Log message:
openvpn: updated to 2.6.13

Overview of changes in 2.6.13
=============================
New features
------------
- on non-windows clients (MacOS, Linux, Unix) send "release" string from
  uname() call as IV_PLAT_VER= to server - while highly OS specific this
  is still helpful to keep track of OS versions used on the client side

- Windows: protect cached username, password and token in client memory
  (using the CryptProtectMemory() windows API

- Windows: use new API to get dco-win driver version from driver
  (newly introduced non-exclusive control device)

- Linux: pass --timeout=0 argument to systemd-ask-password, to avoid
  default timeout of 90 seconds ("console prompting also has no timeout")

Bug fixes
---------
- fix potentially unaligned access in drop_if_recursive_routing on
  Linux (ASAN)

- correct documentation for port-share journal

- fix logging of IPv6 addresses in port-share journal

- fix various typos in messages, documentation, comments and examples

- FreeBSD DCO: fix memory leaks in nvlist handling

- route handling: correctly handle case of "route installation fails"
  in the face of an already-existing route - previously, OpenVPN would
  remove the "other" route on exit, incorrectly changing system state.

- fix generation of warning messages for overlapping --local/--remote
  and --ifconfig addresses

- purge proxy authentication credentials from memory after use
  (if --auth-nocache is in use)

- fix missing space in various (long and wrapped) msg() calls

Code maintenance
----------------
- improve documentation/examples for <peer-fingerprint> feature

- simplify Github Action macOS build setup

- update Github Action macOS runners (remove macOS 12, add macOS 15)

- fix a number of uninitialized "struct user_pass" local variables
  (no impact beyond "compiler warning", but future-proofing the code)

Security fixes
--------------
- improve server-side handling of clients sending usernames or passwords
  longer than USER_PASS_LEN - this would not result in a crash, buffer
  overflow or other security issues, but the server would then misparse
  incoming IV_* variables and produce misleading error messages.

Log message:
*: recursive bump for icu 76 shlib major version bump

Log message:
*: revbump for icu downgrade

Log message:
*: recursive bump for icu 76.1 shlib bump

Log message:
openvpn: updated to 2.6.12

v2.6.12

Bug fixes:

the fix for CVE-2024-5594 (refuse control channel messages with
nonprintable characters) was too strict, breaking user configurations
with AUTH_FAIL messages having trailing CR/NL characters. This often
happens if the AUTH_FAIL reason is set by a script. Strip those before
testing the command buffer. Also, add unit test.
Http-proxy: fix bug preventing proxy credentials caching.

Log message:
revbump after icu and protobuf updates

Log message:
*: recursive bump for gnutls p11-kit option

(existing installations need the bl3.mk included, but it's now only
optionally included)

Log message:
openvpn: updated to 2.6.10

Version 2.6.10

Christoph Schug (1):
      Update documentation references in systemd unit files

Frank Lichtenheld (6):
      Fix typo --data-cipher-fallback
      samples: Remove tls-*.conf
      check_compression_settings_valid: Do not test for LZ4 in LZO check
      t_client.sh: Allow to skip tests
      Update Copyright statements to 2024
      GHA: general update March 2024

Lev Stipakov (4):
      win32: Enforce loading of plugins from a trusted directory
      interactive.c: disable remote access to the service pipe
      interactive.c: Fix potential stack overflow issue
      Disable DCO if proxy is set via management

Martin Rys (1):
      openvpn-[client|server].service: Remove syslog.target

Max Fillinger (1):
      Remove license warning from README.mbedtls

Selva Nair (1):
      Document that auth-user-pass may be inlined

wellweek (1):
      remove repetitive words in documentation and comments