MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Date: Sun, 5 Sep 2010 20:33:48 +0000
From: Adam Ciarcinski <adam@netbsd.org>
Subject: CVS commit: pkgsrc/net/openvpn
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
Message-Id: <20100905203348.8024B175DD@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: list

Module Name:	pkgsrc
Committed By:	adam
Date:		Sun Sep  5 20:33:48 UTC 2010

Modified Files:
	pkgsrc/net/openvpn: Makefile PLIST distinfo options.mk
	pkgsrc/net/openvpn/patches: patch-ah

Log Message:
Changes 2.1.3:
* Fixed potential local privilege escalation vulnerability in
  Windows service.
* Added Python-based based alternative build system for Windows using
  Visual Studio 2008 (in win directory).
* When aborting in a non-graceful way, try to execute do_close_tun in
  init.c prior to daemon exit to ensure that the tun/tap interface is
  closed and any added routes are deleted.
* Fixed an issue where AUTH_FAILED was not being properly delivered
  to the client when a bad password is given for mid-session reauth,
  causing the connection to fail without an error indication.
* Don't advance to the next connection profile on AUTH_FAILED errors.
* Fixed an issue in the Management Interface that could cause
  a process hang with 100% CPU utilization in --management-client
  mode if the management interface client disconnected at the
  point where credentials are queried.
* Fixed an issue where if reneg-sec was set to 0 on the client,
  so that the server-side value would take precedence,
  the auth_deferred_expire_window function would incorrectly
  return a window period of 0 seconds.  In this case, the
  correct window period should be the handshake window period.
* Modified ">PASSWORD:Verification Failed" management interface
  notification to include a client reason string:
    >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']
* Enable exponential backoff in reliability layer retransmits.
* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
  socket is created rather than waiting until after connect/listen.
* Management interface performance optimizations:
  1. Added env-filter MI command to perform filtering on env vars
     passed through as a part of --management-client-auth
  2. man_write will now try to aggregate output into larger blocks
     (up to 1024 bytes) for more efficient i/o
* Fixed minor issue in Windows TAP driver DEBUG builds
  where non-null-terminated unicode strings were being
  printed incorrectly.
* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
  was not being compiled in.
* Proxy improvements:
* Implemented http-proxy-override and http-proxy-fallback directives to make it
  easier for OpenVPN client UIs to start a pre-existing client config file with
  proxy options, or to adaptively fall back to a proxy connection if a direct
  connection fails.
* Implemented a key/value auth channel from client to server.
* Fixed issue where bad creds provided by the management interface
  for HTTP Proxy Basic Authentication would go into an infinite
  retry-fail loop instead of requerying the management interface for
  new creds.


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 pkgsrc/net/openvpn/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/openvpn/PLIST
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/openvpn/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/openvpn/options.mk
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/openvpn/patches/patch-ah

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.