Preparing release 2.5.11

author Gert Doering <gert@greenie.muc.de>

Thu, 18 Jul 2024 12:23:03 +0000 (14:23 +0200)

committer Gert Doering <gert@greenie.muc.de>

Thu, 18 Jul 2024 12:46:01 +0000 (14:46 +0200)
author Gert Doering <gert@greenie.muc.de>
Thu, 18 Jul 2024 12:23:03 +0000 (14:23 +0200)
committer Gert Doering <gert@greenie.muc.de>
Thu, 18 Jul 2024 12:46:01 +0000 (14:46 +0200)
diff --git a/ChangeLog b/ChangeLog

index 250a06743b9ea5896dbffa6e35b803fee1a43406..c7a91d4c6521854f8d1960c5b7ffd7c94b902fc3 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,12 @@
  OpenVPN Change Log
  Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
  
+2024.07.18 -- Version 2.5.11
+
+Arne Schwabe (2):
+      Properly handle null bytes and invalid characters in control messages
+      Allow trailing \r and \n in control channel message
+
  2024.03.21 -- Version 2.5.10
  
  Arne Schwabe (1):
diff --git a/Changes.rst b/Changes.rst

index 59626c3ca545aebf89ec365f746f9d77c35bdd65..9c729f6ed62fdcdc2989e5e86893a7f2af55cc50 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -1,3 +1,15 @@
+Overview of changes in 2.5.11
+=============================
+Security fixes
+--------------
+- CVE-2024-5594: control channel: refuse control channel messages with
+  nonprintable characters in them.  Security scope: a malicious openvpn
+  peer can send garbage to openvpn log, or cause high CPU load.
+  (Reynir Björnsson)
+
+  (Backport of the security fix in 2.6.11 and the fix for the bugfix
+  in 2.6.12)
+
  Overview of changes in 2.5.10
  =============================
  Security fixes
diff --git a/version.m4 b/version.m4

index c6afb8bd1d46a5ac6c52303d8ab8c316129de931..e4b66e49f9b0be86157206cb4690b0faea9614c9 100644 (file)
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
  define([PRODUCT_TARNAME], [openvpn])
  define([PRODUCT_VERSION_MAJOR], [2])
  define([PRODUCT_VERSION_MINOR], [5])
-define([PRODUCT_VERSION_PATCH], [.10])
+define([PRODUCT_VERSION_PATCH], [.11])
  m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
  m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
  m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
  define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,5,10,0])
+define([PRODUCT_VERSION_RESOURCE], [2,5,11,0])
  dnl define the TAP version
  define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
  define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
author	Gert Doering <gert@greenie.muc.de>
	Thu, 18 Jul 2024 12:23:03 +0000 (14:23 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 18 Jul 2024 12:46:01 +0000 (14:46 +0200)
ChangeLog		patch \| blob \| blame \| history
Changes.rst		patch \| blob \| blame \| history
version.m4		patch \| blob \| blame \| history