The OpenVPN community project team is proud to release OpenVPN 2.6.13.
This is a bugfix release.
Feature changes:
* on non-windows clients (MacOS, Linux, Unix) send "release" string from
uname()
call as IV_PLAT_VER to server - while highly OS specific this is still
helpful
to keep track of OS versions used on the client side (github #637)
* Windows: protect cached username, password and token in client memory
(using
the CryptProtectMemory() windows API)
* Windows: use new API to get dco-win driver version from driver (newly
introduced
non-exclusive control device) (github ovpn-dco-win#76)
* Linux: pass --timeout=0 argument to systemd-ask-password, to avoid
default timeout
of 90 seconds ("console prompting also has no timeout") (github #649)
Security fixes:
* improve server-side handling of clients sending usernames or passwords
longer than
USER_PASS_LEN - this would not result in a crash, buffer overflow or
other security
issues, but the server would then misparse incoming IV variables and
produce
misleading error messages.
Notable bug fixes:
* FreeBSD DCO: fix memory leaks in nvlist handling (github #636)
* purge proxy authentication credentials from memory after use
(if --auth-nocache is in use)
Windows MSI changes since 2.6.12:
* Built against OpenSSL 3.4.0
* Included openvpn-gui updated to 11.51.0.0
* Higher resolution eye icons (github openvpn-gui#697)
* Support for concatenating OTP with password
* Optionally always prompt for OTP
* Fix tooltip positioning when the taskbar is at top (github
openvpn-gui#710)
Debian/Ubuntu community packages are now available for Ubuntu 24.10
(oracular).
More details can be found in the Changes document:
<https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst>
(The Changes document also contains a section with work-arounds for
common problems encountered when using OpenVPN with OpenSSL 3)
Source code and Windows installers can be downloaded from our download page:
<https://openvpn.net/community-downloads/>
Debian and Ubuntu packages are available in the official apt repositories:
<
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories
>
On Red Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/>
Kind regards,
--
Frank Lichtenheld
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
On Thu, Jan 16, 2025, 7:22 PM Frank Lichtenheld <fr...@lichtenheld.com>
wrote:
> The OpenVPN community project team is proud to release OpenVPN 2.6.13.
>
> This is a bugfix release.
>
> Feature changes:
>
> * on non-windows clients (MacOS, Linux, Unix) send "release" string from
> uname()
> call as IV_PLAT_VER to server - while highly OS specific this is still
> helpful
> to keep track of OS versions used on the client side (github #637)
> * Windows: protect cached username, password and token in client memory
> (using
> the CryptProtectMemory() windows API)
> * Windows: use new API to get dco-win driver version from driver (newly
> introduced
> non-exclusive control device) (github ovpn-dco-win#76)
> * Linux: pass --timeout=0 argument to systemd-ask-password, to avoid
> default timeout
> of 90 seconds ("console prompting also has no timeout") (github #649)
>
> Security fixes:
>
> * improve server-side handling of clients sending usernames or passwords
> longer than
> USER_PASS_LEN - this would not result in a crash, buffer overflow or
> other security
> issues, but the server would then misparse incoming IV variables and
> produce
> misleading error messages.
>
> Notable bug fixes:
>
> * FreeBSD DCO: fix memory leaks in nvlist handling (github #636)
> * purge proxy authentication credentials from memory after use
> (if --auth-nocache is in use)
>
> Windows MSI changes since 2.6.12:
>
> * Built against OpenSSL 3.4.0
> * Included openvpn-gui updated to 11.51.0.0
> * Higher resolution eye icons (github openvpn-gui#697)
> * Support for concatenating OTP with password
> * Optionally always prompt for OTP
> * Fix tooltip positioning when the taskbar is at top (github
> openvpn-gui#710)
>
> Debian/Ubuntu community packages are now available for Ubuntu 24.10
> (oracular).
>
> More details can be found in the Changes document:
>
> <https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst>
>
> (The Changes document also contains a section with work-arounds for
> common problems encountered when using OpenVPN with OpenSSL 3)
>
> Source code and Windows installers can be downloaded from our download
> page:
>
> <https://openvpn.net/community-downloads/>
>
> Debian and Ubuntu packages are available in the official apt repositories:
>
> <
> https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories
> >
>
> On Red Hat derivatives we recommend using the Fedora Copr repository.
>
> <https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/>
>
> Kind regards,
> --
> Frank Lichtenheld
>
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
