Preparing for release v2.4.5 (ChangeLog, version.m4, Changes.rst)

Signed-off-by: Gert Doering <[email protected]>

ChangeLog

@@ -1,6 +1,104 @@
 OpenVPN Change Log
 Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
 
+2018.02.28 -- Version 2.4.4
+Antonio Quartulli (4):
+      reload HTTP proxy credentials when moving to the next connection profile
+      Allow learning iroutes with network made up of all 0s (only if netbits < 8)
+      mbedtls: fix typ0 in comment
+      manpage: fix simple typ0
+
+Arne Schwabe (2):
+      Treat dhcp-option DNS6 and DNS identical
+      show the right string for key-direction
+
+Bertrand Bonnefoy-Claudet (1):
+      Fix typo in error message: "optione" -> "option"
+
+David Sommerseth (8):
+      lz4: Fix confused version check
+      lz4: Fix broken builds when pkg-config is not present but system library is
+      Remove references to keychain-mcd in Changes.rst
+      lz4: Rebase compat-lz4 against upstream v1.7.5
+      systemd: Add and ship README.systemd
+      Update copyright to include 2018 plus company name change
+      man: Add .TQ groff support macro
+      man: Reword --management to prefer unix sockets over TCP
+
+Emmanuel Deloget (1):
+      OpenSSL: check EVP_PKEY key types before returning the pkey
+
+Gert Doering (2):
+      Remove warning on pushed tun-ipv6 option.
+      Fix removal of on-link prefix on windows with netsh
+
+Ilya Shipitsin (2):
+      travis-ci: add brew cache, remove ccache
+      travis-ci: modify openssl build script to support openssl-1.1.0
+
+James Bottomley (1):
+      autoconf: Fix engine checks for openssl 1.1
+
+Jeremie Courreges-Anglas (2):
+      Cast time_t to long long in order to print it.
+      Fix build with LibreSSL
+
+Selva Nair (14):
+      Check whether in pull_mode before warning about previous connection blocks
+      Avoid illegal memory access when malformed data is read from the pipe
+      Fix missing check for return value of malloc'd buffer
+      Return NULL if GetAdaptersInfo fails
+      Use RSA_meth_free instead of free
+      Bring cryptoapi.c upto speed with openssl 1.1
+      Add SSL_CTX_get_max_proto_version() not in openssl 1.0
+      TLS v1.2 support for cryptoapicert -- RSA only
+      Refactor get_interface_metric to return metric and auto flag separately
+      Ensure strings read from registry are null-terminated
+      Make most registry values optional
+      Use lowest metric interface when multiple interfaces match a route
+      Adapt to RegGetValue brokenness in Windows 7
+      Fix format spec errors in Windows builds
+
+Simon Rozman (11):
+      Local functions are not supported in MSVC. Bummer.
+      Mixing wide and regular strings in concatenations is not allowed in MSVC.
+      RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h
+      Simplify iphlpapi.dll API calls
+      Fix local #include to use quoted form
+      Document ">PASSWORD:Auth-Token" real-time message
+      Fix typo in "verb" command examples
+      Uniform swprintf() across MinGW and MSVC compilers
+      MSVC meta files added to .gitignore list
+      openvpnserv: Add support for multi-instances
+      Document missing OpenVPN states
+
+Steffan Karger (21):
+      make struct key * argument of init_key_ctx const
+      buffer_list_aggregate_separator(): add unit tests
+      Add --tls-cert-profile option.
+      Use P_DATA_V2 for server->client packets too
+      Fix memory leak in buffer unit tests
+      buffer_list_aggregate_separator(): update list size after aggregating
+      buffer_list_aggregate_separator(): don't exceed max_len
+      buffer_list_aggregate_separator(): prevent 0-byte malloc
+      Fix types around buffer_list_push(_data)
+      ssl_openssl: fix compiler warning by removing getbio() wrapper
+      travis: use clang's -fsanitize=address to catch more bugs
+      Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+      Add support for TLS 1.3 in --tls-version-{min, max}
+      Plug memory leak if push is interrupted
+      Fix format errors when cross-compiling for Windows
+      Log pre-handshake packet drops using D_MULTI_DROPPED
+      Enable stricter compiler warnings by default
+      Get rid of ax_check_compile_flag.m4
+      mbedtls: don't use API deprecated in mbed 2.7
+      Warn if tls-version-max < tls-version-min
+      Don't throw fatal errors from create_temp_file()
+
+hashiz (1):
+      Fix '--bind ipv6only'
+
+
 2017.09.25 -- Version 2.4.4
 Antonio Quartulli (23):
       crypto: correct typ0 in error message

Changes.rst

@@ -323,6 +323,9 @@ Maintainer-visible changes
 
 Version 2.4.5
 =============
+This is primarily a maintenance release, with further improved OpenSSL 1.1
+integration, several minor bug fixes and other minor improvements.
+
 
 New features
 ------------
@@ -332,6 +335,53 @@ New features
   elliptic curve certificates.  The default will be changed to the 'preferred'
   profile in the future, which requires SHA2+, RSA-2048+ and any curve.
 
+- make CryptoAPI support (Windows) compatible with OpenSSL 1.1 builds
+
+- TLS v1.2 support for cryptoapicert (on Windows) -- RSA only
+
+- openvpnserv: Add support for multi-instances (to support multiple
+  parallel OpenVPN installations, like EduVPN and regular OpenVPN)
+
+- Use P_DATA_V2 for server->client packets too (better packet alignment)
+
+- improve management interface documentation
+
+- rework registry key handling for OpenVPN service, notably making most
+  registry values optional, falling back to reasonable defaults
+
+- accept IPv6 address for pushed "dhcp-option DNS ..."
+  (make OpenVPN 2 option compatible with OpenVPN 3 iOS and Android clients)
+
+
+Bug fixes
+---------
+- Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+
+- Fix lots of compiler warnings (format string, type casts, ...)
+
+- Fix --redirect-gateway route installation on Windows systems that have
+  multiple interfaces into the same network (e.g. Wifi and wired LAN).
+
+- Fix IPv6 interface route cleanup on Windows
+
+- reload HTTP proxy credentials when moving to the next connection profile
+
+- Fix build with LibreSSL (multiple times)
+
+- Remove non-useful warning on pushed tun-ipv6 option.
+
+- fix building with MSVC due to incompatible C constructs
+
+- autoconf: Fix engine checks for openssl 1.1
+
+- lz4: Rebase compat-lz4 against upstream v1.7.5
+
+- lz4: Fix broken builds when pkg-config is not present but system library is
+
+- Fix '--bind ipv6only'
+
+- Allow learning iroutes with network made up of all 0s
+
 
 Version 2.4.4
 =============

version.m4

@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [.4])
+define([PRODUCT_VERSION_PATCH], [.5])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [[email protected]])
-define([PRODUCT_VERSION_RESOURCE], [2,4,4,0])
+define([PRODUCT_VERSION_RESOURCE], [2,4,5,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])