ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.15/Changes.rst#overview-of-changes-in-2615
FreeBSD relevant changes:
(note the DCO float notifications had previously been backported
for the FreeBSD port already in 2.6.14_3, and we're not currently
building with mbedTLS support for 2.6.x)
New features / User visible changes
-----------------------------------
- Apply more checks to incoming TLS handshake packets before creating
new state - namely, verify message ID / acked ID for "valid range for
an initial packet". This fixes a problem with clients that float
very early but send control channel packet from the pre-float IP
(Github: OpenVPN/openvpn#704), backported from 2.7_beta1.
- update GPL license text to latest version from FSF
Code maintenance
----------------
- remove a few extra newline characters at the end of rarely-seen log lines
- replace assert() calls in the code with OpenVPN ASSERT() calls
(not subject to -DNDEBUG, plus better logging on the actual cause)
- remove "dh dh2048.pem" from all sample configurations, remove "dh2048.pem"
file from source tree - OpenSSL 3.5 Seclevel=3 considers this "not
secure enough" and OpenVPN has not needed an explit DH file in a long while.
Documentation Updates
---------------------
- improve ``--tmp-dir`` documentation
5b06fb3b7d