OpenVPN v2.4.9 release

2020.04.16 -- Version 2.4.9
Antonio Quartulli (1):
      socks: use the right function when printing struct openvpn_sockaddr

Arne Schwabe (3):
      Fetch OpenSSL versions via source/old links
      Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
      Fix OpenSSL 1.1.1 not using auto elliptic curve selection

Lev Stipakov (4):
      Fix broken fragmentation logic when using NCP
      Fix building with --enable-async-push in FreeBSD
      Fix broken async push with NCP is used
      Fix illegal client float (CVE-2020-11810)

Maxim Plotnikov (1):
      OpenSSL: Fix --crl-verify not loading multiple CRLs in one file

Santtu Lakkala (1):
      Fix OpenSSL private key passphrase notices

Selva Nair (7):
      Swap the order of checks for validating interactive service user
      Move querying username/password from management interface to a function
      When auth-user-pass file has no password query the management interface (if available).
      Fix possibly uninitialized return value in GetOpenvpnSettings()
      Fix possible access of uninitialized pipe handles
      Skip expired certificates in Windows certificate store
      Allow unicode search string in --cryptoapicert option

Tom van Leeuwen (1):
      mbedTLS: Make sure TLS session survives move

WGH (1):
      docs: Add reference to X509_LOOKUP_hash_dir(3)

OpenVPN v2.4.8 release

2019.10.30 -- Version 2.4.8
Antonio Quartulli (1):
      mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()

Arne Schwabe (1):
      Remove -no-cpp-precomp flag from Darwin builds

David Sommerseth (3):
      cleanup: Remove RPM openvpn.spec build approach
      docs: Update INSTALL
      build: Package missing mock_msg.h

Gert Doering (5):
      repair windows builds (2.4)
      Increase listen() backlog queue to 32
      Force combinationation of --socks-proxy and --proto UDP to use IPv4.
      Fix IPv6 routes on tap interfaces on OpenSolaris/OpenIndiana
      preparing release v2.4.8 (ChangeLog, version.m4, Changes.rst)

Gisle Vanem (1):
      Wrong FILETYPE in .rc files

Hilko Bengen (1):
      Do not set pkcs11-helper 'safe fork mode'

Ilya Shipitsin (2):
      travis-ci: add "linux-ppc64le" to build matrix, change trusty image to xenial, update osx to xcode9.4 and modernize brew management
      travis-ci: fix osx builds

Kyle Evans (1):
      tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex.

Lev Stipakov (1):
      Fix various compiler warnings

Matthias Andree (1):
      Fix regression, reinstate LibreSSL support.

Michal Soltys (1):
      man: correct the description of --capath and --crl-verify regarding CRLs

Mykola Baibuz (1):
      Fix typo in NTLM proxy debug message

Richard Bonhomme (1):
      Ignore --pull-filter for --mode server

Rosen Penev (1):
      openssl: Fix compilation without deprecated OpenSSL 1.1 APIs

Selva Nair (3):
      Better error message when script fails due to script-security setting
      Correct the return value of cryptoapi RSA signature callbacks
      Handle PSS padding in cryptoapicert

Steffan Karger (1):
      cmocka: use relative paths

Thomas Quinot (1):
      Fix documentation of tls-verify script argument

OpenVPN v2.4.7 release

2019.02.19 -- Version 2.4.7
Adam Ciarcin?ski (1):
      Fix subnet topology on NetBSD (2.4).

Antonio Quartulli (3):
      add support for %lu in argv_printf and prevent ASSERT
      buffer_list: add functions documentation
      ifconfig-ipv6(-push): allow using hostnames

Arne Schwabe (7):
      Properly free tuntap struct on android when emulating persist-tun
      Add OpenSSL compat definition for RSA_meth_set_sign
      Add support for tls-ciphersuites for TLS 1.3
      Add better support for showing TLS 1.3 ciphersuites in --show-tls
      Use right function to set TLS1.3 restrictions in show-tls
      Add message explaining early TLS client hello failure
      Fallback to password authentication when auth-token fails

Christian Ehrhardt (1):
      systemd: extend CapabilityBoundingSet for auth_pam

David Sommerseth (1):
      plugin: Export base64 encode and decode functions

Gert Doering (4):
      Add %d, %u and %lu tests to test_argv unit tests.
      Fix combination of --dev tap and --topology subnet across multiple platforms.
      Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
      preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)

Gert van Dijk (1):
      Minor reliability layer documentation fixes

James Bekkema (1):
      Resolves small IV_GUI_VER typo in the documentation.

Jonathan K. Bullard (1):
      Clarify and expand management interface documentation

Lev Stipakov (5):
      Refactor NCP-negotiable options handling
      init.c: refine functions names and description
      interactive.c: fix usage of potentially uninitialized variable
      options.c: fix broken unary minus usage
      Remove extra token after #endif

Richard van den Berg via Openvpn-devel (1):
      Fix error message when using RHEL init script

Samy Mahmoudi (1):
      man: correct a --redirection-gateway option flag

Selva Nair (7):
      Replace M_DEBUG with D_LOW as the former is too verbose
      Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
      Bump version of openvpn plugin argument structs to 5
      Move get system directory to a separate function
      Enable dhcp on tap adapter using interactive service
      Pass the hash without the DigestInfo header to NCryptSignHash()
      White-list pull-filter and script-security in interactive service

Simon Rozman (2):
      Add Interactive Service developer documentation
      Detect TAP interfaces with root-enumerated hardware ID

Steffan Karger (7):
      man: add security considerations to --compress section
      mbedtls: print warning if random personalisation fails
      Fix memory leak after sighup
      travis: add OpenSSL 1.1 Windows build
      Fix --disable-crypto build
      Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
      buffer_list_aggregate_separator(): simplify code

OpenVPN v2.4.6 release

2018.04.19 -- Version 2.4.6
David Sommerseth (1):
      management: Warn if TCP port is used without password

Gert Doering (3):
      Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
      Fix potential double-free() in Interactive Service (CVE-2018-9336)
      preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)

Gert van Dijk (1):
      manpage: improve description of --status and --status-version

Joost Rijneveld (1):
      Make return code external tls key match docs

Selva Nair (3):
      Delete the IPv6 route to the "connected" network on tun close
      Management: warn about password only when the option is in use
      Avoid overflow in wakeup time computation

Simon Matter (1):
      Add missing #ifdef SSL_OP_NO_TLSv1_1/2

Steffan Karger (1):
      Check for more data in control channel

OpenVPN v2.4.5 release

2018.02.28 -- Version 2.4.5
Antonio Quartulli (4):
      reload HTTP proxy credentials when moving to the next connection profile
      Allow learning iroutes with network made up of all 0s (only if netbits < 8)
      mbedtls: fix typ0 in comment
      manpage: fix simple typ0

Arne Schwabe (2):
      Treat dhcp-option DNS6 and DNS identical
      show the right string for key-direction

Bertrand Bonnefoy-Claudet (1):
      Fix typo in error message: "optione" -> "option"

David Sommerseth (8):
      lz4: Fix confused version check
      lz4: Fix broken builds when pkg-config is not present but system library is
      Remove references to keychain-mcd in Changes.rst
      lz4: Rebase compat-lz4 against upstream v1.7.5
      systemd: Add and ship README.systemd
      Update copyright to include 2018 plus company name change
      man: Add .TQ groff support macro
      man: Reword --management to prefer unix sockets over TCP

Emmanuel Deloget (1):
      OpenSSL: check EVP_PKEY key types before returning the pkey

Gert Doering (3):
      Remove warning on pushed tun-ipv6 option.
      Fix removal of on-link prefix on windows with netsh
      Preparing for release v2.4.5 (ChangeLog, version.m4, Changes.rst)

Ilya Shipitsin (2):
      travis-ci: add brew cache, remove ccache
      travis-ci: modify openssl build script to support openssl-1.1.0

James Bottomley (1):
      autoconf: Fix engine checks for openssl 1.1

Jeremie Courreges-Anglas (2):
      Cast time_t to long long in order to print it.
      Fix build with LibreSSL

Selva Nair (14):
      Check whether in pull_mode before warning about previous connection blocks
      Avoid illegal memory access when malformed data is read from the pipe
      Fix missing check for return value of malloc'd buffer
      Return NULL if GetAdaptersInfo fails
      Use RSA_meth_free instead of free
      Bring cryptoapi.c upto speed with openssl 1.1
      Add SSL_CTX_get_max_proto_version() not in openssl 1.0
      TLS v1.2 support for cryptoapicert -- RSA only
      Refactor get_interface_metric to return metric and auto flag separately
      Ensure strings read from registry are null-terminated
      Make most registry values optional
      Use lowest metric interface when multiple interfaces match a route
      Adapt to RegGetValue brokenness in Windows 7
      Fix format spec errors in Windows builds

Simon Rozman (11):
      Local functions are not supported in MSVC. Bummer.
      Mixing wide and regular strings in concatenations is not allowed in MSVC.
      RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h
      Simplify iphlpapi.dll API calls
      Fix local #include to use quoted form
      Document ">PASSWORD:Auth-Token" real-time message
      Fix typo in "verb" command examples
      Uniform swprintf() across MinGW and MSVC compilers
      MSVC meta files added to .gitignore list
      openvpnserv: Add support for multi-instances
      Document missing OpenVPN states

Steffan Karger (21):
      make struct key * argument of init_key_ctx const
      buffer_list_aggregate_separator(): add unit tests
      Add --tls-cert-profile option.
      Use P_DATA_V2 for server->client packets too
      Fix memory leak in buffer unit tests
      buffer_list_aggregate_separator(): update list size after aggregating
      buffer_list_aggregate_separator(): don't exceed max_len
      buffer_list_aggregate_separator(): prevent 0-byte malloc
      Fix types around buffer_list_push(_data)
      ssl_openssl: fix compiler warning by removing getbio() wrapper
      travis: use clang's -fsanitize=address to catch more bugs
      Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
      Add support for TLS 1.3 in --tls-version-{min, max}
      Plug memory leak if push is interrupted
      Fix format errors when cross-compiling for Windows
      Log pre-handshake packet drops using D_MULTI_DROPPED
      Enable stricter compiler warnings by default
      Get rid of ax_check_compile_flag.m4
      mbedtls: don't use API deprecated in mbed 2.7
      Warn if tls-version-max < tls-version-min
      Don't throw fatal errors from create_temp_file()

hashiz (1):
      Fix '--bind ipv6only'

Checkpoint 1, runnable obfuscation proof of concept (Linux)

OpenVPN 2.3.18 release

2017.09.25 -- Version 2.3.18
Antonio Quartulli (1):
      crypto: correct typ0 in error message

Steffan Karger (2):
      Deprecate --ns-cert-type
      Fix bounds check in read_key()

Szilárd Pfeiffer (1):
      OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag

OpenVPN v2.4.4 release

2017.09.25 -- Version 2.4.4
Antonio Quartulli (23):
      crypto: correct typ0 in error message
      use M_ERRNO instead of explicitly printing errno
      don't print errno twice
      ntlm: avoid useless cast
      ntlm: unwrap multiple function calls
      route: improve error message
      management: preserve wait_for_push field when asking for user/pass
      tls-crypt: avoid warnings when --disable-crypto is used
      ntlm: convert binary buffers to uint8_t *
      ntlm: restyle compressed multiple function calls
      ntlm: improve code style and readability
      OpenSSL: remove unreachable call to SSL_CTX_get0_privatekey()
      make function declarations C99 compliant
      remove unused functions
      use NULL instead of 0 when assigning pointers
      add missing static attribute to functions
      ntlm: avoid breaking anti-aliasing rules
      remove the --disable-multi config switch
      rename mroute_extract_addr_ipv4 to mroute_extract_addr_ip
      route: avoid definition of unused variables in certain configurations
      fix a couple of typ0s in comments and strings
      fragment.c: simplify boolean expression
      tcp-server: ensure AF family is propagated to child context

Arne Schwabe (2):
      Set tls-cipher restriction before loading certificates
      Print ec bit details, refuse management-external-key if key is not RSA

Conrad Hoffmann (2):
      Use provided env vars in up/down script.
      Document down-root plugin usage in client.down

David Sommerseth (11):
      doc: The CRL processing is not a deprecated feature
      cleanup: Move write_pid() to where it is being used
      contrib: Remove keychain-mcd code
      cleanup: Move init_random_seed() to where it is being used
      sample-plugins: fix ASN1_STRING_to_UTF8 return value checks
      Highlight deprecated features
      Use consistent version references
      docs: Replace all PolarSSL references to mbed TLS
      systemd: Ensure systemd shuts down OpenVPN in a proper way
      systemd: Enable systemd's auto-restart feature for server profiles
      lz4: Move towards a newer LZ4 API

Emmanuel Deloget (3):
      OpenSSL: remove pre-1.1 function from the OpenSSL compat interface
      OpenSSL: remove EVP_CIPHER_CTX_new() from the compat layer
      OpenSSL: remove EVP_CIPHER_CTX_free() from the compat layer

Gert van Dijk (1):
      Warn that DH config option is only meaningful in a tls-server context

Ilya Shipitsin (3):
      travis-ci: add 3 missing patches from master to release/2.4
      travis-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1
      travis-ci: update pkcs11-helper to 1.22

Richard Bonhomme (1):
      man: Corrections to doc/openvpn.8

Steffan Karger (17):
      Fix typo in extract_x509_extension() debug message
      Move adjust_power_of_2() to integer.h
      Undo cipher push in client options state if cipher is rejected
      Remove strerror_ts()
      Move openvpn_sleep() to manage.c
      fixup: also change missed openvpn_sleep() occurrences
      Always use default keysize for NCP'd ciphers
      Move create_temp_file() out of #ifdef ENABLE_CRYPTO
      Deprecate --keysize
      Deprecate --no-replay
      Move run_up_down() to init.c
      tls-crypt: introduce tls_crypt_kt()
      crypto: create function to initialize encrypt and decrypt key
      Add coverity static analysis to Travis CI config
      tls-crypt: don't leak memory for incorrect tls-crypt messages
      travis: reorder matrix to speed up build
      Fix bounds check in read_key()

Szilárd Pfeiffer (1):
      OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag

Thomas Veerman via Openvpn-devel (1):
      Fix socks_proxy_port pointing to invalid data

OpenVPN v2.3.17 release

2017.06.21 -- Version 2.3.17

David Sommerseth (2):
      backport: Ignore auth-nocache for auth-user-pass if auth-token is pushed
      auth-token with auth-nocache fix broke --disable-crypto builds

Gert Doering (2):
      Fix potential 1-byte overread in TCP option parsing.
      Fix remotely-triggerable ASSERT() on malformed IPv6 packet.

Guido Vranken (6):
      refactor my_strupr
      Fix 2 memory leaks in proxy authentication routine
      Fix memory leak in add_option() for option 'connection'
      Ensure option array p[] is always NULL-terminated
      Fix a null-pointer dereference in establish_http_proxy_passthru()
      Prevent two kinds of stack buffer OOB reads and a crash for invalid input data

Jérémie Courrèges-Anglas (2):
      Fix an unaligned access on OpenBSD/sparc64
      Missing include for socket-flags TCP_NODELAY on OpenBSD

Steffan Karger (4):
      openssl: fix overflow check for long --tls-cipher option
      Fix remote-triggerable memory leaks (CVE-2017-7521)
      Restrict --x509-alt-username extension types
      Fix potential double-free in --x509-alt-username (CVE-2017-7521)

OpenVPN v2.4.3 release

2017.06.21 -- Version 2.4.3
Antonio Quartulli (1):
      Ignore auth-nocache for auth-user-pass if auth-token is pushed

David Sommerseth (3):
      crypto: Enable SHA256 fingerprint checking in --verify-hash
      copyright: Update GPLv2 license texts
      auth-token with auth-nocache fix broke --disable-crypto builds

Emmanuel Deloget (8):
      OpenSSL: don't use direct access to the internal of X509
      OpenSSL: don't use direct access to the internal of EVP_PKEY
      OpenSSL: don't use direct access to the internal of RSA
      OpenSSL: don't use direct access to the internal of DSA
      OpenSSL: force meth->name as non-const when we free() it
      OpenSSL: don't use direct access to the internal of EVP_MD_CTX
      OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
      OpenSSL: don't use direct access to the internal of HMAC_CTX

Gert Doering (6):
      Fix NCP behaviour on TLS reconnect.
      Remove erroneous limitation on max number of args for --plugin
      Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
      Fix potential 1-byte overread in TCP option parsing.
      Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
      Update Changes.rst with relevant info for 2.4.3 release.

Guido Vranken (6):
      refactor my_strupr
      Fix 2 memory leaks in proxy authentication routine
      Fix memory leak in add_option() for option 'connection'
      Ensure option array p[] is always NULL-terminated
      Fix a null-pointer dereference in establish_http_proxy_passthru()
      Prevent two kinds of stack buffer OOB reads and a crash for invalid input data

Jérémie Courrèges-Anglas (2):
      Fix an unaligned access on OpenBSD/sparc64
      Missing include for socket-flags TCP_NODELAY on OpenBSD

Matthias Andree (1):
      Make openvpn-plugin.h self-contained again.

Selva Nair (1):
      Pass correct buffer size to GetModuleFileNameW()

Steffan Karger (11):
      Log the negotiated (NCP) cipher
      Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
      Skip tls-crypt unit tests if required crypto mode not supported
      openssl: fix overflow check for long --tls-cipher option
      Add a DSA test key/cert pair to sample-keys
      Fix mbedtls fingerprint calculation
      mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
      mbedtls: require C-string compatible types for --x509-username-field
      Fix remote-triggerable memory leaks (CVE-2017-7521)
      Restrict --x509-alt-username extension types
      Fix potential double-free in --x509-alt-username (CVE-2017-7521)

Steven McDonald (1):
      Fix gateway detection with OpenBSD routing domains

OpenVPN v2.3.16

2017.05.18 -- Version 2.3.16
Antonio Quartulli (1):
      fix redirect-gateway behaviour when an IPv4 default route does not exist

Guido Vranken (1):
      Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)

Selva Nair (1):
      Check for errors in the return value of GetModuleFileNameW()

Steven McDonald (1):
      Fix gateway detection with OpenBSD routing domains

OpenVPN v2.3.15

2017.05.11 -- Version 2.3.15
David Sommerseth (6):
      dev-tools: Added script for updating copyright years in files
      Update copyrights
      docs: Further improve --reneg-bytes and SWEET32 information
      git: Merge .gitignore files into a single file
      Make --cipher/--auth none more explicit on the risks
      Prepare v2.3.15 release

Gert Doering (1):
      Document --proto udp6, tcp6, etc.

Julien Muchembled (1):
      Fix implicit declarations when HAVE_OPENSSL_ENGINE is unset

Steffan Karger (6):
      Add missing includes in error.h
      cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
      Document that OpenVPN 2.3 does not check the CRL signature
      Introduce and use secure_memzero() to erase secrets
      Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
      Don't assert out on receiving too-large control packets (CVE-2017-7478)

OpenVPN v2.4.2 release

2017.05.11 -- Version 2.4.2
David Sommerseth (5):
      auth-token: Ensure tokens are always wiped on de-auth
      docs: Fixed man-page warnings discoverd by rpmlint
      Make --cipher/--auth none more explicit on the risks
      plugin: Fix documentation typo for type_mask
      plugin: Export secure_memzero() to plug-ins

Hristo Venev (1):
      Fix extract_x509_field_ssl for external objects, v2

Selva Nair (1):
      In auth-pam plugin clear the password after use

Steffan Karger (10):
      cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
      Don't run packet_id unit tests for --disable-crypto builds
      Fix Changes.rst layout
      Fix memory leak in x509_verify_cert_ku()
      mbedtls: correctly check return value in pkcs11_certificate_dn()
      Restore pre-NCP frame parameters for new sessions
      Always clear username/password from memory on error
      Document tls-crypt security considerations in man page
      Don't assert out on receiving too-large control packets (CVE-2017-7478)
      Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)

ValdikSS (1):
      Set a low interface metric for tap adapter when block-outside-dns is in use

OpenVPN v2.4.1 release

2017.03.21 -- Version 2.4.1
Antonio Quartulli (4):
      attempt to add IPv6 route even when no IPv6 address was configured
      fix redirect-gateway behaviour when an IPv4 default route does not exist
      CRL: use time_t instead of struct timespec to store last mtime
      ignore remote-random-hostname if a numeric host is provided

Christian Hesse (7):
      man: fix formatting for alternative option
      systemd: Use automake tools to install unit files
      systemd: Do not race on RuntimeDirectory
      systemd: Add more security feature for systemd units
      Clean up plugin path handling
      plugin: Remove GNUism in openvpn-plugin.h generation
      fix typo in notification message

David Sommerseth (6):
      management: >REMOTE operation would overwrite ce change indicator
      management: Remove a redundant #ifdef block
      git: Merge .gitignore files into a single file
      systemd: Move the READY=1 signalling to an earlier point
      plugin: Improve the handling of default plug-in directory
      cleanup: Remove faulty env processing functions

Emmanuel Deloget (8):
      OpenSSL: check for the SSL reason, not the full error
      OpenSSL: don't use direct access to the internal of X509_STORE_CTX
      OpenSSL: don't use direct access to the internal of SSL_CTX
      OpenSSL: don't use direct access to the internal of X509_STORE
      OpenSSL: don't use direct access to the internal of X509_OBJECT
      OpenSSL: don't use direct access to the internal of RSA_METHOD
      OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1
      OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit()

Eric Thorpe (1):
      Fix Building Using MSVC

Gert Doering (4):
      Add openssl_compat.h to openvpn_SOURCES
      Fix '--dev null'
      Fix installation of IPv6 host route to VPN server when using iservice.
      Make ENABLE_OCC no longer depend on !ENABLE_SMALL

Gisle Vanem (1):
      Crash in options.c

Ilya Shipitsin (2):
      Resolve several travis-ci issues
      travis-ci: remove unused files

Olivier Wahrenberger (1):
      Fix building with LibreSSL 2.5.1 by cleaning a hack.

Selva Nair (4):
      Fix push options digest update
      Always release dhcp address in close_tun() on Windows.
      Add a check for -Wl, --wrap support in linker
      Fix user's group membership check in interactive service to work with domains

Simon Matter (1):
      Fix segfault when using crypto lib without AES-256-CTR or SHA256

Steffan Karger (8):
      More broadly enforce Allman style and braces-around-conditionals
      Use SHA256 for the internal digest, instead of MD5
      OpenSSL: 1.1 fallout - fix configure on old autoconf
      Fix types in WIN32 socket_listen_accept()
      Remove duplicate X509 env variables
      Fix non-C99-compliant builds: don't use const size_t as array length
      Deprecate --ns-cert-type
      Be less picky about keyUsage extensions