The OpenVPN community project team is proud to release OpenVPN 2.4.5. It can be downloaded from here:
<http://openvpn.net/index.php/open-source/downloads.html> This release includes a large number of fixes and enhancements. One of the biggest changes is that 2.4.5 Windows installers bundle OpenSSL 1.1.0 instead of OpenSSL 1.0.2 by default. The Windows installer also comes with OpenVPN GUI (11.10.0.0) that has a large number of fixes and improvements. Some easy-rsa 2 fixes are also included. Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that. Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems: <https://community.openvpn.net/openvpn/wiki/NSISBug1125> Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. Our long-term plan is to migrate to using MSI installers instead. A summary of all included changes is available here: <https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst> A full list of changes is available here: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24> Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy. OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, look here: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24> The new OpenVPN GUI features are documented here: <https://github.com/OpenVPN/openvpn-gui> Please note that OpenVPN 2.4 installers will not work on Windows XP. For generic help use these support channels: Official documentation: <http://openvpn.net/index.php/open-source/documentation/howto.html> Wiki: <https://community.openvpn.net> Forums: <https://forums.openvpn.net> User mailing list: <http://sourceforge.net/mail/?group_id=48978> User IRC channel: #openvpn at irc.freenode.net Please report bugs and ask development questions here: Bug tracker and wiki: <https://community.openvpn.net> Developer mailing list: <http://sourceforge.net/mail/?group_id=48978> Developer IRC channel: #openvpn-devel at irc.freenode.net (requires Freenode registration) -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
Antonio Quartulli (4):
reload HTTP proxy credentials when moving to the next connection profile
Allow learning iroutes with network made up of all 0s (only if netbits <
8)
mbedtls: fix typ0 in comment
manpage: fix simple typ0
Arne Schwabe (2):
Treat dhcp-option DNS6 and DNS identical
show the right string for key-direction
Bertrand Bonnefoy-Claudet (1):
Fix typo in error message: "optione" -> "option"
David Sommerseth (8):
lz4: Fix confused version check
lz4: Fix broken builds when pkg-config is not present but system library
is
Remove references to keychain-mcd in Changes.rst
lz4: Rebase compat-lz4 against upstream v1.7.5
systemd: Add and ship README.systemd
Update copyright to include 2018 plus company name change
man: Add .TQ groff support macro
man: Reword --management to prefer unix sockets over TCP
Emmanuel Deloget (1):
OpenSSL: check EVP_PKEY key types before returning the pkey
Gert Doering (3):
Remove warning on pushed tun-ipv6 option.
Fix removal of on-link prefix on windows with netsh
Preparing for release v2.4.5 (ChangeLog, version.m4, Changes.rst)
Ilya Shipitsin (2):
travis-ci: add brew cache, remove ccache
travis-ci: modify openssl build script to support openssl-1.1.0
James Bottomley (1):
autoconf: Fix engine checks for openssl 1.1
Jeremie Courreges-Anglas (2):
Cast time_t to long long in order to print it.
Fix build with LibreSSL
Selva Nair (14):
Check whether in pull_mode before warning about previous connection blocks
Avoid illegal memory access when malformed data is read from the pipe
Fix missing check for return value of malloc'd buffer
Return NULL if GetAdaptersInfo fails
Use RSA_meth_free instead of free
Bring cryptoapi.c upto speed with openssl 1.1
Add SSL_CTX_get_max_proto_version() not in openssl 1.0
TLS v1.2 support for cryptoapicert -- RSA only
Refactor get_interface_metric to return metric and auto flag separately
Ensure strings read from registry are null-terminated
Make most registry values optional
Use lowest metric interface when multiple interfaces match a route
Adapt to RegGetValue brokenness in Windows 7
Fix format spec errors in Windows builds
Simon Rozman (11):
Local functions are not supported in MSVC. Bummer.
Mixing wide and regular strings in concatenations is not allowed in MSVC.
RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h
Simplify iphlpapi.dll API calls
Fix local #include to use quoted form
Document ">PASSWORD:Auth-Token" real-time message
Fix typo in "verb" command examples
Uniform swprintf() across MinGW and MSVC compilers
MSVC meta files added to .gitignore list
openvpnserv: Add support for multi-instances
Document missing OpenVPN states
Steffan Karger (21):
make struct key * argument of init_key_ctx const
buffer_list_aggregate_separator(): add unit tests
Add --tls-cert-profile option.
Use P_DATA_V2 for server->client packets too
Fix memory leak in buffer unit tests
buffer_list_aggregate_separator(): update list size after aggregating
buffer_list_aggregate_separator(): don't exceed max_len
buffer_list_aggregate_separator(): prevent 0-byte malloc
Fix types around buffer_list_push(_data)
ssl_openssl: fix compiler warning by removing getbio() wrapper
travis: use clang's -fsanitize=address to catch more bugs
Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
Add support for TLS 1.3 in --tls-version-{min, max}
Plug memory leak if push is interrupted
Fix format errors when cross-compiling for Windows
Log pre-handshake packet drops using D_MULTI_DROPPED
Enable stricter compiler warnings by default
Get rid of ax_check_compile_flag.m4
mbedtls: don't use API deprecated in mbed 2.7
Warn if tls-version-max < tls-version-min
Don't throw fatal errors from create_temp_file()
hashiz (1):
Fix '--bind ipv6only'
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
