diff options
| -rw-r--r-- | ChangeLog | 46 | ||||
| -rw-r--r-- | Changes.rst | 55 | ||||
| -rw-r--r-- | version.m4 | 4 |
3 files changed, 103 insertions, 2 deletions
@@ -1,6 +1,52 @@ OpenVPN Change Log Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> +2020.12.09 -- Version 2.4.10 + +Antonio Quartulli (1): + pool: prevent IPv6 pools to be larger than 2^16 addresses + +Arne Schwabe (5): + Fix tls_ctx_client/server_new leaving error on OpenSSL error stack + Normalise ncp-ciphers option and restrict it to 127 bytes + Also announce IV_CIPHERS as client in OpenVPN 2.4 + Fix auth-token not being updated if auth-nocache is set + Remove auth_user_pass.wait_for_push variable + +David Sommerseth (1): + compat/lz4: Update to v1.9.2 + +Gert Doering (12): + Fix stack overflow in OpenSolaris NEXTADDR() + Document that --push-remove is generally more suitable than --push-reset + Fix error detection / abort in --inetd corner case. + Fix TUNSETGROUP compatibility with very old Linux systems. + Fix handling of 'route remote_host' for IPv6 transport case. + Fix description of --client-disconnect calling convention in manpage. + Handle NULL returns from calloc() in sample plugins. + Fix --show-gateway for IPv6 on NetBSD/i386. + socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes + Fix redirecting of IPv4 default gateway if connecting over IPv6. + Change travis build scripts to use https when fetching prerequisites. + Fix line number reporting on config file errors after <inline> segments + +Jeremy Evans (1): + Switch assertion failure to returning false + +Matthias Andree (1): + Fix stack buffer overruns in NEXTADDR() macro: + +Selva Nair (3): + Parse static challenge response in auth-pam plugin + Accept empty password and/or response in auth-pam plugin + Persist management-query-remote and proxy prompts + +Vladislav Grishenko (2): + Log serial number of revoked certificate + Fix fatal error at switching remotes (#629) + + + 2020.04.16 -- Version 2.4.9 Antonio Quartulli (1): socks: use the right function when printing struct openvpn_sockaddr diff --git a/Changes.rst b/Changes.rst index fee48e2..928ddf9 100644 --- a/Changes.rst +++ b/Changes.rst @@ -321,6 +321,61 @@ Maintainer-visible changes i386/i686 builds on RHEL5. +Version 2.4.10 +============= +This is primarily a maintenance release with minor bugfixes and improvements. + +New features +------------ + - OpenVPN client will now announce the acceptable ciphers to the server + (IV_CIPHER=...), so NCP cipher negotiation works better + + - Parse static challenge response in auth-pam plugin + + - Accept empty password and/or response in auth-pam plugin + + - Log serial number of revoked certificate + + +User visible changes +-------------------- + - Windows: Swap the order of checks for validating interactive service user + (faster start if connection to the DC is slow, but local information is + sufficient to determine privileges) + + +Bug fixes +--------- + - Fix tls_ctx_client/server_new leaving error on OpenSSL error stack + + - Fix auth-token not being updated if auth-nocache is set + (this should fix all remaining client-side bugs for the combination + "auth-nocache in client-config" + "auth-token in use on the server") + + - Fix stack overflow in OpenSolaris and *BSD NEXTADDR() + + - Fix error detection / abort in --inetd corner case (#350) + + - Fix TUNSETGROUP compatibility with very old Linux systems (#1152) + + - Fix handling of 'route remote_host' for IPv6 transport case + (#1247 and #1332) + + - Fix --show-gateway for IPv6 on NetBSD/i386 (#734) + + - A number of documentation improvements / clarification fixes. + + - Fix line number reporting on config file errors after <inline> segments + (#1325) + + - Fix fatal error at switching remotes (#629) + + - socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes (#848) + + - Switch "ks->authenticated" assertion failure to returning false (#1270) + + + Version 2.4.9 ============= This is primarily a maintenance release with minor bugfixes and improvements. @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [4]) -define([PRODUCT_VERSION_PATCH], [.9]) +define([PRODUCT_VERSION_PATCH], [.10]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,4,9,0]) +define([PRODUCT_VERSION_RESOURCE], [2,4,10,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |