Software-update: OpenVPN 2.6.13

OpenVPN is een robuuste en gemakkelijk in te stellen opensource-vpn-daemon waarmee verschillende private netwerken aan elkaar geknoopt kunnen worden via een versleutelde tunnel over internet. Voor de beveiliging wordt gebruikgemaakt van de OpenSSL-library, waarmee alle encryptie, authenticatie en certificatie kunnen worden afgehandeld. De ontwikkelaars hebben versie 2.6.13 uitgebracht en de changelog voor die uitgave kan hieronder worden gevonden.

New features

on non-windows clients (MacOS, Linux, Unix) send "release" string from uname() call as IV_PLAT_VER= to server - while highly OS specific this is still helpful to keep track of OS versions used on the client side (GH #637)Windows: protect cached username, password and token in client memory (using the CryptProtectMemory() windows APIWindows: use new API to get dco-win driver version from driver (newly introduced non-exclusive control device) (GH: ovpn-dco-win #76)Linux: pass --timeout=0 argument to systemd-ask-password, to avoid default timeout of 90 seconds ("console prompting also has no timeout") (GH #649)

Windows: protect cached username, password and token in client memory (using the CryptProtectMemory() windows API

Windows: use new API to get dco-win driver version from driver (newly introduced non-exclusive control device) (GH: ovpn-dco-win #76)

Linux: pass --timeout=0 argument to systemd-ask-password, to avoid default timeout of 90 seconds ("console prompting also has no timeout") (GH #649)

Bug fixes

fix potentially unaligned access in drop_if_recursive_routing on Linux (ASAN)correct documentation for port-share journalfix logging of IPv6 addresses in port-share journalfix various typos in messages, documentation, comments and examples (GH #442, GH #644)FreeBSD DCO: fix memory leaks in nvlist handling (GH #636)route handling: correctly handle case of "route installation fails" in the face of an already-existing route - previously, OpenVPN would remove the "other" route on exit, incorrectly changing system state.fix generation of warning messages for overlapping --local/--remote and --ifconfig addressespurge proxy authentication credentials from memory after use (if --auth-nocache is in use)fix missing space in various (long and wrapped) msg() calls

fix potentially unaligned access in drop_if_recursive_routing on Linux (ASAN)

correct documentation for port-share journal

fix logging of IPv6 addresses in port-share journal

fix various typos in messages, documentation, comments and examples (GH #442, GH #644)

FreeBSD DCO: fix memory leaks in nvlist handling (GH #636)

route handling: correctly handle case of "route installation fails" in the face of an already-existing route - previously, OpenVPN would remove the "other" route on exit, incorrectly changing system state.

fix generation of warning messages for overlapping --local/--remote and --ifconfig addresses

purge proxy authentication credentials from memory after use (if --auth-nocache is in use)

fix missing space in various (long and wrapped) msg() calls

Code maintenance

improve documentation/examples for featuresimplify Github Action macOS build setupupdate Github Action macOS runners (remove macOS 12, add macOS 15)fix a number of uninitialized "struct user_pass" local variables (no impact beyond "compiler warning", but future-proofing the code)

improve documentation/examples for feature

simplify Github Action macOS build setup

update Github Action macOS runners (remove macOS 12, add macOS 15)

fix a number of uninitialized "struct user_pass" local variables (no impact beyond "compiler warning", but future-proofing the code)

Security fixes

improve server-side handling of clients sending usernames or passwords longer than USER_PASS_LEN - this would not result in a crash, buffer overflow or other security issues, but the server would then misparse incoming IV_* variables and produce misleading error messages.

Source: Tweakers.net

Home

Software-update: OpenVPN 2.6.13