this commit starts work on "master" after branching off "release/2.7"
-> version.m4 set to "2.8_git", ChangeLog emptied, Changes.rst prepared
for notable news in Release 2.8
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Only very minor differences to the last release candidate, 2.7_rc6.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_rc6" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta/rc*
releases it's better to look at git log to see what has been added/fixed.
Notable changes rc5 -> rc6 are:
- bugfix on restarting a p2mp server instance with SIGUSR1 (inadvertedly
closing fd 0, causing a crash on the next restart - GH #966)
- prevent NULL pointer crash on suitable combination of --dns-updown
statements in openvpn config file (not pushable)
- prevent inappropriate management interface activity if a password is
set and --management-forget-disconnect or --management-signal are active
- more conversion warnings fixed
- Windows: interactive service - some initial unit tests added for the
most complex string conversion function (ConvertItfDnsDomains())
- remove #ifdefs around socket sendbuf/receive buf handling, assuming that
all platforms that have POSIX sockets have this.
- add mbedTLS 4 support
- fix check for failed fork() in port-share code
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_rc5" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta/rc*
releases it's better to look at git log to see what has been added/fixed.
Notable changes rc4 -> rc5 are:
- CVE 2025-15497 in epoch key handling (an authenticated remote system
can send a valid OpenVPN data packet that triggers an edge case
where a too-strict check would trigger an ASSERT(), exiting OpenVPN)
- remove "resolve --remote on incoming TCP connects on --tcp-server"
code base, because that did not work in a long time (since 2.4) and
is seen as too obscure and too complicated to rescue.
- repair interaction between DCO and persist-tun after reconnection
(in this case the client side would fail to set up the DCO event
handler, and not notice further --ping timeouts - GH: #947)
- remove ENABLE_X509ALTUSERNAME conditional, always enabling
"configure --enable-x509-alt-username". Effectively no change in
code size, and one less build variant to maintain and test (GH: #917).
- require "script-security 2" when using --dev unix:<program>
- socks client: fix and improve various code parts
- configure etc: drop support for systemd 216 and older, adapt
other checks to reflect modern systemd setups
- fix unit test building with libcmocka 2.0+
- fix Android build warnings about unused variables/methods
- allow --test-crypto to run without --secret
(prepare for removal of --secret after 2.7)
- improve WolfSSL build compatibility
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_rc4" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta/rc*
releases it's better to look at git log to see what has been added/fixed.
Notable changes rc3 -> rc4 are:
- Windows interactive service: do not configure adapter DNS if
there are no search-domains but there are resolve-domains (which
get resolved via NRPT rules) - GH: OpenVPN/openvpn#473
- improve documentation and error messages for a number of deprecated
options
- improve documentation for not-really-deprecated-yet ``--ns-cert-type``
- Windows IPv4 configuration with netsh.exe: ensure addresses are added
with "store=active" (ensure proper cleanup) - GH: OpenVPN/openvpn#915
- Windows: set UTF8 code page in openvpn.exe manifest, to make cert/key
loading work again for files with non-ASCII characters in their file
name (GH: OpenVPN/openvpn#920)
- tun.c: unify read_tun()/write_tun() functions for all BSD platforms
- more type conversion related cleanups
- add NULL check before freeaddrinfo() call, which might lead to a
crash on OpenBSD (GH: OpenVPN/openvpn#930)
- add NULL check to mbedtls handling of external and inline certificates
- add check for auth none / cipher none on FreeBSD DCO
- add CAP_SYS_NICE to positive list in Linux systemd unit files
(GH: OpenVPN/openvpn#834)
- drop mbedtls 2.x support (which is end of life, and work on mbedtls 4
is much simplified by not having to take care of 2.x compat as well)
- PUSH_UPDATE: bugfix for the client side where split/continued messages
(due to large number of "route" statements) would not correctly handle
the full set of routes. Add unit test. (GH: OpenVPN/openvpn#925)
- new unit test module for mbuf handling
- deprecate --fast-io option (it got partially broken by the multisocket
implementation, and the benefits of the existing implementation did
not outweigh the extra code complexity to make it work again)
- change the ssl_ctx in struct tls_options to be a pointer - this is
a shared data structure between various contexts, but previously it
was shallow-copied, leading to needless CRL reloading - and when
working on implementing the new OpenSSL CRL API, to segfaults
(the existing code works, as these new APIs are not used yet).
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_rc3" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta/rc*
releases it's better to look at git log to see what has been added/fixed.
Notable changes rc2 -> rc3 are:
- Windows/Interactive Service bugfixes
many small bugfixes to registry-related DNS domain handling
- Windows/Interactive Service: harden service pipe handling
close a small race condition, and add restrictive ACLs
- Windows/Interactive Service: CVE-2025-13751
fix bug where the interactive service would error-exit in
certain error conditions instead of just logging the fact and
continuing. After the error-exit, OpenVPN connections will no
longer work until the service is restarted (or the system rebooted).
This can be triggered by any authenticated local user, and has
thus been classified as a "local denial of service" attack.
- more type conversion related warnings have been fixed
- --multihome behaviour regarding egress interface selection has been
changed. See Changes.rst and manpage for details.
- cleanup dead code in event handling code (leftover of the multisocket
patch set)
- add new feature, --tls-crypt-v2-max-age n. See Changes.rst and
manpage for details.
- improve documentation to point out the pitfalls of case-insensitive
filesystems and --client-config-dir
- split default gateway query logic in two:
- for --redirect-gateway functionality, query for the gateway towards
the actual IP address of the VPN server connecting to
- for the "net_gateway" special destination for --route, and the
corresponding environment variable, always query for 0.0.0.0 / ::
(this will only make a difference in certain scenarios using a local
proxy, or on a system with multiple interfaces, not using the "default
route" for the VPN connection - see github#890)
- upgrade embedded pkcs11-helper vcpkg + pkcs11-uri patch to 1.31
- CMake / autoconf cleanup wrt unused checks, outdated old-Linux checks,
Windows oddities
- DCO (primarily Linux): improve handling of bulk notifications from
kernel (do not lose notifications, do not crash) (github#900)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_rc2" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
Notable changes rc1 -> rc2 are:
- IPv6 address parsing: fix buffer overread on invalid input
(CVE-2025-12106)
- HMAC verification check: fix incorrect memcmp() call
(CVE-2025-13086)
- even more type conversion related warnings have been fixed
- DCO FreeBSD improvements:
improving debug messages (verb 6)
implement client-side counter handling
repair --inactive (and document shortcomings)
repair handling of DCO disconnection notifications in --client mode
- Windows/Service improvements, hardening, bugfixes
fix DNS address list generation (if 3 or more --dns addresses in use)
fix DNS server undo_list
disallow "stdin" as config name unless user has OpenVPN admin privs
fix compilation errors with MSVC v19
iservice: improve validation of config path (pathcc lib)
[NOTE: this breaks OpenVPN compatibility with Windows 7]
tapctl: refactor, improve output, change driver default to ovpn-dco
iservice: when restoring iface metrics, enforce correct ifindex
- improve cmocka unit test assert() handling
- PUSH_UPDATE server: fix reporting of client IPs in ``status`` output
after pushing a new IPv4/IPv6 address to client
- AEAD cipher safety margins: fix calculation of AEAD blocks in use
(old code would undercount blocks)
- fix invalid pointer creation / memory overread in tls_pre_decrypt
- deprecate ``--opt-verify`` (change into no-op + warning)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_rc1" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
Notable changes beta3 -> rc1 are:
- even more type conversion related warnings have been fixed
- more bugfixes related to BYTECOUNT display on the management
interface and byte counters on DCO platforms in general
- numerous minibugs reported by ZeroPath AI have been fixed
(small memleaks, possible file descriptor leaks, improved
sanity checks, add ASSERT() on function contracts, etc.)
- add warning for unsupported combination of --push and --tls-server
- add warning for unsupported combination of --reneg-bytes or
--reneg-pkts with DCO
- remove perf_push()/perf_pop() infrastructure (because it did not
work anymore, and compiler profiling will give better results today)
- ensure compatibility with OpenSSL 3.6.0 - specifically, do not crash
in t_lpback.sh trying to use new encrypt-then-mac (ETM) ciphers
- improved PUSH_UPDATE server side support, which now handles changes
of pushed ifconfig/ifconfig-ipv6 addresses correctly (send packets
to new IP addresses to this client, stop sending packets to the old
addresses).
- improve CONTRIBUTING documentation
- add unit test for DHCP packet infrastructure
- freshen URLs all over the tree, and change to HTTPS where possible
- on DCO Linux/FreeBSD, add support for clients receiving an IPv4/IPv6
address that is not part of the --server/--server-ipv6 subnet
(= install extra on-interface host routes).
- Windows programs use a new API for path name canonicalization now
(PathCchCanonicalizeEx()) which will break building with MinGW on
Ubuntu 22.04 -> Upgrade to 24.04 to make builds work again.
- on Windows, when setting up WINS servers using netsh, use interface
index instead of adapter name now ("as for all other netsh calls")
- remove undocumented and unused --memstats feature
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_beta3" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
Notable changes beta2 -> beta3 are:
- even more of signed/unsigned related warnings have been fixed
- document that PUSH_UPDATE is (as of now) not compatible with DCO,
and add adequate checks
- improvements on PUSH_UPDATE handling on the server side
- bugfixes reconnect and PUSH_UPDATE handling on the client side
(notably handling of ifconfig/ifconfig-ipv6/redirect-gateway ipv6
if the server is not always pushing the same address families)
- improve "recursive routing checks", prepare the way for a
policy-based setup where "packets to VPN server" could end up
in the tunnel without interfering with OpenVPN operations
- improve unit testing, add more unit tests, fix unit test bugs
- add support for "eoch" data format to DCO on Windows
(needs dco-win driver 2.8.0+)
- clean up and remove outdated stuff from COPYING
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_beta2" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
Notable changes beta1 -> beta2 are:
- even more of signed/unsigned related warnings have been fixed
- #pragmas have been added to all to-be-fixed source files, so we can
now always enable -Wconversion to see if new code brings new warnings
(and the CI infra builds with -Werror)
- add proper input sanitation to DNS strings to prevent an attack
coming from a trusted-but-malicous OpenVPN server (CVE: 2025-10680,
affects unixoid systems with --dns-updown scripts and windows using
the built-in powershell call)
- greatly improved event log handling for the Windows interactive service
- this brings build system changes and a new openvpnservmsg.dll
- bugfixes when using multi-socket on windows
(properly recognize that TCP server mode does not work with DCO,
properly handle TCP multi-socket server setups without DCO)
- bring back configuring of IPv4 broadcast addresses on Linux
(also backported to 2.6.15)
- Rename Fox Crypto to Sentyron in copyright notices
- Switch test_ssl certificate from RSA 2048 to secp384r1
(so "make check" runs with OpenSSL set to @SECLEVEL=3)
- repair "--dhcp-option DNS" setting in combination with DHCP (TAP)
or --up scripts (GH issue #839, #840)
- clean up MI prefix handling
- replace all assert() calls with OpenVPN ASSERT()
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_beta1" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
New features alpha3 -> beta1 are
- a large number of signed/unsigned related warnings have been fixed
- bugfixes in --dns-updown script for linux systems using resolvconf
- rewrite of the management interface "bytecount" infastructure to better
interact with DCO
- PUSH_UPDATE server support (via management interface)
- introduction of route_redirect_gateway_ipv4 and _ipv6 env variables
- speeding up t_client tests by reducing per-test startup delay 3s -> 1s
The biggest noticeable difference in beta1 is the reformatting using
clang-format, leaving uncrustify as that wasn't stable across versions.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog, Changes.rst
Changes.rst has not received an "2.7_alpha3" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
New features alpha2 -> alpha3 are
- --dns-updown script for macOS
- client-side support for PUSH_UPDATE handling
- support for floating TLS clients when DCO is active
(handling float notifications sent from kernel to userland)
- use of user-defined routing tables on Linux
- PQE support for WolfSSL
Besides new features, alpha3 sees a rewrite of the way kernel events
are handled by the linux DCO module, because under certain circumstances
notifications could get lost, leading to problems later.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
version.m4, ChangeLog
Changes.rst has not received an "2.7_alpha2" section - it has the
"highlevel" overview of what is new in 2.7, but for alpha/beta releases
it's better to look at git log to see what has been added/fixed.
The only new feature alpha1 -> alpha2 is "TLS 1.3 support with
bleeding-edge mbedTLS versions"
version.m4, ChangeLog, Changes.rst
(ChangeLog in "master" will revert to its normal state of "empty"
after release/2.7 is forked off into its own branch)
Additionally, add test_common.h to tests/unit_tests/openvpn/Makefile.am
(..._SOURCES) so it's packed into the "make dist" tarball
Change-Id: I80a14b77fcc2fabf51af9f2d5ea0c36362cccb91
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Manually excluded ovpn_dco_win.h because it is an
imported file. ovpn_dco_linux.h is already excluded
because it still says 2021.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230110160531.81010-1-frank@lichtenheld.com>
URL: https://patchwork.openvpn.net/project/openvpn2/patch/20230110160531.81010-1-frank@lichtenheld.com/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
ChangeLog is not maintained in "master", document as such.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20220810084701.13226-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24854.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Update performed by means of: dev-tools/update-copyright.sh
Cc: David Sommerseth <davids@openvpn.net>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20220125142456.18176-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23650.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The autumn of 2017, OpenVPN Technologies, Inc changed name to just
OpenVPN Inc. Otherwise, extend the copyright to cover 2018 as well.
With the exception of the company name change, all changes have been
performed by the dev-tools/update-copyright.sh script.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20180131140314.11103-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16418.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Also ensuring the ChangeLog is completely UTF-8 encoded; discovered
one ChangeLog entry had ISO-8859-1 encoding.
Signed-off-by: David Sommerseth <davids@openvpn.net>
These are routes where the gateway is specified as an interface rather
than an address. This allows redirect-gateway to work on Linux clients
whose connection to the internet is via a point-to-point link such as
PPP.
Note that at the moment, this capability is incompatible with
the "redirect-gateway block-local" directive -- this is because
the block-local directive blocks all traffic from the local LAN
except for the local and gateway addresses. Since a PPP link
is essentially a subnet of two addresses, local and remote (i.e.
gateway), the set of addresses that would be blocked by block-local
is empty. Therefore, the "redirect-gateway block-local" directive
will be ignored on PPP links.
To view the OpenVPN client's current determination of the default
gateway, use this command:
./openvpn --show-gateway
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7794 e7ae566f-a301-0410-adde-c780ea21d3b5
Signed-off-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
The config-win32.h and service-win32/msvc.mak was not included
into the final source balls when using 'make dist', which is
crucial for Windows building.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Fixed potential local privilege escalation vulnerability in
Windows service. The Windows service did not properly quote the
executable filename passed to CreateService. A local attacker
with write access to the root directory C:\ could create an
executable that would be run with the same privilege level as
the OpenVPN Windows service. However, since non-Administrative
users normally lack write permission on C:\, this vulnerability
is generally not exploitable except on older versions of Windows
(such as Win2K) where the default permissions on C:\ would allow
any user to create files there.
Credit: Scott Laurie, MWR InfoSecurity
Version 2.1.2
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6400 e7ae566f-a301-0410-adde-c780ea21d3b5
