preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/ChangeLog b/ChangeLog
index 0db3e5b8f14db00d01949d13667f53b935578469..2d6f3e57645f17cff3990d546b9eec037dd8e6bb 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,32 @@
 OpenVPN Change Log
 Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
 
+2018.04.19 -- Version 2.4.6
+David Sommerseth (1):
+      management: Warn if TCP port is used without password
+
+Gert Doering (2):
+      Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
+      Fix potential double-free() in Interactive Service (CVE-2018-9336)
+
+Gert van Dijk (1):
+      manpage: improve description of --status and --status-version
+
+Joost Rijneveld (1):
+      Make return code external tls key match docs
+
+Selva Nair (3):
+      Delete the IPv6 route to the "connected" network on tun close
+      Management: warn about password only when the option is in use
+      Avoid overflow in wakeup time computation
+
+Simon Matter (1):
+      Add missing #ifdef SSL_OP_NO_TLSv1_1/2
+
+Steffan Karger (1):
+      Check for more data in control channel
+
+
 2018.02.28 -- Version 2.4.5
 Antonio Quartulli (4):
       reload HTTP proxy credentials when moving to the next connection profile

diff --git a/Changes.rst b/Changes.rst
index 4168d629cd0f88686b0ab97e5e6976b485a26631..b8ed5ce9cafed9599baa4ff79a1a9f7507da15fa 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -320,6 +320,32 @@ Maintainer-visible changes
   use -std=gnu99 in CFLAGS.  This is known to be needed when doing
   i386/i686 builds on RHEL5.
 
+Version 2.4.6
+=============
+This is primarily a maintenance release with minor bugfixes and improvements,
+and one security relevant fix for the Windows Interactive Service.
+
+User visible changes
+--------------------
+- warn if the management interface is configured with a TCP port and
+  no password is set (because it might be possible to interfere with
+  OpenVPN operation by tricking other programs into connecting to the
+  management interface and inject unwanted commands)
+
+Bug fixes
+---------
+- CVE-2018-9336: fix potential double-free() in the Interactive Service
+  (Windows) on malformed input.
+
+- avoid possible integer overflow in wakeup computation (trac #922)
+
+- improve handling of incoming packet bursts for control channel data
+
+- fix compilation with older OpenSSL versions that were broken in 2.4.5
+
+- Windows + interactive Service: delete the IPv6 route to the "connected"
+  network on tun close
+
 
 Version 2.4.5
 =============

diff --git a/version.m4 b/version.m4
index 7ccc1792ff05ef1afe8f5244ed2e77779c056b70..fd4f32a1beb51b3ea8282ac89e7f82658726e798 100644 (file)
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [.5])
+define([PRODUCT_VERSION_PATCH], [.6])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,4,5,0])
+define([PRODUCT_VERSION_RESOURCE], [2,4,6,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])