Preparing release v2.4.10 (ChangeLog, version.m4, Changes.rst)

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/ChangeLog b/ChangeLog
index b0b0dd716c162b72c50deb0bb1995f5424f23c7a..d57e05d55486f1931be66012fc62aeb25072cd4d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,52 @@
 OpenVPN Change Log
 Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
 
+2020.12.09 -- Version 2.4.10
+
+Antonio Quartulli (1):
+      pool: prevent IPv6 pools to be larger than 2^16 addresses
+
+Arne Schwabe (5):
+      Fix tls_ctx_client/server_new leaving error on OpenSSL error stack
+      Normalise ncp-ciphers option and restrict it to 127 bytes
+      Also announce IV_CIPHERS as client in OpenVPN 2.4
+      Fix auth-token not being updated if auth-nocache is set
+      Remove auth_user_pass.wait_for_push variable
+
+David Sommerseth (1):
+      compat/lz4: Update to v1.9.2
+
+Gert Doering (12):
+      Fix stack overflow in OpenSolaris NEXTADDR()
+      Document that --push-remove is generally more suitable than --push-reset
+      Fix error detection / abort in --inetd corner case.
+      Fix TUNSETGROUP compatibility with very old Linux systems.
+      Fix handling of 'route remote_host' for IPv6 transport case.
+      Fix description of --client-disconnect calling convention in manpage.
+      Handle NULL returns from calloc() in sample plugins.
+      Fix --show-gateway for IPv6 on NetBSD/i386.
+      socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes
+      Fix redirecting of IPv4 default gateway if connecting over IPv6.
+      Change travis build scripts to use https when fetching prerequisites.
+      Fix line number reporting on config file errors after <inline> segments
+
+Jeremy Evans (1):
+      Switch assertion failure to returning false
+
+Matthias Andree (1):
+      Fix stack buffer overruns in NEXTADDR() macro:
+
+Selva Nair (3):
+      Parse static challenge response in auth-pam plugin
+      Accept empty password and/or response in auth-pam plugin
+      Persist management-query-remote and proxy prompts
+
+Vladislav Grishenko (2):
+      Log serial number of revoked certificate
+      Fix fatal error at switching remotes (#629)
+
+
+
 2020.04.16 -- Version 2.4.9
 Antonio Quartulli (1):
       socks: use the right function when printing struct openvpn_sockaddr

diff --git a/Changes.rst b/Changes.rst
index fee48e25177263a2f2a030baab1f584af50a09a0..928ddf92443c49bef9775c88764ad864912335e7 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -321,6 +321,61 @@ Maintainer-visible changes
   i386/i686 builds on RHEL5.
 
 
+Version 2.4.10
+=============
+This is primarily a maintenance release with minor bugfixes and improvements.
+
+New features
+------------
+ - OpenVPN client will now announce the acceptable ciphers to the server
+   (IV_CIPHER=...), so NCP cipher negotiation works better
+
+ - Parse static challenge response in auth-pam plugin
+
+ - Accept empty password and/or response in auth-pam plugin
+
+ - Log serial number of revoked certificate
+
+
+User visible changes
+--------------------
+ - Windows: Swap the order of checks for validating interactive service user
+   (faster start if connection to the DC is slow, but local information is
+   sufficient to determine privileges)
+
+
+Bug fixes
+---------
+ - Fix tls_ctx_client/server_new leaving error on OpenSSL error stack
+
+ - Fix auth-token not being updated if auth-nocache is set
+   (this should fix all remaining client-side bugs for the combination
+   "auth-nocache in client-config" + "auth-token in use on the server")
+
+ - Fix stack overflow in OpenSolaris and *BSD NEXTADDR()
+
+ - Fix error detection / abort in --inetd corner case (#350)
+
+ - Fix TUNSETGROUP compatibility with very old Linux systems (#1152)
+
+ - Fix handling of 'route remote_host' for IPv6 transport case
+   (#1247 and #1332)
+
+ - Fix --show-gateway for IPv6 on NetBSD/i386 (#734)
+
+ - A number of documentation improvements / clarification fixes.
+
+ - Fix line number reporting on config file errors after <inline> segments
+   (#1325)
+
+ - Fix fatal error at switching remotes (#629)
+
+ - socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes (#848)
+
+ - Switch "ks->authenticated" assertion failure to returning false (#1270)
+
+
+
 Version 2.4.9
 =============
 This is primarily a maintenance release with minor bugfixes and improvements.

diff --git a/version.m4 b/version.m4
index 2e23539a61d0d4bc04878c3a5c5c67a6f23be27b..76076c4ebca5c561e8d4cc51958e143901404408 100644 (file)
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [.9])
+define([PRODUCT_VERSION_PATCH], [.10])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,4,9,0])
+define([PRODUCT_VERSION_RESOURCE], [2,4,10,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])