Changes between Initial Version and Version 1 of ChangesInOpenvpn22


Ignore:
Timestamp:
07/24/14 13:50:34 (3 years ago)
Author:
samuli
Comment:

Migrated content from http://openvpn.net/index.php/open-source/documentation/change-log/425-changelog-for-openvpn-22.html

Legend:

Unmodified
Added
Removed
Modified
  • ChangesInOpenvpn22

    v1 v1  
     1{{{
     2OpenVPN Change Log
     3
     4Copyright (C) 2002-2011 OpenVPN Technologies, Inc.
     5
     62011.12.22 -- Version 2.2.2
     7
     8David Sommerseth (1):
     9      Only warn about non-tackled IPv6 packets once
     10
     11Gert Doering (3):
     12      Add missing break between "case IPv4" and "case IPv6", leading to the     
     13      Bump tap driver version from 9.8 to 9.9
     14      Log error message and exit for "win32, tun mode, tap driver version 9.8"
     15
     16Samuli Seppänen (1):
     17      Backported pkcs11-related parts of 7a8d707237bb18 to 2.2 branch
     18
     192011.07.06 -- Version 2.2.1
     20
     21David Sommerseth (3):
     22      Don't define ENABLE_PUSH_PEER_INFO if SSL is not available
     23      Fix compiling issues with pkcs11 when --disable-management is configured
     24      Remove support for Linux 2.2 configuration fallback
     25
     26Gustavo Zacarias (1):
     27      Fix compile issues when using --enable-small and --disable-ssl/--disable-crypto
     28
     29Matthew L. Creech (1):
     30      Fix 2.2.0 build failure when management interface disabled
     31
     32Robert Fischer (2):
     33      Added info about --show-proxy-settings
     34      Documented --x509-username-field option
     35
     36Samuli Seppänen (4):
     37      Updated "easy-rsa" for OpenSSL 1.0.0
     38      Fixes to easy-rsa/2.0
     39      Made domake-win builds to use easy-rsa/2.0/openssl-1.0.0.cnf
     40      Fix a build-ca issue on Windows
     41
     42Simon Matter (1):
     43      Fix issues with some older GCC compilers
     44
     452011.04.26 -- Version 2.2.0
     46
     47David Sommerseth (4):
     48      Fix the --client-cert-not-required feature
     49      Change the default --tmp-dir path to a more suitable path
     50      Improve the mysprintf() issue in openvpnserv.c
     51      Add a simple comment regarding openvpn_snprintf() is duplicated
     52
     53Gert Doering (1):
     54      Add more detailed explanation regarding the function of "--rdns-internal"
     55
     56Gisle Vanem (1):
     57      Avoid re-defining uint32_t when using mingw compiler
     58
     59James Yonan (1):
     60      Fixed bug in port-share that could cause port share process to crash
     61
     62Robert Fischer (2):
     63      Update man page with info about --capath
     64      Update man page with info about --connect-timeout
     65
     66Samuli Seppänen (6):
     67      Add man page entry for --redirect-private
     68      Change all CRLF linefeeds to LF linefeeds
     69      Fix a bug in devcon source code handling
     70      Removed Win2k from supported platforms list in INSTALL and win/openvpn.nsi
     71      Fixed copying of tapinstall.exe to dist/bin when using prebuilt TAP-drivers
     72      Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier
     73
     74chantra (1):
     75      Clarify --tmp-dir option
     76
     77rf (2):
     78      Update man page with info about --remote-random-hostname
     79      Added man page entry for --management-client
     80
     812011.03.25 -- Version 2.2-RC2
     82
     83Alon Bar-Lev (1):
     84      Windows cross-compile cleanup
     85
     86David Sommerseth (2):
     87      Open log files as text files on Windows
     88      Clarify default value for the --inactive option.
     89
     90Gert Doering (1):
     91      Implement IPv6 in TUN mode for Windows TAP driver.
     92
     93Samuli Seppänen (6):
     94      Added support for prebuilt TAP-drivers. Automated embedding manifests.
     95      Fixes to win/openvpn.nsi
     96      Replaced config-win32.h with win/config.h.in
     97      Updated INSTALL-win32.txt
     98      Fixes to Makefile.am
     99      Clarified --client-config-dir section on the man-page.
     100
     101Ville Skyttä (1):
     102      Fix line continuation in chkconfig init script description.
     103
     1042011.02.28 -- Version 2.2-RC
     105
     106David Sommerseth (3):
     107      Make the --x509-username-field feature an opt-in feature
     108      Fix compiler warning when compiling against OpenSSL 1.0.0
     109      Fix packaging of config-win32.h and service-win32/msvc.mak
     110
     111James Yonan (1):
     112      Minor addition of logging info before and after execution of Windows net commands.
     113
     114Matthias Andree (1):
     115      Change variadic macros to C99 style.
     116
     117Samuli Seppänen (15):
     118      Added ENABLE_PASSWORD_SAVE to config-win32.h
     119      Added a nmake makefile for openvpnserv.exe building
     120      Moved TAP-driver version info to version.m4. Cleaned up win/settings.in.
     121      Added helper functionality to win/wb.py
     122      Added support for viewing config-win32.h paramters to win/show.py
     123      Added comments and made small modifications to win/msvc.mak.in
     124      Added command-line switch to win/build_all.py to skip TAP driver building
     125      Added configure.h and version.m4 variable parsing to win/config.py
     126      Added openvpnserv.exe building to win/build.py
     127      Added comments to win/build_ddk.py
     128      Several modifications to win/make_dist.py to allow building the NSI installer
     129      Copied install-win32/setpath.nsi to win/setpath.nsi
     130      Added first version of NSI installer script to win/openvpn.nsi
     131      Changes to buildsystem patchset
     132      Temporary snprintf-related fix to service-win32/openvpnserv.c
     133
     1342010.11.25 -- Version 2.2-beta5
     135
     136Samuli Seppänen (1):
     137      Fixed an issue causing a build failure with MS Visual Studio 2008.
     138
     1392010.11.18 -- Version 2.2-beta4
     140
     141David Sommerseth (10):
     142      Clarified --explicit-exit-notify man page entry
     143      Clean-up: Remove pthread and mutex locking code
     144      Clean-up: Remove more dead and inactive code paths
     145      Clean-up: Removing useless code - hash related functions
     146      Use stricter snprintf() formatting in socks_username_password_auth() (v3)
     147      Fix compiler warnings about not used dummy() functions
     148      Fixed potential misinterpretation of boolean logic
     149      Only add some functions when really needed
     150      Removed functions not being used anywhere
     151      Merged add_bypass_address() and add_host_route_if_nonlocal()
     152
     153Gert Doering (3):
     154      Integrate support for TAP mode on Solaris, written by Kazuyoshi Aizawa .
     155      Make "topology subnet" work on Solaris
     156      Improved man page entry for script_type
     157
     158James Yonan (5):
     159      Fixed initialization bug in route_list_add_default_gateway (Gert Doering).
     160      Implement challenge/response authentication support in client mode
     161      Make base64.h have the same conditional compilation expression as base64.c.
     162      Fixed compiling issues when using --disable-crypto
     163      In verify_callback, the subject var should be freed by OPENSSL_free, not free
     164
     165Jesse Young (1):
     166      Remove hardcoded path to resolvconf
     167
     168Lars Hupel (1):
     169      Add HTTP/1.1 Host header
     170
     171Pierre Bourdon (1):
     172      Adding support for SOCKS plain text authentication
     173
     174Samuli Seppänen (2):
     175      Added check for variable CONFIGURE_DEFINES into options.c
     176      Added command-line option parser and an unsigned build option to build_all.py
     177
     178
     1792010.08.21 -- Version 2.2-beta3
     180
     181
     182* Attempt to fix issue where domake-win build system was not properly
     183  signing drivers and .exe files.
     184
     185  Added win/tap_span.py for building multiple versions of the TAP driver
     186  and tapinstall binaries using different DDK versions to span from Win2K
     187  to Win7 and beyond.
     188
     189* Community patches
     190
     191  David Sommerseth (2):
     192
     193      Test framework improvment - Do not FAIL if t_client.rc is missing
     194      More t_client.sh updates - exit with SKIP when we want to skip
     195
     196  Gert Doering (4):
     197
     198      Fix compile problems on NetBSD and OpenBSD
     199      Fix  compile time problems on OpenBSD for good
     200      full "VPN client connect" test framework for OpenVPN
     201      Build t_client.sh by configure at run-time.
     202
     203  chantra (1):
     204
     205      Fixes openssl-1.0.0 compilation warning
     206
     2072010.08.16 -- Version 2.2-beta2
     208
     209
     210* Windows security issue:
     211
     212  Fixed potential local privilege escalation vulnerability in
     213  Windows service. The Windows service did not properly quote the
     214  executable filename passed to CreateService.  A local attacker
     215  with write access to the root directory C:\ could create an
     216  executable that would be run with the same privilege level as
     217  the OpenVPN Windows service.  However, since non-Administrative
     218  users normally lack write permission on C:\, this vulnerability
     219  is generally not exploitable except on older versions of Windows
     220  (such as Win2K) where the default permissions on C:\ would allow
     221  any user to create files there.
     222
     223  Credit:  Scott Laurie, MWR InfoSecurity
     224
     225* Added Python-based based alternative build system for Windows using
     226  Visual Studio 2008 (in win directory).
     227
     228* Fixed compiler warning in ssl.c when compiling with --enable-strict
     229
     2302010.08.10 -- Version 2.2-beta1
     231
     232* When aborting in a non-graceful way, try to execute do_close_tun in
     233  init.c prior to daemon exit to ensure that the tun/tap interface is
     234  closed and any added routes are deleted.
     235
     236* Fixed an issue where AUTH_FAILED was not being properly delivered
     237  to the client when a bad password is given for mid-session reauth,
     238  causing the connection to fail without an error indication.
     239
     240* Don't advance to the next connection profile on AUTH_FAILED errors.
     241
     242* Fixed an issue in the Management Interface that could cause
     243  a process hang with 100% CPU utilization in --management-client
     244  mode if the management interface client disconnected at the
     245  point where credentials are queried.
     246
     247* Fixed an issue where if reneg-sec was set to 0 on the client,
     248  so that the server-side value would take precedence,
     249  the auth_deferred_expire_window function would incorrectly
     250  return a window period of 0 seconds.  In this case, the
     251  correct window period should be the handshake window
     252  period.
     253
     254* Modified ">PASSWORD:Verification Failed" management interface
     255  notification to include a client reason string:
     256
     257    >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']
     258
     259* Enable exponential backoff in reliability layer
     260  retransmits.
     261
     262* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
     263  socket is created rather than waiting until after connect/listen.
     264
     265* Management interface performance optimizations:
     266
     267  1. Added env-filter MI command to perform filtering on env vars
     268     passed through as a part of --management-client-auth
     269
     270  2. man_write will now try to aggregate output into larger blocks
     271     (up to 1024 bytes) for more efficient i/o
     272
     273* Fixed minor issue in Windows TAP driver DEBUG builds
     274  where non-null-terminated unicode strings were being
     275  printed incorrectly.
     276
     277
     278* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
     279  was not being compiled in.
     280
     281* Proxy improvements:
     282
     283  Improved the ability of http-auth "auto" flag to dynamically detect
     284  the auth method required by the proxy.
     285
     286  Added http-auth "auto-nct" flag to reject weak proxy auth methods.
     287
     288  Added HTTP proxy digest authentication method.
     289
     290  Removed extraneous openvpn_sleep calls from proxy.c.
     291
     292* Implemented http-proxy-override and http-proxy-fallback directives to make it
     293  easier for OpenVPN client UIs to start a pre-existing client config file with
     294  proxy options, or to adaptively fall back to a proxy connection if a direct
     295  connection fails.
     296
     297* Implemented a key/value auth channel from client to server.
     298
     299* Fixed issue where bad creds provided by the management interface
     300  for HTTP Proxy Basic Authentication would go into an infinite
     301  retry-fail loop instead of requerying the management interface for
     302  new creds.
     303
     304* Added support for MSVC debugging of openvpn.exe in settings.in:
     305
     306  # Build debugging version of openvpn.exe
     307  !define PRODUCT_OPENVPN_DEBUG
     308
     309* Implemented multi-address DNS expansion on the network field of route
     310  commands.
     311
     312  When only a single IP address is desired from a multi-address DNS
     313  expansion, use the first address rather than a random selection.
     314
     315* Added --register-dns option for Windows.
     316
     317  Fixed some issues on Windows with --log, subprocess creation
     318  for command execution, and stdout/stderr redirection.
     319
     320* Fixed an issue where application payload transmissions on the
     321  TLS control channel (such as AUTH_FAILED) that occur during
     322  or immediately after a TLS renegotiation might be dropped.
     323
     324* Added warning about tls-remote option in man page.
     325
     326* Community patches (from openvpn-testing.git tree)
     327
     328  Alberto Gonzalez Iniesta (1):
     329      Debian patch: Fix spelling in log message
     330
     331  Dan Nelson (1):
     332      bash->bourne script cleanup
     333
     334  Daniel Johnson (1):
     335      auth-pam plugin update: Support DOMAIN+USERNAME in config
     336
     337  David Sommerseth (22):
     338      Reworked the eurephia patch for inclusion to the openvpn-testing tree
     339      Added mapping files from SVN commit ID to more descriptive commit IDs.
     340      verb 5 logging wrongly reports received bytes
     341      On TARGET_LINUX define _GNU_SOURCE if not defined
     342      Fix autotools cross-compiling support
     343      Add comile time information/settings from ./configure to --version
     344      Make use of counter_type instead of int when counting bytes and network packets
     345      Updated the man page to reflect the behavioural change of create_temp_file()
     346      Removed no longer needed delete_file() call
     347      Fixed potential NULL pointer issue
     348      Fix dependency checking for configure.h (v2)
     349      Make use of automake CLEANFILES variable instead of clean-local rule
     350      Don't add compile time information if --enable-small is used
     351      Harden create_temp_filename() (version 2)
     352      Renamed all calls to create_temp_filename()
     353      Updated the man page to reflect the behavioural change of create_temp_file()
     354      Removed no longer needed delete_file() call
     355      Avoid repetition of "this config may cache passwords in memory" (v2)
     356      Revamped the script-security warning logging (version 2)
     357      Fixed client hang when server don't PUSH (aka the NO_SOUP_FOR_YOU patch)
     358      Solved hidden merge conflict between changes in feat_misc and bugfix2.1
     359      Fix multiple configured scripts conflicts issue (version 2)
     360
     361  Davide Brini (6):
     362      OCSP_check.sh: new check logic
     363      The man page does not mention that the default value of "mssfix" is 1450.
     364      Enhance contrib/pull-resolv-conf/client.{up,down} scripts
     365      Fix missing /bin/bash -> /bin/sh
     366      Fix certificate serial number export
     367      Exclude ping and control packets from activity
     368
     369  Emilien Mantel (2):
     370      Choose a different field in X509 to be username
     371      Fixed static defined length check to use sizeof()
     372
     373  Enrico Scholz (1):
     374      Allow 'lport 0' setup for random port binding
     375
     376  Fabian Knittel (1):
     377      ssl.c: fix use of openvpn_run_script()'s return value
     378
     379  Gert Doering (3):
     380      remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfig
     381      Implement IPv6 in TUN mode for Windows TAP driver.
     382      fix date format mistake in PRODUCT_TAP_RELDATE (Peter Stuge)
     383
     384  Jan Brinkmann (1):
     385      The man page needs dash escaping in UTF-8 environments
     386
     387  Karl O. Pinc (2):
     388      Change verify-cn so cn is no longer hardcoded in openvpn's config file
     389      Several updates to openvpn.8 (man page updates)
     390
     391  Mathieu GIANNECCHINI (1):
     392      enhance tls-verify possibility
     393
     394  Wil Cooley (1):
     395      pkitool lacks expected option "--help"
     396
     397  chantra (2):
     398      Handle non standard subnets in PF grammar
     399      Fix errors in openvpn-plugin.h documentation
     400}}}