diff options
author | Gert Doering | 2018-04-19 17:37:18 +0200 |
---|---|---|
committer | Gert Doering | 2018-04-19 17:37:18 +0200 |
commit | b3a7f452206607fb23d5cea76339dfb164c283f2 (patch) | |
tree | ef7463fbf71ed3301875dfd6e3cbfe043a133489 | |
parent | da242af8d3750a231bfd687d0a92cf2004dae988 (diff) | |
download | openvpn-b3a7f452206607fb23d5cea76339dfb164c283f2.zip openvpn-b3a7f452206607fb23d5cea76339dfb164c283f2.tar.gz |
preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)v2.4.6
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | ChangeLog | 26 | ||||
-rw-r--r-- | Changes.rst | 26 | ||||
-rw-r--r-- | version.m4 | 4 |
3 files changed, 54 insertions, 2 deletions
@@ -1,6 +1,32 @@ OpenVPN Change Log Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> +2018.04.19 -- Version 2.4.6 +David Sommerseth (1): + management: Warn if TCP port is used without password + +Gert Doering (2): + Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4 + Fix potential double-free() in Interactive Service (CVE-2018-9336) + +Gert van Dijk (1): + manpage: improve description of --status and --status-version + +Joost Rijneveld (1): + Make return code external tls key match docs + +Selva Nair (3): + Delete the IPv6 route to the "connected" network on tun close + Management: warn about password only when the option is in use + Avoid overflow in wakeup time computation + +Simon Matter (1): + Add missing #ifdef SSL_OP_NO_TLSv1_1/2 + +Steffan Karger (1): + Check for more data in control channel + + 2018.02.28 -- Version 2.4.5 Antonio Quartulli (4): reload HTTP proxy credentials when moving to the next connection profile diff --git a/Changes.rst b/Changes.rst index 4168d62..b8ed5ce 100644 --- a/Changes.rst +++ b/Changes.rst @@ -320,6 +320,32 @@ Maintainer-visible changes use -std=gnu99 in CFLAGS. This is known to be needed when doing i386/i686 builds on RHEL5. +Version 2.4.6 +============= +This is primarily a maintenance release with minor bugfixes and improvements, +and one security relevant fix for the Windows Interactive Service. + +User visible changes +-------------------- +- warn if the management interface is configured with a TCP port and + no password is set (because it might be possible to interfere with + OpenVPN operation by tricking other programs into connecting to the + management interface and inject unwanted commands) + +Bug fixes +--------- +- CVE-2018-9336: fix potential double-free() in the Interactive Service + (Windows) on malformed input. + +- avoid possible integer overflow in wakeup computation (trac #922) + +- improve handling of incoming packet bursts for control channel data + +- fix compilation with older OpenSSL versions that were broken in 2.4.5 + +- Windows + interactive Service: delete the IPv6 route to the "connected" + network on tun close + Version 2.4.5 ============= @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [4]) -define([PRODUCT_VERSION_PATCH], [.5]) +define([PRODUCT_VERSION_PATCH], [.6]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,4,5,0]) +define([PRODUCT_VERSION_RESOURCE], [2,4,6,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |