Tags give the ability to mark specific points in history as being important
-
v2.2-beta4
4729263d · ·2010.11.18 -- Version 2.2-beta4 David Sommerseth (10): Clarified --explicit-exit-notify man page entry Clean-up: Remove pthread and mutex locking code Clean-up: Remove more dead and inactive code paths Clean-up: Removing useless code - hash related functions Use stricter snprintf() formatting in socks_username_password_auth() (v3) Fix compiler warnings about not used dummy() functions Fixed potential misinterpretation of boolean logic Only add some functions when really needed Removed functions not being used anywhere Merged add_bypass_address() and add_host_route_if_nonlocal() Gert Doering (3): Integrate support for TAP mode on Solaris, written by Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>. Make "topology subnet" work on Solaris Improved man page entry for script_type James Yonan (5): Fixed initialization bug in route_list_add_default_gateway (Gert Doering). Implement challenge/response authentication support in client mode Make base64.h have the same conditional compilation expression as base64.c. Fixed compiling issues when using --disable-crypto In verify_callback, the subject var should be freed by OPENSSL_free, not free Jesse Young (1): Remove hardcoded path to resolvconf Lars Hupel (1): Add HTTP/1.1 Host header Pierre Bourdon (1): Adding support for SOCKS plain text authentication Samuli Seppänen (2): Added check for variable CONFIGURE_DEFINES into options.c Added command-line option parser and an unsigned build option to build_all.py -
v2.1.4
4eb21d22 · ·2010.11.04 -- Version 2.1.4 * Fix problem with special case route targets ('remote_host') The init_route() function will leave &netlist untouched for get_special_addr() routes ("remote_host" being one of them). netlist is on stack, contains random garbage, and netlist.len will not be 0 - thus, random stack data is copied from netlist.data[] until the route_list is full. Thanks to Teodo MICU and Gert Doering for finding and fixing this issue. -
v2.2-beta3
842783a9 · ·2010.08.21 -- Version 2.2-beta3 * Attempt to fix issue where domake-win build system was not properly signing drivers and .exe files. Added win/tap_span.py for building multiple versions of the TAP driver and tapinstall binaries using different DDK versions to span from Win2K to Win7 and beyond. * Community patches David Sommerseth (2): Test framework improvment - Do not FAIL if t_client.rc is missing More t_client.sh updates - exit with SKIP when we want to skip Gert Doering (4): Fix compile problems on NetBSD and OpenBSD Fix <net/if.h> compile time problems on OpenBSD for good full "VPN client connect" test framework for OpenVPN Build t_client.sh by configure at run-time. chantra (1): Fixes openssl-1.0.0 compilation warning -
-
v2.2-beta2
39cd9376 · ·2010.08.16 -- Version 2.2-beta2 * Windows security issue: Fixed potential local privilege escalation vulnerability in Windows service. The Windows service did not properly quote the executable filename passed to CreateService. A local attacker with write access to the root directory C:\ could create an executable that would be run with the same privilege level as the OpenVPN Windows service. However, since non-Administrative users normally lack write permission on C:\, this vulnerability is generally not exploitable except on older versions of Windows (such as Win2K) where the default permissions on C:\ would allow any user to create files there. Credit: Scott Laurie, MWR InfoSecurity * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * Fixed compiler warning in ssl.c when compiling with --enable-strict
-
v2.2-beta1
4c1938aa · ·2010.08.10 -- Version 2.2-beta1 * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: Improved the ability of http-auth "auto" flag to dynamically detect the auth method required by the proxy. Added http-auth "auto-nct" flag to reject weak proxy auth methods. Added HTTP proxy digest authentication method. Removed extraneous openvpn_sleep calls from proxy.c. * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds. * Added support for MSVC debugging of openvpn.exe in settings.in: # Build debugging version of openvpn.exe !define PRODUCT_OPENVPN_DEBUG * Implemented multi-address DNS expansion on the network field of route commands. When only a single IP address is desired from a multi-address DNS expansion, use the first address rather than a random selection. * Added --register-dns option for Windows. Fixed some issues on Windows with --log, subprocess creation for command execution, and stdout/stderr redirection. * Fixed an issue where application payload transmissions on the TLS control channel (such as AUTH_FAILED) that occur during or immediately after a TLS renegotiation might be dropped. * Added warning about tls-remote option in man page. * Community patches (from openvpn-testing.git tree) Alberto Gonzalez Iniesta (1): Debian patch: Fix spelling in log message Dan Nelson (1): bash->bourne script cleanup Daniel Johnson (1): auth-pam plugin update: Support DOMAIN+USERNAME in config David Sommerseth (22): Reworked the eurephia patch for inclusion to the openvpn-testing tree Added mapping files from SVN commit ID to more descriptive commit IDs. verb 5 logging wrongly reports received bytes On TARGET_LINUX define _GNU_SOURCE if not defined Fix autotools cross-compiling support Add comile time information/settings from ./configure to --version Make use of counter_type instead of int when counting bytes and network packets Updated the man page to reflect the behavioural change of create_temp_file() Removed no longer needed delete_file() call Fixed potential NULL pointer issue Fix dependency checking for configure.h (v2) Make use of automake CLEANFILES variable instead of clean-local rule Don't add compile time information if --enable-small is used Harden create_temp_filename() (version 2) Renamed all calls to create_temp_filename() Updated the man page to reflect the behavioural change of create_temp_file() Removed no longer needed delete_file() call Avoid repetition of "this config may cache passwords in memory" (v2) Revamped the script-security warning logging (version 2) Fixed client hang when server don't PUSH (aka the NO_SOUP_FOR_YOU patch) Solved hidden merge conflict between changes in feat_misc and bugfix2.1 Fix multiple configured scripts conflicts issue (version 2) Davide Brini (6): OCSP_check.sh: new check logic The man page does not mention that the default value of "mssfix" is 1450. Enhance contrib/pull-resolv-conf/client.{up,down} scripts Fix missing /bin/bash -> /bin/sh Fix certificate serial number export Exclude ping and control packets from activity Emilien Mantel (2): Choose a different field in X509 to be username Fixed static defined length check to use sizeof() Enrico Scholz (1): Allow 'lport 0' setup for random port binding Fabian Knittel (1): ssl.c: fix use of openvpn_run_script()'s return value Gert Doering (3): remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfig Implement IPv6 in TUN mode for Windows TAP driver. fix date format mistake in PRODUCT_TAP_RELDATE (Peter Stuge) Jan Brinkmann (1): The man page needs dash escaping in UTF-8 environments Karl O. Pinc (2): Change verify-cn so cn is no longer hardcoded in openvpn's config file Several updates to openvpn.8 (man page updates) Mathieu GIANNECCHINI (1): enhance tls-verify possibility Wil Cooley (1): pkitool lacks expected option "--help" chantra (2): Handle non standard subnets in PF grammar Fix errors in openvpn-plugin.h documentation -
-
-
-
-
-
-
-
-
-
-
-
-
-