Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
openvpn: updated to 2.6.13
Overview of changes in 2.6.13
=============================
New features
------------
- on non-windows clients (MacOS, Linux, Unix) send "release" string from
uname() call as IV_PLAT_VER= to server - while highly OS specific this
is still helpful to keep track of OS versions used on the client side
- Windows: protect cached username, password and token in client memory
(using the CryptProtectMemory() windows API
- Windows: use new API to get dco-win driver version from driver
(newly introduced non-exclusive control device)
- Linux: pass --timeout=0 argument to systemd-ask-password, to avoid
default timeout of 90 seconds ("console prompting also has no timeout")
Bug fixes
---------
- fix potentially unaligned access in drop_if_recursive_routing on
Linux (ASAN)
- correct documentation for port-share journal
- fix logging of IPv6 addresses in port-share journal
- fix various typos in messages, documentation, comments and examples
- FreeBSD DCO: fix memory leaks in nvlist handling
- route handling: correctly handle case of "route installation fails"
in the face of an already-existing route - previously, OpenVPN would
remove the "other" route on exit, incorrectly changing system state.
- fix generation of warning messages for overlapping --local/--remote
and --ifconfig addresses
- purge proxy authentication credentials from memory after use
(if --auth-nocache is in use)
- fix missing space in various (long and wrapped) msg() calls
Code maintenance
----------------
- improve documentation/examples for <peer-fingerprint> feature
- simplify Github Action macOS build setup
- update Github Action macOS runners (remove macOS 12, add macOS 15)
- fix a number of uninitialized "struct user_pass" local variables
(no impact beyond "compiler warning", but future-proofing the code)
Security fixes
--------------
- improve server-side handling of clients sending usernames or passwords
longer than USER_PASS_LEN - this would not result in a crash, buffer
overflow or other security issues, but the server would then misparse
incoming IV_* variables and produce misleading error messages.
| Revision | Action | file |
| 1.109 | modify | pkgsrc/net/openvpn/Makefile |
| 1.40 | modify | pkgsrc/net/openvpn/Makefile.common |
| 1.71 | modify | pkgsrc/net/openvpn/distinfo |
| 1.46 | modify | pkgsrc/net/openvpn-acct-wtmpx/distinfo |
| 1.43 | modify | pkgsrc/net/openvpn-nagios/distinfo |