tag name | v2.4.3 (af49bf5c40d7ea4c3f544d7c0021a3656241307f) |
tag date | 2017-06-20 13:04:11 +0200 |
tagged by | Gert Doering |
tagged object | commit db34435863... |
download | openvpn-2.4.3.zip openvpn-2.4.3.tar.gz |
---|
OpenVPN v2.4.3 release
2017.06.21 -- Version 2.4.3
Antonio Quartulli (1):
Ignore auth-nocache for auth-user-pass if auth-token is pushed
David Sommerseth (3):
crypto: Enable SHA256 fingerprint checking in --verify-hash
copyright: Update GPLv2 license texts
auth-token with auth-nocache fix broke --disable-crypto builds
Emmanuel Deloget (8):
OpenSSL: don't use direct access to the internal of X509
OpenSSL: don't use direct access to the internal of EVP_PKEY
OpenSSL: don't use direct access to the internal of RSA
OpenSSL: don't use direct access to the internal of DSA
OpenSSL: force meth->name as non-const when we free() it
OpenSSL: don't use direct access to the internal of EVP_MD_CTX
OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
OpenSSL: don't use direct access to the internal of HMAC_CTX
Gert Doering (6):
Fix NCP behaviour on TLS reconnect.
Remove erroneous limitation on max number of args for --plugin
Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
Fix potential 1-byte overread in TCP option parsing.
Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
Update Changes.rst with relevant info for 2.4.3 release.
Guido Vranken (6):
refactor my_strupr
Fix 2 memory leaks in proxy authentication routine
Fix memory leak in add_option() for option 'connection'
Ensure option array p[] is always NULL-terminated
Fix a null-pointer dereference in establish_http_proxy_passthru()
Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
Jérémie Courrèges-Anglas (2):
Fix an unaligned access on OpenBSD/sparc64
Missing include for socket-flags TCP_NODELAY on OpenBSD
Matthias Andree (1):
Make openvpn-plugin.h self-contained again.
Selva Nair (1):
Pass correct buffer size to GetModuleFileNameW()
Steffan Karger (11):
Log the negotiated (NCP) cipher
Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
Skip tls-crypt unit tests if required crypto mode not supported
openssl: fix overflow check for long --tls-cipher option
Add a DSA test key/cert pair to sample-keys
Fix mbedtls fingerprint calculation
mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
mbedtls: require C-string compatible types for --x509-username-field
Fix remote-triggerable memory leaks (CVE-2017-7521)
Restrict --x509-alt-username extension types
Fix potential double-free in --x509-alt-username (CVE-2017-7521)
Steven McDonald (1):
Fix gateway detection with OpenBSD routing domains
-----BEGIN PGP SIGNATURE-----
iQGcBAABAgAGBQJZSQFEAAoJEB2Cnv7KVigSVDUL/3TszoPta0HlqmZC0qdGpLA6
LkmSttAv5Na8vjmDIofXP5tLQaFiOr0VlVN8Fwf4p+t6gAOufC9TLaCqmdVXmcL1
8NcfgNd16PhTMj+7ryufCIYqpYw+bcQcoOhKE+t6XRXQb6dIaYVZpRUfA/isWBGK
g4q1iaF1ZpG/e5Z2paNGZ+3b5M3KexlVDa8nl9Uj8Pc0PC5oWoifRTqHBECWKDZg
w1muNNYc+Yl/GDtQUPj7dZOrilLQRrV86xydurPZHgoGjKH630qg3rRrxtbETv01
TUJTenGAGoFMGKCyc0bS2DoxrP7CGsGMiHU5KFJVaH+VFP3YTiXogOKTfBuLu9Yd
fbxCj7DDeuENQzLledinNqyz5UFVRJ/HE0Bq3GLS/YzY2fu9WoBKCQKorzRA7Sbr
rbUdH7/KZ/VSb5DqlRNa8seJDzCrAu7H4OVnuULgtth/RlCPEZT+4Jxr3f1brrKO
OGazQ6vrnozIKMP8DLJgO9z50NYlZSHWWOjxCnAx/A==
=EBKm
-----END PGP SIGNATURE-----