Preparing release v2.4.11 (ChangeLog, version.m4, Changes.rst)

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/ChangeLog b/ChangeLog
index d57e05d55486f1931be66012fc62aeb25072cd4d..9777c6e22e2da23856a79980b014375233d7c794 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,23 @@
 OpenVPN Change Log
 Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
 
+2021.04.20 -- Version 2.4.11
+
+Arne Schwabe (1):
+      Ensure key state is authenticated before sending push reply
+
+Gert Doering (2):
+      clean up / rewrite sample-plugins/defer/simple.c
+      Fix potential NULL ptr crash if compiled with DMALLOC
+
+Greg Cox (5):
+      Fix naming error in sample-plugins/defer/simple.c
+      Documentation fixes around openvpn_plugin_func_v3 in openvpn-plugin.h.in
+      Update openvpn_plugin_func_v2 to _v3 in sample-plugins/defer/simple.c
+      More explicit versioning compatibility in sample-plugins/defer/simple.c
+      Explain structver usage in sample defer plugin.
+
+
 2020.12.09 -- Version 2.4.10
 
 Antonio Quartulli (1):

diff --git a/Changes.rst b/Changes.rst
index 928ddf92443c49bef9775c88764ad864912335e7..2d472f76d879ad4e6e86b62b18a89f9f6e70455b 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -321,6 +321,31 @@ Maintainer-visible changes
   i386/i686 builds on RHEL5.
 
 
+Version 2.4.11
+=============
+This is primarily a maintenance release with minor bugfixes and improvements.
+
+Bug fixes
+---------
+- CVE-2020-15078
+  see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
+
+  This bug allows - under very specific circumstances - to trick a
+  server using delayed authentication (plugin or management) into
+  returning a PUSH_REPLY before the AUTH_FAILED message, which can
+  possibly be used to gather information about a VPN setup.
+
+  In combination with "--auth-gen-token" or an user-specific token auth
+  solution it can be possible to get access to a VPN with an
+  otherwise-invalid account.
+
+- Fix potential NULL ptr crash if compiled with DMALLOC
+
+Enhancements
+------------
+ - multiple patches to improve "sample defer plugin" + documentation
+
+
 Version 2.4.10
 =============
 This is primarily a maintenance release with minor bugfixes and improvements.

diff --git a/version.m4 b/version.m4
index 76076c4ebca5c561e8d4cc51958e143901404408..6ee16a768fe362676deeb95b17ef7884411aaa4a 100644 (file)
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [.10])
+define([PRODUCT_VERSION_PATCH], [.11])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,4,10,0])
+define([PRODUCT_VERSION_RESOURCE], [2,4,11,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])