hwchiu/gist:b63e7588ff331a6d6c5ef38487718930

## gistfile1.txt
tag v2.2-beta1
Tagger: David Sommerseth <dazo@users.sourceforge.net>
Date:   Mon Aug 16 20:43:39 2010 +0200

2010.08.10 -- Version 2.2-beta1

* When aborting in a non-graceful way, try to execute do_close_tun in
  init.c prior to daemon exit to ensure that the tun/tap interface is
  closed and any added routes are deleted.

* Fixed an issue where AUTH_FAILED was not being properly delivered
  to the client when a bad password is given for mid-session reauth,
  causing the connection to fail without an error indication.

* Don't advance to the next connection profile on AUTH_FAILED errors.

* Fixed an issue in the Management Interface that could cause
  a process hang with 100% CPU utilization in --management-client
  mode if the management interface client disconnected at the
  point where credentials are queried.

* Fixed an issue where if reneg-sec was set to 0 on the client,
  so that the server-side value would take precedence,
  the auth_deferred_expire_window function would incorrectly
  return a window period of 0 seconds.  In this case, the
  correct window period should be the handshake window
  period.

* Modified ">PASSWORD:Verification Failed" management interface
  notification to include a client reason string:

    >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']

* Enable exponential backoff in reliability layer
  retransmits.

* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
  socket is created rather than waiting until after connect/listen.

* Management interface performance optimizations:

  1. Added env-filter MI command to perform filtering on env vars
     passed through as a part of --management-client-auth

  2. man_write will now try to aggregate output into larger blocks
     (up to 1024 bytes) for more efficient i/o

* Fixed minor issue in Windows TAP driver DEBUG builds
  where non-null-terminated unicode strings were being
  printed incorrectly.

* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
  was not being compiled in.

* Proxy improvements:

  Improved the ability of http-auth "auto" flag to dynamically detect
  the auth method required by the proxy.

  Added http-auth "auto-nct" flag to reject weak proxy auth methods.

  Added HTTP proxy digest authentication method.

  Removed extraneous openvpn_sleep calls from proxy.c.

* Implemented http-proxy-override and http-proxy-fallback directives to make it
  easier for OpenVPN client UIs to start a pre-existing client config file with
  proxy options, or to adaptively fall back to a proxy connection if a direct
  connection fails.

* Implemented a key/value auth channel from client to server.

* Fixed issue where bad creds provided by the management interface
  for HTTP Proxy Basic Authentication would go into an infinite
  retry-fail loop instead of requerying the management interface for
  new creds.

* Added support for MSVC debugging of openvpn.exe in settings.in:

  # Build debugging version of openvpn.exe
  !define PRODUCT_OPENVPN_DEBUG

* Implemented multi-address DNS expansion on the network field of route
  commands.

  When only a single IP address is desired from a multi-address DNS
  expansion, use the first address rather than a random selection.

* Added --register-dns option for Windows.

  Fixed some issues on Windows with --log, subprocess creation
  for command execution, and stdout/stderr redirection.

* Fixed an issue where application payload transmissions on the
  TLS control channel (such as AUTH_FAILED) that occur during
  or immediately after a TLS renegotiation might be dropped.

* Added warning about tls-remote option in man page.

* Community patches (from openvpn-testing.git tree)

  Alberto Gonzalez Iniesta (1):
      Debian patch: Fix spelling in log message

  Dan Nelson (1):
      bash->bourne script cleanup

  Daniel Johnson (1):
      auth-pam plugin update: Support DOMAIN+USERNAME in config

  David Sommerseth (22):
      Reworked the eurephia patch for inclusion to the openvpn-testing tree
      Added mapping files from SVN commit ID to more descriptive commit IDs.
      verb 5 logging wrongly reports received bytes
      On TARGET_LINUX define _GNU_SOURCE if not defined
      Fix autotools cross-compiling support
      Add comile time information/settings from ./configure to --version
      Make use of counter_type instead of int when counting bytes and network packets
      Updated the man page to reflect the behavioural change of create_temp_file()
      Removed no longer needed delete_file() call
      Fixed potential NULL pointer issue
      Fix dependency checking for configure.h (v2)
      Make use of automake CLEANFILES variable instead of clean-local rule
      Don't add compile time information if --enable-small is used
      Harden create_temp_filename() (version 2)
      Renamed all calls to create_temp_filename()
      Updated the man page to reflect the behavioural change of create_temp_file()
      Removed no longer needed delete_file() call
      Avoid repetition of "this config may cache passwords in memory" (v2)
      Revamped the script-security warning logging (version 2)
      Fixed client hang when server don't PUSH (aka the NO_SOUP_FOR_YOU patch)
      Solved hidden merge conflict between changes in feat_misc and bugfix2.1
      Fix multiple configured scripts conflicts issue (version 2)

  Davide Brini (6):
      OCSP_check.sh: new check logic
      The man page does not mention that the default value of "mssfix" is 1450.
      Enhance contrib/pull-resolv-conf/client.{up,down} scripts
      Fix missing /bin/bash -> /bin/sh
      Fix certificate serial number export
      Exclude ping and control packets from activity

  Emilien Mantel (2):
      Choose a different field in X509 to be username
      Fixed static defined length check to use sizeof()

  Enrico Scholz (1):
      Allow 'lport 0' setup for random port binding

  Fabian Knittel (1):
      ssl.c: fix use of openvpn_run_script()'s return value

  Gert Doering (3):
      remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfig
      Implement IPv6 in TUN mode for Windows TAP driver.
      fix date format mistake in PRODUCT_TAP_RELDATE (Peter Stuge)

  Jan Brinkmann (1):
      The man page needs dash escaping in UTF-8 environments

  Karl O. Pinc (2):
      Change verify-cn so cn is no longer hardcoded in openvpn's config file
      Several updates to openvpn.8 (man page updates)

  Mathieu GIANNECCHINI (1):
      enhance tls-verify possibility

  Wil Cooley (1):
      pkitool lacks expected option "--help"

  chantra (2):
      Handle non standard subnets in PF grammar
      Fix errors in openvpn-plugin.h documentation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAkxphu0ACgkQDC186MBRfrrxLACfWV6rf0rXiMCaEqh+j9ZFhAxG
34cAoJcVsUm06iS/s3j0lNH+Y56a7xyY
=DpDG
-----END PGP SIGNATURE-----

tag v2.2-beta1
Tagger: David Sommerseth <dazo@users.sourceforge.net>
Date:   Tue Aug 10 21:26:51 2010 +0200

OpenVPN v2.2-beta1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAkxhqAgACgkQDC186MBRfrpEmQCeLK3V8t1pPtWW3IuLrBNBzk7R
cMwAn0pzdO3d5lRKnzvmesKObcjt/Kw4
=XMjd
-----END PGP SIGNATURE-----

commit 4c1938aaa7ff74bb210edeece89e9421435a54f7
Author: David Sommerseth <dazo@users.sourceforge.net>
Date:   Tue Aug 10 21:26:31 2010 +0200

    Tagging v2.2-beta1
    Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>

diff --git a/version.m4 b/version.m4
index 4add313..02208a2 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
 dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1.1o])
+define(PRODUCT_VERSION,[2.2-beta1])
 dnl define the TAP version
 define(PRODUCT_TAP_ID,[tap0901])
 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])
	tag v2.2-beta1
	Tagger: David Sommerseth <dazo@users.sourceforge.net>
	Date: Mon Aug 16 20:43:39 2010 +0200

	2010.08.10 -- Version 2.2-beta1

	* When aborting in a non-graceful way, try to execute do_close_tun in
	init.c prior to daemon exit to ensure that the tun/tap interface is
	closed and any added routes are deleted.

	* Fixed an issue where AUTH_FAILED was not being properly delivered
	to the client when a bad password is given for mid-session reauth,
	causing the connection to fail without an error indication.

	* Don't advance to the next connection profile on AUTH_FAILED errors.

	* Fixed an issue in the Management Interface that could cause
	a process hang with 100% CPU utilization in --management-client
	mode if the management interface client disconnected at the
	point where credentials are queried.

	* Fixed an issue where if reneg-sec was set to 0 on the client,
	so that the server-side value would take precedence,
	the auth_deferred_expire_window function would incorrectly
	return a window period of 0 seconds. In this case, the
	correct window period should be the handshake window
	period.

	* Modified ">PASSWORD:Verification Failed" management interface
	notification to include a client reason string:

	>PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']

	* Enable exponential backoff in reliability layer
	retransmits.

	* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
	socket is created rather than waiting until after connect/listen.

	* Management interface performance optimizations:

	1. Added env-filter MI command to perform filtering on env vars
	passed through as a part of --management-client-auth

	2. man_write will now try to aggregate output into larger blocks
	(up to 1024 bytes) for more efficient i/o

	* Fixed minor issue in Windows TAP driver DEBUG builds
	where non-null-terminated unicode strings were being
	printed incorrectly.

	* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
	was not being compiled in.

	* Proxy improvements:

	Improved the ability of http-auth "auto" flag to dynamically detect
	the auth method required by the proxy.

	Added http-auth "auto-nct" flag to reject weak proxy auth methods.

	Added HTTP proxy digest authentication method.

	Removed extraneous openvpn_sleep calls from proxy.c.

	* Implemented http-proxy-override and http-proxy-fallback directives to make it
	easier for OpenVPN client UIs to start a pre-existing client config file with
	proxy options, or to adaptively fall back to a proxy connection if a direct
	connection fails.

	* Implemented a key/value auth channel from client to server.

	* Fixed issue where bad creds provided by the management interface
	for HTTP Proxy Basic Authentication would go into an infinite
	retry-fail loop instead of requerying the management interface for
	new creds.

	* Added support for MSVC debugging of openvpn.exe in settings.in:

	# Build debugging version of openvpn.exe
	!define PRODUCT_OPENVPN_DEBUG

	* Implemented multi-address DNS expansion on the network field of route
	commands.

	When only a single IP address is desired from a multi-address DNS
	expansion, use the first address rather than a random selection.

	* Added --register-dns option for Windows.

	Fixed some issues on Windows with --log, subprocess creation
	for command execution, and stdout/stderr redirection.

	* Fixed an issue where application payload transmissions on the
	TLS control channel (such as AUTH_FAILED) that occur during
	or immediately after a TLS renegotiation might be dropped.

	* Added warning about tls-remote option in man page.

	* Community patches (from openvpn-testing.git tree)

	Alberto Gonzalez Iniesta (1):
	Debian patch: Fix spelling in log message

	Dan Nelson (1):
	bash->bourne script cleanup

	Daniel Johnson (1):
	auth-pam plugin update: Support DOMAIN+USERNAME in config

	David Sommerseth (22):
	Reworked the eurephia patch for inclusion to the openvpn-testing tree
	Added mapping files from SVN commit ID to more descriptive commit IDs.
	verb 5 logging wrongly reports received bytes
	On TARGET_LINUX define _GNU_SOURCE if not defined
	Fix autotools cross-compiling support
	Add comile time information/settings from ./configure to --version
	Make use of counter_type instead of int when counting bytes and network packets
	Updated the man page to reflect the behavioural change of create_temp_file()
	Removed no longer needed delete_file() call
	Fixed potential NULL pointer issue
	Fix dependency checking for configure.h (v2)
	Make use of automake CLEANFILES variable instead of clean-local rule
	Don't add compile time information if --enable-small is used
	Harden create_temp_filename() (version 2)
	Renamed all calls to create_temp_filename()
	Updated the man page to reflect the behavioural change of create_temp_file()
	Removed no longer needed delete_file() call
	Avoid repetition of "this config may cache passwords in memory" (v2)
	Revamped the script-security warning logging (version 2)
	Fixed client hang when server don't PUSH (aka the NO_SOUP_FOR_YOU patch)
	Solved hidden merge conflict between changes in feat_misc and bugfix2.1
	Fix multiple configured scripts conflicts issue (version 2)

	Davide Brini (6):
	OCSP_check.sh: new check logic
	The man page does not mention that the default value of "mssfix" is 1450.
	Enhance contrib/pull-resolv-conf/client.{up,down} scripts
	Fix missing /bin/bash -> /bin/sh
	Fix certificate serial number export
	Exclude ping and control packets from activity

	Emilien Mantel (2):
	Choose a different field in X509 to be username
	Fixed static defined length check to use sizeof()

	Enrico Scholz (1):
	Allow 'lport 0' setup for random port binding

	Fabian Knittel (1):
	ssl.c: fix use of openvpn_run_script()'s return value

	Gert Doering (3):
	remove duplicate code in FREEBSD+DRAGONFLY system-dependent ifconfig
	Implement IPv6 in TUN mode for Windows TAP driver.
	fix date format mistake in PRODUCT_TAP_RELDATE (Peter Stuge)

	Jan Brinkmann (1):
	The man page needs dash escaping in UTF-8 environments

	Karl O. Pinc (2):
	Change verify-cn so cn is no longer hardcoded in openvpn's config file
	Several updates to openvpn.8 (man page updates)

	Mathieu GIANNECCHINI (1):
	enhance tls-verify possibility

	Wil Cooley (1):
	pkitool lacks expected option "--help"

	chantra (2):
	Handle non standard subnets in PF grammar
	Fix errors in openvpn-plugin.h documentation
	-----BEGIN PGP SIGNATURE-----
	Version: GnuPG v1.4.10 (GNU/Linux)

	iEYEABECAAYFAkxphu0ACgkQDC186MBRfrrxLACfWV6rf0rXiMCaEqh+j9ZFhAxG
	34cAoJcVsUm06iS/s3j0lNH+Y56a7xyY
	=DpDG
	-----END PGP SIGNATURE-----

	tag v2.2-beta1
	Tagger: David Sommerseth <dazo@users.sourceforge.net>
	Date: Tue Aug 10 21:26:51 2010 +0200

	OpenVPN v2.2-beta1
	-----BEGIN PGP SIGNATURE-----
	Version: GnuPG v1.4.10 (GNU/Linux)

	iEYEABECAAYFAkxhqAgACgkQDC186MBRfrpEmQCeLK3V8t1pPtWW3IuLrBNBzk7R
	cMwAn0pzdO3d5lRKnzvmesKObcjt/Kw4
	=XMjd
	-----END PGP SIGNATURE-----

	commit 4c1938aaa7ff74bb210edeece89e9421435a54f7
	Author: David Sommerseth <dazo@users.sourceforge.net>
	Date: Tue Aug 10 21:26:31 2010 +0200

	Tagging v2.2-beta1
	Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>

	diff --git a/version.m4 b/version.m4
	index 4add313..02208a2 100644
	--- a/version.m4
	+++ b/version.m4
	@@ -1,5 +1,5 @@
	dnl define the OpenVPN version
	-define(PRODUCT_VERSION,[2.1.1o])
	+define(PRODUCT_VERSION,[2.2-beta1])
	dnl define the TAP version
	define(PRODUCT_TAP_ID,[tap0901])
	define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])