diff options
author | Gert Doering | 2021-06-17 11:01:55 +0200 |
---|---|---|
committer | Gert Doering | 2021-06-17 11:02:56 +0200 |
commit | ecaf88f8a4e758567dbb270900401bfd038bcd73 (patch) | |
tree | 663983554829a1871f1559b551ad03b76d3c2ac2 | |
parent | 92535b6a10865f7e6729f766dcf36e094b7f61d4 (diff) | |
download | openvpn-ecaf88f8a4e758567dbb270900401bfd038bcd73.zip openvpn-ecaf88f8a4e758567dbb270900401bfd038bcd73.tar.gz |
Preparing release 2.5.3v2.5.3
version.m4, ChangeLog, Changes.rst
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | ChangeLog | 31 | ||||
-rw-r--r-- | Changes.rst | 39 | ||||
-rw-r--r-- | version.m4 | 4 |
3 files changed, 72 insertions, 2 deletions
@@ -1,6 +1,37 @@ OpenVPN Change Log Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net> +2021.06.17 -- Version 2.5.3 + +Arne Schwabe (3): + Add missing free_key_ctx for auth_token + Add github actions + Implement auth-token-user + +David Sommerseth (1): + Update copyrights + +Lev Stipakov (8): + openvpnmsica: properly schedule reboot in the end of installation + msvc: add ARM64 configuration + msvc: standalone building + contrib/vcpkg-ports: add pkcs11-helper port + vcpkg-ports: restore trailing whitespaces in .patch files + GitHub actions: add MSVC build + crypto_openssl.c: disable explicit initialization on Windows (CVE-2121-3606) + contrib/vcpkg-ports: add openssl port with --no-autoload-config option set (CVE-2121-3606) + +Matthias Andree (1): + Fix SIGSEGV (NULL deref) receiving push "echo" + +Max Fillinger (1): + Fix build with mbedtls w/o SSL renegotiation support + +Selva Nair (2): + Improve documentation of AUTH_PENDING related directives + Apply the connect-retry backoff to only one side of a connection + + 2021.04.20 -- Version 2.5.2 Arne Schwabe (10): diff --git a/Changes.rst b/Changes.rst index b0a6b27..df2e890 100644 --- a/Changes.rst +++ b/Changes.rst @@ -1,3 +1,42 @@ +Overview of changes in 2.5.3 +============================ +Bugfixes +-------- +- CVE-2121-3606 + see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements + + OpenVPN windows builds could possibly load OpenSSL Config files from + world writeable locations, thus posing a security risk to OpenVPN. + + As a fix, disable OpenSSL config loading completely on Windows. + +- disable connect-retry backoff for p2p (--secret) instances + (Trac #1010, #1384) + +- fix build with mbedtls w/o SSL renegotiation support + +- Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409) + +- MSI installers: properly schedule reboot in the end of installation + +- fix small memory leak in free_key_ctx for auth_token + + +User-visible Changes +-------------------- +- update copyright messages in files and --version output + +New features +------------ +- add --auth-token-user option (for --auth-token deployments without + --auth-user-pass in client config) + +- improve MSVC building for Windows + +- official MSI installers will now contain arm64 drivers and binaries + (x86, amd64, arm64) + + Overview of changes in 2.5.2 ============================ @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [5]) -define([PRODUCT_VERSION_PATCH], [.2]) +define([PRODUCT_VERSION_PATCH], [.3]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,5,2,0]) +define([PRODUCT_VERSION_RESOURCE], [2,5,3,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |