diff --git a/debian-sbuild/openvpn-dco-dkms/changelog-0.2.20231117 b/debian-sbuild/openvpn-dco-dkms/changelog-0.2.20231117 index 9ed1e880..156a57ea 100644 --- a/debian-sbuild/openvpn-dco-dkms/changelog-0.2.20231117 +++ b/debian-sbuild/openvpn-dco-dkms/changelog-0.2.20231117 @@ -5,4 +5,4 @@ openvpn-dco-dkms (0.2.20231117-debian0) stable; urgency=medium * ovpn-dco: warn if peer is dead in ovpn_tcp_read_sock() (Antonio Quartulli, 0613e71) * ovpn-dco: fix refcount imbalance upon RX in case of full ring (Antonio Quartulli, 7b7a28f) - -- Yuriy Darnobyt Thu, 16 Nov 2023 15:11:55 +0100 + -- Frank Lichtenheld Thu, 16 Nov 2023 15:11:55 +0100 diff --git a/debian-sbuild/openvpn/changelog-2.6.9 b/debian-sbuild/openvpn/changelog-2.6.9 new file mode 100644 index 00000000..e7d93518 --- /dev/null +++ b/debian-sbuild/openvpn/changelog-2.6.9 @@ -0,0 +1,49 @@ +openvpn (2.6.9-debian0) stable; urgency=medium + + * preparing release 2.6.9 (Gert Doering, 6640a10b) + * dco-freebsd: dynamically re-allocate buffer if it's too small (Kristof Provost, d8faf568) + * documentation: Fixes for previous fixes to --push-peer-info (Frank Lichtenheld, 6bed72d0) + * documentation: Update and fix documentation for --push-peer-info (Frank Lichtenheld, 18fb30f7) + * README.cmake.md: Document minimum required CMake version for --preset (Frank Lichtenheld, 9ec52461) + * --http-proxy-user-pass: allow to specify in either order with --http-proxy (Frank Lichtenheld, 1141e750) + * buf_string_match_head_str: Fix Coverity issue 'Unsigned compared against 0' (Frank Lichtenheld, 68b00a54) + * proxy-options.rst: Add proper documentation for --http-proxy-user-pass (Frank Lichtenheld, 7b1f2009) + * Remove conditional text for Apache2 linking exception (Arne Schwabe, 20bc8bd5) + * Enable key export with mbed TLS 3.x.y (Max Fillinger, 001950d1) + * Disable TLS 1.3 support with mbed TLS (Max Fillinger, 7fa534db) + * Update README.mbedtls (Max Fillinger, 1aa2995e) + * Add support for mbedtls 3.X.Y (Max Fillinger, 2942ef5d) + * NTLM: increase size of phase 2 response we can handle (Frank Lichtenheld, 62d14fcf) + * NTLM: add length check to add_security_buffer (Frank Lichtenheld, 7a9670df) + * Implement the --tls-export-cert feature (Arne Schwabe, d27cb148) + * fix uncrustify complaints about previous patch (Gert Doering, 9fb62e2b) + * Fix IPv6 route add/delete message log level (Steffan Karger, 9abf74c9) + * Clarify that the tls-crypt-v2-verify has a very limited env set (Arne Schwabe, 322b11ab) + * Make it more explicit and visible when pkg-config is not found (Arne Schwabe, d602fc03) + * Check PRF availability on initialisation and add --force-tls-key-material-export (Arne Schwabe, b29ada31) + * get_default_gateway() HWADDR overhaul (Gert Doering, bfd5b12e) + * OpenBSD: repair --show-gateway (Gert Doering, 77376fc5) + * Fix unaligned access in macOS, FreeBSD, Solaris hwaddr (Arne Schwabe, 5380fe02) + * documentation: improve documentation of --x509-track (Frank Lichtenheld, cbcecdb3) + * fix(ssl): init peer_id when init tls_multi (yatta, 6dffbf6a) + * Extend the error message when TLS 1.0 PRF fails (Arne Schwabe, cfaf82d5) + * tun.c: don't attempt to delete DNS and WINS servers if they're not set (Lev Stipakov, 030afe64) + * unit_tests: remove includes for mock_msg.h (Frank Lichtenheld, e2a9c1ba) + * Remove superfluous x509_write_pem() (David Sommerseth, 5552391a) + * Remove --tls-export-cert (David Sommerseth, 031fe882) + * vcpkg-ports/pkcs11-helper: bump to version 1.30 (Marc Becker, 77b2e940) + * documentation: remove reference to removed option --show-proxy-settings (Frank Lichtenheld, 8b9a3378) + * Remove compat versionhelpers.h and remove cmake/configure check for it (Arne Schwabe, 19bfb702) + * Add check for nice in cmake config (Arne Schwabe, cc81f014) + * configure.ac: Remove unused AC_TYPE_SIGNAL macro (Frank Lichtenheld, 64703e72) + * Add missing check for nl_socket_alloc failure (Arne Schwabe, aa19a6a9) + * Fix check_session_buf_not_used using wrong index (Arne Schwabe, 5def8d93) + * Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway (Arne Schwabe, 3168e1af) + * Document tls-exit option mainly as test option (Arne Schwabe, 350bdd85) + * GHA: clean up libressl builds with newer libressl (Frank Lichtenheld, 1a6aef37) + * Log SSL alerts more prominently (Arne Schwabe, 94cd53c7) + * sample-keys: renew for the next 10 years (Frank Lichtenheld, c1a983e8) + * Remove unused function prototype crypto_adjust_frame_parameters (Arne Schwabe, d25b408d) + * protocol_dump: tls-crypt support (Reynir Björnsson, 0a39d1c1) + + -- Frank Lichtenheld Mon, 12 Feb 2024 12:30:06 +0100 diff --git a/release/vars.example b/release/vars.example index 233ebc06..996a2ae5 100644 --- a/release/vars.example +++ b/release/vars.example @@ -14,18 +14,18 @@ GPG_KEY_ID="F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" # This also helps catch various problems with expired subkeys and public # keys. GPG_OPTS="--no-default-keyring --keyring ~/.gnupg-security@openvpn.net/pubring.kbx" -GIT_AUTHOR="Yuriy Darnobyt " +GIT_AUTHOR="Frank Lichtenheld " WINDOWS_SIGNING_KEY_FP="31DA19926259519C9EA312C71935B13C33FC6E7E" # Version numbers -OPENVPN_PREVIOUS_VERSION="${OPENVPN_PREVIOUS_VERSION:-2.6.7}" -OPENVPN_CURRENT_VERSION="${OPENVPN_CURRENT_VERSION:-2.6.8}" +OPENVPN_PREVIOUS_VERSION="${OPENVPN_PREVIOUS_VERSION:-2.6.8}" +OPENVPN_CURRENT_VERSION="${OPENVPN_CURRENT_VERSION:-2.6.9}" OPENVPN_CURRENT_TAG="${OPENVPN_CURRENT_TAG:-refs/tags/v$OPENVPN_CURRENT_VERSION}" OPENVPN_PREVIOUS_TAG="refs/tags/v$OPENVPN_PREVIOUS_VERSION" OPENVPN_GUI_CURRENT_MAJ_VERSION=11 -OPENVPN_GUI_CURRENT_MIN_VERSION=46 +OPENVPN_GUI_CURRENT_MIN_VERSION=47 OPENVPN_GUI_CURRENT_FULL_VERSION="$OPENVPN_GUI_CURRENT_MAJ_VERSION.$OPENVPN_GUI_CURRENT_MIN_VERSION.0.0" OPENVPN_GUI_BRANCH="master" diff --git a/src/openvpn b/src/openvpn index d8faf568..6640a10b 160000 --- a/src/openvpn +++ b/src/openvpn @@ -1 +1 @@ -Subproject commit d8faf568d237667c66141e2c3f6df3f999aa02bd +Subproject commit 6640a10bf6d84eeecc874b97e7c766bf84eef23f diff --git a/src/openvpn-gui b/src/openvpn-gui index 579a418f..583e48b1 160000 --- a/src/openvpn-gui +++ b/src/openvpn-gui @@ -1 +1 @@ -Subproject commit 579a418fb72985749e6898ba6cbcfe7459d2d437 +Subproject commit 583e48b148ac19037e53a542fb21548ee685a9f0 diff --git a/windows-msi/version.m4 b/windows-msi/version.m4 index 5bcfea32..90ceb92d 100644 --- a/windows-msi/version.m4 +++ b/windows-msi/version.m4 @@ -41,15 +41,15 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_PUBLISHER], [OpenVPN, Inc.]) dnl The package version as displayed by UI and used in filenames (no spaces, please). -define([PACKAGE_VERSION], [2.6.8-I001]) +define([PACKAGE_VERSION], [2.6.9-I001]) dnl The MSI product version in the form of n[.n[.n]] (numbers only). dnl The third field is 100*openvpn bugfix release + MSI build number. dnl So for the 2nd MSI build for OpenVPN 2.6.3 use 2.6.302 -define([PRODUCT_VERSION], [2.6.801]) +define([PRODUCT_VERSION], [2.6.901]) dnl The MSI product code MUST change on each product release. -define([PRODUCT_CODE], [{D3CE8B53-D2D0-4164-8075-34F4238D48C8}]) +define([PRODUCT_CODE], [{F8F0FB6A-DC3A-45C3-9A5E-88BCCDA5DF71}]) dnl The MSI upgrade codes MUST persist for all versions of the same product line. dnl Please use own upgrade codes when deploying a non-official OpenVPN release.