Tags: microsoft/openvpn
Tags
OpenVPN v2.4.8 release
2019.10.30 -- Version 2.4.8
Antonio Quartulli (1):
mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()
Arne Schwabe (1):
Remove -no-cpp-precomp flag from Darwin builds
David Sommerseth (3):
cleanup: Remove RPM openvpn.spec build approach
docs: Update INSTALL
build: Package missing mock_msg.h
Gert Doering (5):
repair windows builds (2.4)
Increase listen() backlog queue to 32
Force combinationation of --socks-proxy and --proto UDP to use IPv4.
Fix IPv6 routes on tap interfaces on OpenSolaris/OpenIndiana
preparing release v2.4.8 (ChangeLog, version.m4, Changes.rst)
Gisle Vanem (1):
Wrong FILETYPE in .rc files
Hilko Bengen (1):
Do not set pkcs11-helper 'safe fork mode'
Ilya Shipitsin (2):
travis-ci: add "linux-ppc64le" to build matrix, change trusty image to xenial, update osx to xcode9.4 and modernize brew management
travis-ci: fix osx builds
Kyle Evans (1):
tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex.
Lev Stipakov (1):
Fix various compiler warnings
Matthias Andree (1):
Fix regression, reinstate LibreSSL support.
Michal Soltys (1):
man: correct the description of --capath and --crl-verify regarding CRLs
Mykola Baibuz (1):
Fix typo in NTLM proxy debug message
Richard Bonhomme (1):
Ignore --pull-filter for --mode server
Rosen Penev (1):
openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
Selva Nair (3):
Better error message when script fails due to script-security setting
Correct the return value of cryptoapi RSA signature callbacks
Handle PSS padding in cryptoapicert
Steffan Karger (1):
cmocka: use relative paths
Thomas Quinot (1):
Fix documentation of tls-verify script argument
OpenVPN v2.4.7 release
2019.02.19 -- Version 2.4.7
Adam Ciarcin?ski (1):
Fix subnet topology on NetBSD (2.4).
Antonio Quartulli (3):
add support for %lu in argv_printf and prevent ASSERT
buffer_list: add functions documentation
ifconfig-ipv6(-push): allow using hostnames
Arne Schwabe (7):
Properly free tuntap struct on android when emulating persist-tun
Add OpenSSL compat definition for RSA_meth_set_sign
Add support for tls-ciphersuites for TLS 1.3
Add better support for showing TLS 1.3 ciphersuites in --show-tls
Use right function to set TLS1.3 restrictions in show-tls
Add message explaining early TLS client hello failure
Fallback to password authentication when auth-token fails
Christian Ehrhardt (1):
systemd: extend CapabilityBoundingSet for auth_pam
David Sommerseth (1):
plugin: Export base64 encode and decode functions
Gert Doering (4):
Add %d, %u and %lu tests to test_argv unit tests.
Fix combination of --dev tap and --topology subnet across multiple platforms.
Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
Gert van Dijk (1):
Minor reliability layer documentation fixes
James Bekkema (1):
Resolves small IV_GUI_VER typo in the documentation.
Jonathan K. Bullard (1):
Clarify and expand management interface documentation
Lev Stipakov (5):
Refactor NCP-negotiable options handling
init.c: refine functions names and description
interactive.c: fix usage of potentially uninitialized variable
options.c: fix broken unary minus usage
Remove extra token after #endif
Richard van den Berg via Openvpn-devel (1):
Fix error message when using RHEL init script
Samy Mahmoudi (1):
man: correct a --redirection-gateway option flag
Selva Nair (7):
Replace M_DEBUG with D_LOW as the former is too verbose
Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
Bump version of openvpn plugin argument structs to 5
Move get system directory to a separate function
Enable dhcp on tap adapter using interactive service
Pass the hash without the DigestInfo header to NCryptSignHash()
White-list pull-filter and script-security in interactive service
Simon Rozman (2):
Add Interactive Service developer documentation
Detect TAP interfaces with root-enumerated hardware ID
Steffan Karger (7):
man: add security considerations to --compress section
mbedtls: print warning if random personalisation fails
Fix memory leak after sighup
travis: add OpenSSL 1.1 Windows build
Fix --disable-crypto build
Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
buffer_list_aggregate_separator(): simplify code
Backport: Fix potential double-free() in Interactive Service (CVE-201… …8-9336) Malformed input data on the service pipe towards the OpenVPN interactive service (normally used by the OpenVPN GUI to request openvpn instances from the service) can result in a double free() in the error handling code. This usually only leads to a process crash (DoS by an unprivileged local account) but since it could possibly lead to memory corruption if happening while multiple other threads are active at the same time, CVE-2018-9336 has been assigned to acknowledge this risk. Fix by ensuring that sud->directory is set to NULL in GetStartUpData() for all error cases (thus not being free()ed in FreeStartupData()). Rewrite control flow to use explicit error label for error exit. Discovered and reported by Jacob Baines <jbaines@tenable.com>. CVE: 2018-9336 Original commit: 1394192
OpenVPN v2.4.6 release
2018.04.19 -- Version 2.4.6
David Sommerseth (1):
management: Warn if TCP port is used without password
Gert Doering (3):
Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
Fix potential double-free() in Interactive Service (CVE-2018-9336)
preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)
Gert van Dijk (1):
manpage: improve description of --status and --status-version
Joost Rijneveld (1):
Make return code external tls key match docs
Selva Nair (3):
Delete the IPv6 route to the "connected" network on tun close
Management: warn about password only when the option is in use
Avoid overflow in wakeup time computation
Simon Matter (1):
Add missing #ifdef SSL_OP_NO_TLSv1_1/2
Steffan Karger (1):
Check for more data in control channel
OpenVPN v2.4.5 release
2018.02.28 -- Version 2.4.5
Antonio Quartulli (4):
reload HTTP proxy credentials when moving to the next connection profile
Allow learning iroutes with network made up of all 0s (only if netbits < 8)
mbedtls: fix typ0 in comment
manpage: fix simple typ0
Arne Schwabe (2):
Treat dhcp-option DNS6 and DNS identical
show the right string for key-direction
Bertrand Bonnefoy-Claudet (1):
Fix typo in error message: "optione" -> "option"
David Sommerseth (8):
lz4: Fix confused version check
lz4: Fix broken builds when pkg-config is not present but system library is
Remove references to keychain-mcd in Changes.rst
lz4: Rebase compat-lz4 against upstream v1.7.5
systemd: Add and ship README.systemd
Update copyright to include 2018 plus company name change
man: Add .TQ groff support macro
man: Reword --management to prefer unix sockets over TCP
Emmanuel Deloget (1):
OpenSSL: check EVP_PKEY key types before returning the pkey
Gert Doering (3):
Remove warning on pushed tun-ipv6 option.
Fix removal of on-link prefix on windows with netsh
Preparing for release v2.4.5 (ChangeLog, version.m4, Changes.rst)
Ilya Shipitsin (2):
travis-ci: add brew cache, remove ccache
travis-ci: modify openssl build script to support openssl-1.1.0
James Bottomley (1):
autoconf: Fix engine checks for openssl 1.1
Jeremie Courreges-Anglas (2):
Cast time_t to long long in order to print it.
Fix build with LibreSSL
Selva Nair (14):
Check whether in pull_mode before warning about previous connection blocks
Avoid illegal memory access when malformed data is read from the pipe
Fix missing check for return value of malloc'd buffer
Return NULL if GetAdaptersInfo fails
Use RSA_meth_free instead of free
Bring cryptoapi.c upto speed with openssl 1.1
Add SSL_CTX_get_max_proto_version() not in openssl 1.0
TLS v1.2 support for cryptoapicert -- RSA only
Refactor get_interface_metric to return metric and auto flag separately
Ensure strings read from registry are null-terminated
Make most registry values optional
Use lowest metric interface when multiple interfaces match a route
Adapt to RegGetValue brokenness in Windows 7
Fix format spec errors in Windows builds
Simon Rozman (11):
Local functions are not supported in MSVC. Bummer.
Mixing wide and regular strings in concatenations is not allowed in MSVC.
RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h
Simplify iphlpapi.dll API calls
Fix local #include to use quoted form
Document ">PASSWORD:Auth-Token" real-time message
Fix typo in "verb" command examples
Uniform swprintf() across MinGW and MSVC compilers
MSVC meta files added to .gitignore list
openvpnserv: Add support for multi-instances
Document missing OpenVPN states
Steffan Karger (21):
make struct key * argument of init_key_ctx const
buffer_list_aggregate_separator(): add unit tests
Add --tls-cert-profile option.
Use P_DATA_V2 for server->client packets too
Fix memory leak in buffer unit tests
buffer_list_aggregate_separator(): update list size after aggregating
buffer_list_aggregate_separator(): don't exceed max_len
buffer_list_aggregate_separator(): prevent 0-byte malloc
Fix types around buffer_list_push(_data)
ssl_openssl: fix compiler warning by removing getbio() wrapper
travis: use clang's -fsanitize=address to catch more bugs
Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
Add support for TLS 1.3 in --tls-version-{min, max}
Plug memory leak if push is interrupted
Fix format errors when cross-compiling for Windows
Log pre-handshake packet drops using D_MULTI_DROPPED
Enable stricter compiler warnings by default
Get rid of ax_check_compile_flag.m4
mbedtls: don't use API deprecated in mbed 2.7
Warn if tls-version-max < tls-version-min
Don't throw fatal errors from create_temp_file()
hashiz (1):
Fix '--bind ipv6only'
OpenVPN v2.4.4 release
2017.09.25 -- Version 2.4.4
Antonio Quartulli (23):
crypto: correct typ0 in error message
use M_ERRNO instead of explicitly printing errno
don't print errno twice
ntlm: avoid useless cast
ntlm: unwrap multiple function calls
route: improve error message
management: preserve wait_for_push field when asking for user/pass
tls-crypt: avoid warnings when --disable-crypto is used
ntlm: convert binary buffers to uint8_t *
ntlm: restyle compressed multiple function calls
ntlm: improve code style and readability
OpenSSL: remove unreachable call to SSL_CTX_get0_privatekey()
make function declarations C99 compliant
remove unused functions
use NULL instead of 0 when assigning pointers
add missing static attribute to functions
ntlm: avoid breaking anti-aliasing rules
remove the --disable-multi config switch
rename mroute_extract_addr_ipv4 to mroute_extract_addr_ip
route: avoid definition of unused variables in certain configurations
fix a couple of typ0s in comments and strings
fragment.c: simplify boolean expression
tcp-server: ensure AF family is propagated to child context
Arne Schwabe (2):
Set tls-cipher restriction before loading certificates
Print ec bit details, refuse management-external-key if key is not RSA
Conrad Hoffmann (2):
Use provided env vars in up/down script.
Document down-root plugin usage in client.down
David Sommerseth (11):
doc: The CRL processing is not a deprecated feature
cleanup: Move write_pid() to where it is being used
contrib: Remove keychain-mcd code
cleanup: Move init_random_seed() to where it is being used
sample-plugins: fix ASN1_STRING_to_UTF8 return value checks
Highlight deprecated features
Use consistent version references
docs: Replace all PolarSSL references to mbed TLS
systemd: Ensure systemd shuts down OpenVPN in a proper way
systemd: Enable systemd's auto-restart feature for server profiles
lz4: Move towards a newer LZ4 API
Emmanuel Deloget (3):
OpenSSL: remove pre-1.1 function from the OpenSSL compat interface
OpenSSL: remove EVP_CIPHER_CTX_new() from the compat layer
OpenSSL: remove EVP_CIPHER_CTX_free() from the compat layer
Gert van Dijk (1):
Warn that DH config option is only meaningful in a tls-server context
Ilya Shipitsin (3):
travis-ci: add 3 missing patches from master to release/2.4
travis-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1
travis-ci: update pkcs11-helper to 1.22
Richard Bonhomme (1):
man: Corrections to doc/openvpn.8
Steffan Karger (17):
Fix typo in extract_x509_extension() debug message
Move adjust_power_of_2() to integer.h
Undo cipher push in client options state if cipher is rejected
Remove strerror_ts()
Move openvpn_sleep() to manage.c
fixup: also change missed openvpn_sleep() occurrences
Always use default keysize for NCP'd ciphers
Move create_temp_file() out of #ifdef ENABLE_CRYPTO
Deprecate --keysize
Deprecate --no-replay
Move run_up_down() to init.c
tls-crypt: introduce tls_crypt_kt()
crypto: create function to initialize encrypt and decrypt key
Add coverity static analysis to Travis CI config
tls-crypt: don't leak memory for incorrect tls-crypt messages
travis: reorder matrix to speed up build
Fix bounds check in read_key()
Szilárd Pfeiffer (1):
OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag
Thomas Veerman via Openvpn-devel (1):
Fix socks_proxy_port pointing to invalid data
OpenVPN 2.3.18 release
2017.09.25 -- Version 2.3.18
Antonio Quartulli (1):
crypto: correct typ0 in error message
Steffan Karger (2):
Deprecate --ns-cert-type
Fix bounds check in read_key()
Szilárd Pfeiffer (1):
OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag
PreviousNext