11 KiB
11 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
Fixed
- Index out of range during negotiation (Grivus). #143
- Handle server shutdown/restart (remote
--explicit-exit-notify). #131 - Pointer warnings from Xcode 11.4 upgrade.
2.2.1 (2019-12-14)
Fixed
- Keep-alive pings coalescing over time.
- Ping timeout not checked for if keep-alive is disabled.
2.2.0 (2019-12-11)
Changed
- Require explicit
--caand--cipherin .ovpn configuration file.
2.1.0 (2019-11-03)
Added
- Allow keep-alive timeout to be configured by the server or client (Robert Patchett). #122
- Support for proxy autoconfiguration URL (ThinkChaos). #125
- Support multiple DNS search domains. #127
Changed
- Upgrade OpenSSL to 1.1.1d. #123
Fixed
- Session negotiation succeeds too early (Robert Patchett). #124
- Handle
vpn_gatewayliteral in--route.
2.0.5 (2019-09-26)
Fixed
- OpenSSL framework structure on macOS makes binary invalid when uploaded to App Store Connect.
- Potential OOB in memcmp() (Guido Vranken).
2.0.3 (2019-09-06)
Fixed
- Deadlock on shutdown (further fixes). #106
- Regression with negotiation failing due to .staleSession error. #120
2.0.2 (2019-07-27)
Fixed
- Deadlock on shutdown. #106
- Stuck on SOFT_RESET. #105
- Tunnel dies unexpectedly on macOS. #111
- Recover from ENOBUFS. #112
2.0.1 (2019-05-28)
Fixed
- Regression in LZO subspec.
2.0.0 (2019-05-28)
Changed
- Major refactoring.
1.7.1 (2019-05-14)
Added
- Partially support
--redirect-gateway block-local. #81
Fixed
- Authentication failure due to local options. #95
- Customize security level (to tolerate weak certificates). #97
- Connection stalls on server-initiated SOFT_RESET.
- Wrong configuration mutability.
1.7.0 (2019-04-28)
Changed
- Do not redirect all traffic to VPN unless
--redirect-gatewayspecified. #90 - Upgrade OpenSSL to 1.1.0j.
Fixed
- SoftEther sends an incomplete PUSH_REPLY. #86
- Authentication/Decrypt errors with TLS wrapping. #88, #61
- Broken DNS when no servers provided. #84
- UDP may disconnect on high-speed upload link. #87
- Client certificate may fail when private key in .ovpn is encrypted. #91
- DNS is unreachable when VPN is not default gateway. #94
1.6.2 (2019-04-17)
Added
- Basic support for proxy settings (no PAC). #74
Changed
- Make
hostnameoptional and pickresolvedAddressesif nil.
Fixed
- Negotiation times out with SoftEther. #67
- Unable to handle continuated PUSH_REPLY. #71
- TCP requiring multiple PUSH_REQUEST. #73
- DNS inconsistencies. #85
1.6.1 (2019-04-07)
Fixed
- Cipher/digest erroneously required by AppExtension.
1.6.0 (2019-04-06)
Added
- Handle
dhcp-option DOMAIN. #77
Changed
- Refactor configuration parser for reuse.
Fixed
1.5.2 (2019-04-01)
Added
- Optional data count report via
TunnelKitProvider.Configuration.dataCount(in:).
Changed
- Upgraded to Swift 5.
Fixed
checksEKUnot propagated to TunnelKitProvider.
1.5.1 (2019-03-25)
Added
Fixed
1.5.0 (2019-03-20)
Added
1.4.3 (2019-03-18)
Fixed
- Several reconnection issues.
- Missing EKU flag evaluation.
1.4.2 (2019-03-05)
Added
- Shut down if server pushes a compressed data packet.
Fixed
- Custom DNS servers were not applied.
- Reject
<connection>blocks as unsupported.
1.4.1 (2019-02-25)
Added
Changed
- Enable or disable EKU according to
remote-cert-tls serverin .ovpn file. #64
Fixed
- Compiling errors in demo target.
- Linking errors with OpenSSL.
- A few potential vulnerabilities.
1.4.0 (2018-11-12)
Added
- Parser for .ovpn configuration files. #47
Changed
- Due to #47,
SocketTypeandEndpointProtocolwere moved to Core subspec.
1.3.1 (2018-11-07)
Fixed
- IPv4/UInt32 conversions are not endianness-agnostic. #46
1.3.0 (2018-10-28)
Changed
- Refactored tunnel configuration API for increased code reuse. #44
Deprecated
- Use high-level accessories instead of
debugLogKeyandlastErrorKey. #45
Fixed
- IPv4/UInt32 calculations were wrong.
1.2.2 (2018-10-25)
Changed
- Debug log is saved to group container rather than
UserDefaults. #43
Fixed
- Handle server-initiated renegotiation. #41
- Potentially private data (e.g. Internet addresses) is now masked in debug log. #42
1.2.1 (2018-10-24)
Added
- Configuration key
lastErrorKeyfor reporting errors to host app. #40 - Server extended key usage validation (EKU). #27
Fixed
- CA file was not closed after MD5 calculation when using PIA patches.
- Mitigated an issue with MTU in TCP mode during negotiation. #39
1.2.0 (2018-10-20)
Added
- Support for
--tls-authwrapping. #34 - Support for
--tls-cryptwrapping. #35 - Parser for static OpenVPN keys from file. #36
Fixed
- Handling of mixed DATA_V1/DATA_V2 packets. #30
1.1.2 (2018-10-18)
Added
- Restored support for PIA patches. #32
1.1.1 (2018-10-10)
Fixed
- Make CA non-optional. #28
1.1.0 (2018-09-26)
Added
- Client certificate verification. #3
- Support for both
--comp-lzoand--compresscompression framing. #2, #5, #10 - Routes setup from PUSH_REPLY. #7
- Support for IPv6. #8
- Support for server-side NCP. #11
- Property to mark ciphers not requiring digest auth (e.g. GCM). #13
Codableimplementations for native Swift serialization. #15- More cipher and digest algorithms. #16
- Negotiated compression framing from PUSH_REPLY. #19
- Customizable keep-alive. #20
- Negotiated keep-alive from PUSH_REPLY. #22
- Peer-info metadata.
Changed
- Raised iOS target to 11 (drops 32-bit support).
- Upgraded OpenSSL from 1.1.0h to 1.1.0i.
- Minor adjustments for Xcode 10 / Swift 4.2.
- Deep refactoring of control channel for future extensibility.
- App group moved out of tunnel configuration, to make it more platform-agnostic and coherent to serialize.
- Keep-alive is disabled by default.
- Several internal renamings.
Fixed
- Sensitive data logged in PUSH_REPLY. #12
- Bad interpretation of 0 seconds between renegotiations. #18
- Incorrect behavior on data-related failures. #21
1.0.0 (2018-08-23)
Added
- Initial fork from https://github.com/pia-foss/tunnel-apple
Removed
- Non-standard PIA patches.