Re: [Openvpn-users] OpenVPN 2.4.8 released

2019-10-31 Thread Samuli Seppänen 
Hi,

We recently found out that the code signing certificate the 2.4.8
Windows installers use expired a couple of weeks ago. I will get a new
certificate today evening (~6 hours) and push out new installers.

This problem only seems to affect the prompt you get when you
double-click on the installer executable. You probably see "Unknown
publisher" there. Besides that Windows seems to be perfectly happy with
the executables and libraries. That is the main reason why a problem
such as this was able to slip through testing.

Samuli

Il 31/10/19 12:27, Samuli Seppänen ha scritto:
> The OpenVPN community project team is proud to release OpenVPN 2.4.8. It
> can be downloaded from here:
> 
> 
> 
> This is primarily a maintenance release with bugfixes and improvements.
> The Windows installers (I601) have several improvements compared to the
> previous release:
> 
> * New tap-windows6 driver (9.24.2) which fixes some suspend and resume
> issues
> * Latest OpenVPN-GUI
> * Considerable performance boost due to new compiler optimization flags
> 
> A summary of all included changes is available here:
> 
> 
> 
> A full list of changes is available here:
> 
> 
> 
> Please note that LibreSSL is not a supported crypto backend. We accept
> patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
> newer versions of LibreSSL break API compatibility we do not take
> responsibility to fix that.
> 
> Also note that  Windows installers have been built with NSIS version
> that has been patched against several NSIS installer code execution and
> privilege escalation problems:
> 
> 
> 
> Based on our testing, though, older Windows versions such as Windows 7
> might not benefit from these fixes. We thus strongly encourage you to
> always move NSIS installers to a non-user-writeable location before
> running them. Our long-term plan is to migrate to using MSI installers
> instead.
> 
> Compared to OpenVPN 2.3 this is a major update with a large number of
> new features, improvements and fixes. Some of the major features are
> AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
> IPv4/IPv6 dual stack support and more seamless connection migration when
> client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
> can be used to increase users' connection privacy.
> 
> OpenVPN GUI bundled with the Windows installer has a large number of new
> features compared to the one bundled with OpenVPN 2.3. One of major
> features is the ability to run OpenVPN GUI without administrator privileges.
> 
> For full details, look here:
> 
> 
> 
> The new OpenVPN GUI features are documented here:
> 
> 
> 
> Please note that OpenVPN 2.4 installers will not work on Windows XP.
> 
> For generic help use these support channels:
> 
> Official documentation:
> 
> Wiki: 
> Forums: 
> User mailing list: 
> User IRC channel: #openvpn at irc.freenode.net
> 
> Please report bugs and ask development questions here:
> 
> Bug tracker and wiki: 
> Developer mailing list: 
> Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
> Freenode registration)
> 
> 
> Samuli
> 
> 
> 
> ___
> Openvpn-devel mailing list
> openvpn-de...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
> 




signature.asc
Description: OpenPGP digital signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] OpenVPN 2.4.8 released

2019-10-31 Thread Samuli Seppänen 
The OpenVPN community project team is proud to release OpenVPN 2.4.8. It
can be downloaded from here:



This is primarily a maintenance release with bugfixes and improvements.
The Windows installers (I601) have several improvements compared to the
previous release:

* New tap-windows6 driver (9.24.2) which fixes some suspend and resume
issues
* Latest OpenVPN-GUI
* Considerable performance boost due to new compiler optimization flags

A summary of all included changes is available here:



A full list of changes is available here:



Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.

Also note that  Windows installers have been built with NSIS version
that has been patched against several NSIS installer code execution and
privilege escalation problems:



Based on our testing, though, older Windows versions such as Windows 7
might not benefit from these fixes. We thus strongly encourage you to
always move NSIS installers to a non-user-writeable location before
running them. Our long-term plan is to migrate to using MSI installers
instead.

Compared to OpenVPN 2.3 this is a major update with a large number of
new features, improvements and fixes. Some of the major features are
AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved
IPv4/IPv6 dual stack support and more seamless connection migration when
client's IP address changes (Peer-ID). Also, the new --tls-crypt feature
can be used to increase users' connection privacy.

OpenVPN GUI bundled with the Windows installer has a large number of new
features compared to the one bundled with OpenVPN 2.3. One of major
features is the ability to run OpenVPN GUI without administrator privileges.

For full details, look here:



The new OpenVPN GUI features are documented here:



Please note that OpenVPN 2.4 installers will not work on Windows XP.

For generic help use these support channels:

Official documentation:

Wiki: 
Forums: 
User mailing list: 
User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

Bug tracker and wiki: 
Developer mailing list: 
Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)


Samuli
Antonio Quartulli (1):
  mbedtls: fix segfault by calling mbedtls_cipher_free() in 
cipher_ctx_free()

Arne Schwabe (1):
  Remove -no-cpp-precomp flag from Darwin builds

David Sommerseth (3):
  cleanup: Remove RPM openvpn.spec build approach
  docs: Update INSTALL
  build: Package missing mock_msg.h

Gert Doering (5):
  repair windows builds (2.4)
  Increase listen() backlog queue to 32
  Force combinationation of --socks-proxy and --proto UDP to use IPv4.
  Fix IPv6 routes on tap interfaces on OpenSolaris/OpenIndiana
  preparing release v2.4.8 (ChangeLog, version.m4, Changes.rst)

Gisle Vanem (1):
  Wrong FILETYPE in .rc files

Hilko Bengen (1):
  Do not set pkcs11-helper 'safe fork mode'

Ilya Shipitsin (2):
  travis-ci: add "linux-ppc64le" to build matrix, change trusty image to 
xenial, update osx to xcode9.4 and modernize brew management
  travis-ci: fix osx builds

Kyle Evans (1):
  tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex.

Lev Stipakov (1):
  Fix various compiler warnings

Matthias Andree (1):
  Fix regression, reinstate LibreSSL support.

Michal Soltys (1):
  man: correct the description of --capath and --crl-verify regarding CRLs

Mykola Baibuz (1):
  Fix typo in NTLM proxy debug message

Richard Bonhomme (1):
  Ignore --pull-filter for --mode server

Rosen Penev (1):
  openssl: Fix compilation without deprecated OpenSSL 1.1 APIs

Selva Nair (3):
  Better error message when script fails due to script-security setting
  Correct the return value of cryptoapi RSA signature callbacks
  Handle PSS padding in cryptoapicert

Steffan Karger (1):
  cmocka: use relative paths

Thomas Quinot (1):
  Fix documentation of tls-verify script argument



signature.asc
Description: OpenPGP digital signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users