Preparing release v2.4.12 (ChangeLog, version.m4, Changes.rst)v2.4.12

Signed-off-by: Gert Doering <gert@greenie.muc.de>

3 files changed, 71 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 9777c6e..f580013 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,29 @@
 OpenVPN Change Log
 Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
 
+2022.03.16 -- Version 2.4.12
+
+Arne Schwabe (1):
+      Remove always enabled USE_64_BIT_COUNTERS define
+
+David Korczynski (1):
+      Fix argv leaks in add_route() and add_route_ipv6()
+
+David Sommerseth (1):
+      plug-ins: Disallow multiple deferred authentication plug-ins
+
+Gert Doering (2):
+      Revert "Remove always enabled USE_64_BIT_COUNTERS define"
+      Fix --mtu-disc maybe|yes on Linux.
+
+Richard T Bonhomme (1):
+      doc openvpn.8: Use free open-source dynamic-DNS provider URL
+
+Selva Nair (2):
+      Apply the connect-retry backoff to only one side of a connection
+      Ensure the current common_name is in the environment for scripts
+
+
 2021.04.20 -- Version 2.4.11
 
 Arne Schwabe (1):
diff --git a/Changes.rst b/Changes.rst
index 2d472f7..01d00ad 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -321,8 +321,53 @@ Maintainer-visible changes
   i386/i686 builds on RHEL5.
 
 
+Version 2.4.12
+==============
+This is primarily a maintenance release with minor bugfixes and improvements.
+
+As of this release, OpenVPN 2.4 will from now only receive security and 
+critical bug fixes for the next 12 months. This is also the last 
+OpenVPN 2.4 Windows release provided by the project.  Please consider 
+to upgrade to the latest OpenVPN 2.5 release. For more details, see
+https://community.openvpn.net/openvpn/wiki/SupportedVersions
+
+Bug fixes
+---------
+- CVE-2022-0547
+  see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
+
+  If openvpn is configured with multiple authentication plugins and
+  more than one plugin tries to do deferred authentication, the result
+  is not well-defined - creating a possible authentication bypass.
+
+  In this situation the server process will now abort itself with a clear
+  log message.  Only one plugin is allowed to do deferred authentication.
+
+- Fix "--mtu-disc maybe|yes" on Linux
+
+  Due to configure/syshead.h/#ifdef confusion, the code in question was
+  not compiled-in since a long time.  Fixed.  Trac: #1452
+
+- Fix $common_name variable passed to scripts when username-as-common-name
+  is in effect.
+
+  This was not consistently set - sometimes, OpenVPN exported the username,
+  sometimes the common name from the client cert.  Fixed.  Trac: #1434
+
+- Fix potential memory leaks in add_route() and add_route_ipv6().
+
+- Apply connect-retry backoff only to one side of the connection in
+  p2p mode.  Without that fix/enhancement, two sides could end up
+  only sending packets when the other end is not ready.  Trac: #1010, #1384
+
+
+Enhancements
+------------
+- documentation improvements related to DynDNS.  Trac: #1417
+
+
 Version 2.4.11
-=============
+==============
 This is primarily a maintenance release with minor bugfixes and improvements.
 
 Bug fixes
diff --git a/version.m4 b/version.m4
index 6ee16a7..959e86f 100644
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [.11])
+define([PRODUCT_VERSION_PATCH], [.12])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,4,11,0])
+define([PRODUCT_VERSION_RESOURCE], [2,4,12,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])