diff options
| -rw-r--r-- | ChangeLog | 37 | ||||
| -rw-r--r-- | Changes.rst | 50 | ||||
| -rw-r--r-- | version.m4 | 4 |
3 files changed, 89 insertions, 2 deletions
@@ -1,6 +1,43 @@ OpenVPN Change Log Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> +2020.04.16 -- Version 2.4.9 +Antonio Quartulli (1): + socks: use the right function when printing struct openvpn_sockaddr + +Arne Schwabe (3): + Fetch OpenSSL versions via source/old links + Fix OpenSSL error stack handling of tls_ctx_add_extra_certs + Fix OpenSSL 1.1.1 not using auto elliptic curve selection + +Lev Stipakov (4): + Fix broken fragmentation logic when using NCP + Fix building with --enable-async-push in FreeBSD + Fix broken async push with NCP is used + Fix illegal client float (CVE-2020-11810) + +Maxim Plotnikov (1): + OpenSSL: Fix --crl-verify not loading multiple CRLs in one file + +Santtu Lakkala (1): + Fix OpenSSL private key passphrase notices + +Selva Nair (7): + Swap the order of checks for validating interactive service user + Move querying username/password from management interface to a function + When auth-user-pass file has no password query the management interface (if available). + Fix possibly uninitialized return value in GetOpenvpnSettings() + Fix possible access of uninitialized pipe handles + Skip expired certificates in Windows certificate store + Allow unicode search string in --cryptoapicert option + +Tom van Leeuwen (1): + mbedTLS: Make sure TLS session survives move + +WGH (1): + docs: Add reference to X509_LOOKUP_hash_dir(3) + + 2019.10.30 -- Version 2.4.8 Antonio Quartulli (1): mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free() diff --git a/Changes.rst b/Changes.rst index 65d1eb3..fee48e2 100644 --- a/Changes.rst +++ b/Changes.rst @@ -321,6 +321,56 @@ Maintainer-visible changes i386/i686 builds on RHEL5. +Version 2.4.9 +============= +This is primarily a maintenance release with minor bugfixes and improvements. + +New features +------------ +- Allow unicode search string in --cryptoapicert option (Windows) + +User visible changes +-------------------- +- Skip expired certificates in Windows certificate store (Windows) (trac #966) + +- OpenSSL: Fix --crl-verify not loading multiple CRLs in one file (trac #623) + +- When using "--auth-user-pass file" with just a username and no password + in the file, OpenVPN now queries the management interface (if active) + for the credentials. Previously it would query the console for the + password, and fail if no console available (normal case on Windows) + (trac #757) + +- Swap the order of checks for validating interactive service user + (Windows: check config location before querying domain controller for + group membership, which can be slow) + + +Bug fixes +--------- +- fix condition where a client's session could "float" to a new IP address + that is not authorized ("fix illegal client float"). + + This can be used to disrupt service to a freshly connected client (no + session keys negotiated yet). It can not be used to inject or steal + VPN traffic. CVE-2020-11810, trac #1272). + +- fix combination of async push (deferred auth) and NCP (trac #1259) + +- Fix OpenSSL 1.1.1 not using auto elliptic curve selection (trac #1228) + +- Fix OpenSSL error stack handling of tls_ctx_add_extra_certs + +- mbedTLS: Make sure TLS session survives move (trac #880) + +- Fix OpenSSL private key passphrase notices + +- Fix building with --enable-async-push in FreeBSD (trac #1256) + +- Fix broken fragmentation logic when using NCP (trac #1140) + + + Version 2.4.8 ============= This is primarily a maintenance release with minor bugfixes and improvements. @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [4]) -define([PRODUCT_VERSION_PATCH], [.8]) +define([PRODUCT_VERSION_PATCH], [.9]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,4,8,0]) +define([PRODUCT_VERSION_RESOURCE], [2,4,9,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |