diff options
author | Gert Doering | 2024-03-19 22:19:14 +0100 |
---|---|---|
committer | Gert Doering | 2024-03-19 22:19:35 +0100 |
commit | ba0f62fb950c56a0f992b1f8269bdeac209d4e55 (patch) | |
tree | d2396cc02598c04f3b19798c9835fa0c30b040e3 | |
parent | 462fed53c7a5f21c07dafa4910765efe56d7402d (diff) | |
download | openvpn-2.6.10.zip openvpn-2.6.10.tar.gz |
preparing release 2.6.10v2.6.10
version.m4, ChangeLog, Changes.rst
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | ChangeLog | 32 | ||||
-rw-r--r-- | Changes.rst | 51 | ||||
-rw-r--r-- | version.m4 | 2 |
3 files changed, 84 insertions, 1 deletions
@@ -1,6 +1,38 @@ OpenVPN ChangeLog Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net> +2024.03.20 -- Version 2.6.10 + +Christoph Schug (1): + Update documentation references in systemd unit files + +Frank Lichtenheld (6): + Fix typo --data-cipher-fallback + samples: Remove tls-*.conf + check_compression_settings_valid: Do not test for LZ4 in LZO check + t_client.sh: Allow to skip tests + Update Copyright statements to 2024 + GHA: general update March 2024 + +Lev Stipakov (4): + win32: Enforce loading of plugins from a trusted directory + interactive.c: disable remote access to the service pipe + interactive.c: Fix potential stack overflow issue + Disable DCO if proxy is set via management + +Martin Rys (1): + openvpn-[client|server].service: Remove syslog.target + +Max Fillinger (1): + Remove license warning from README.mbedtls + +Selva Nair (1): + Document that auth-user-pass may be inlined + +wellweek (1): + remove repetitive words in documentation and comments + + 2024.02.11 -- Version 2.6.9 Arne Schwabe (15): diff --git a/Changes.rst b/Changes.rst index 5b8d0c0..029c807 100644 --- a/Changes.rst +++ b/Changes.rst @@ -1,3 +1,54 @@ +Overview of changes in 2.6.10 +============================= +Security fixes +-------------- +- CVE-2024-27459: Windows: fix a possible stack overflow in the + interactive service component which might lead to a local privilege + escalation. + Reported-by: Vladimir Tokarev <vtokarev@microsoft.com> + +- CVE-2024-24974: Windows: disallow access to the interactive service + pipe from remote computers. + Reported-by: Vladimir Tokarev <vtokarev@microsoft.com> + +- CVE-2024-27903: Windows: disallow loading of plugins from untrusted + installation paths, which could be used to attack openvpn.exe via + a malicious plugin. Plugins can now only be loaded from the OpenVPN + install directory, the Windows system directory, and possibly from + a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir. + Reported-by: Vladimir Tokarev <vtokarev@microsoft.com> + +Bug fixes +--------- +- Windows: if the win-dco driver is used (default) and the GUI requests + use of a proxy server, the connection would fail. Disable DCO in + this case. (Github: #522) + +- Compression: minor bugfix in checking option consistency vs. compiled-in + algorithm support + +- systemd unit files: remove obsolete syslog.target + +User visible changes +-------------------- +- Update copyright notices to 2024 + +New features +------------ +- t_client.sh can now run pre-tests and skip a test block if needed + (e.g. skip NTLM proxy tests if SSL library does not support MD4) + +Documentation +------------- +- remove license warnings about mbedTLS linking (README.mbedtls) + +- update documentation references in systemd unit files + +- sample config files: remove obsolete tls-*.conf files + +- document that auth-user-pass may be inlined + + Overview of changes in 2.6.9 ============================ @@ -3,7 +3,7 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [6]) -define([PRODUCT_VERSION_PATCH], [.9]) +define([PRODUCT_VERSION_PATCH], [.10]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) |