1
      Fix multiple configured scripts conflicts issue (version 2)

  Davide Brini (6):
      OCSP_check.sh: new check logic
      The man page does not mention that the default value of "mssfix" is 1450.
      Enhance contrib/pull-resolv-conf/client.{up,down} scripts
      Fix missing /bin/bash -> /bin/sh
      Fix certificate serial number export
      Exclude ping and control packets from activity

  Emilien Mantel (2):
      Choose a different field in X509 to be username
      Fixed static defined length check to use sizeof()

  Enrico Scholz (1):
      Allow 'lport 0' setup for random port binding

  Fabian Knittel (1):
      ssl.c: fix use of openvpn_run_script()'s return value

  Gert Doering (3):
      remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfig
      Implement IPv6 in TUN mode for Windows TAP driver.
      fix date format mistake in PRODUCT_TAP_RELDATE (Peter Stuge)

  Jan Brinkmann (1):
      The man page needs dash escaping in UTF-8 environments

  Karl O. Pinc (2):
      Change verify-cn so cn is no longer hardcoded in openvpn's config file
      Several updates to openvpn.8 (man page updates)

  Mathieu GIANNECCHINI (1):
      enhance tls-verify possibility

  Wil Cooley (1):
      pkitool lacks expected option "--help"

  chantra (2):
      Handle non standard subnets in PF grammar
      Fix errors in openvpn-plugin.h documentation
Last modified 10 years ago Last modified on 07/24/14 13:50:34