Preparing release of v2.3.12

Signed-off-by: David Sommerseth <davids@openvpn.net>

diff --git a/ChangeLog b/ChangeLog
index 537e213d502556669fd88b485099cb9e3a8648d6..6f51191d1b146bb4acb9434a7e55cbdc50b63a1b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,52 @@
 OpenVPN Change Log
 Copyright (C) 2002-2015 OpenVPN Technologies, Inc. <sales@openvpn.net>
 
+2016.08.23 -- Version 2.3.12
+Arne Schwabe (2):
+      Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
+      Move ASSERT so external-key with OpenSSL works again
+
+David Sommerseth (3):
+      Only build and run cmocka unit tests if its submodule is initialized
+      Another fix related to unit test framework
+      Remove NOP function and callers
+
+Dorian Harmans (1):
+      Add CHACHA20-POLY1305 ciphersuite IANA name translations.
+
+Ivo Manca (1):
+      Plug memory leak in mbedTLS backend
+
+Jeffrey Cutter (1):
+      Update contrib/pull-resolv-conf/client.up for no DOMAIN
+
+Jens Neuhalfen (2):
+      Add unit testing support via cmocka
+      Add a test for auth-pam searchandreplace
+
+Josh Cepek (1):
+      Push an IPv6 CIDR mask used by the server, not the pool's size
+
+Leon Klingele (1):
+      Add link to bug tracker
+
+Samuli Seppänen (2):
+      Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
+      Clarify the fact that build instructions in README are for release tarballs
+
+Selva Nair (4):
+      Make error non-fatal while deleting address using netsh
+      Make block-outside-dns work with persist-tun
+      Ignore SIGUSR1/SIGHUP during exit notification
+      Promptly close the netcmd_semaphore handle after use
+
+Steffan Karger (4):
+      Fix polarssl / mbedtls builds
+      Don't limit max incoming message size based on c2->frame
+      Fix '--cipher none --cipher' crash
+      Discourage using 64-bit block ciphers
+
+
 2016.05.09 -- Version 2.3.11
 James Yonan (1):
       Fixed port-share bug with DoS potential

diff --git a/Changes.rst b/Changes.rst
index 1ab3013c34d580b1aed2faae3b1c29901962742b..b121f01adf5a5ba13597909aeb4841fa95c7b5ab 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -100,6 +100,21 @@ Behavioral changes
 - Do not randomize resolving of IP addresses in getaddr()
 
 
+Version 2.3.12
+==============
+
+Security changes
+----------------
+
+- Deprecation of ciphers using less than 128-bits cipher blocks
+
+  It is highly recommended to avoid using ciphers listed in the new
+  deprecated section of --show-ciphers.  These ciphers are no longer
+  considered safe to use.  If you cannot migrate away from these
+  ciphers currently, it is strongly recommended to start using
+  --reneg-bytes with a value less than 64MB.
+
+
 Version 2.3.11
 ==============
 

diff --git a/version.m4 b/version.m4
index b9ad4e7c11d9b87e91be9e3b35e0534fad342b95..dc7a5ce60ed55f3f5664bd96d4e8e22be811c670 100644 (file)
--- a/version.m4
+++ b/version.m4
@@ -1,9 +1,9 @@
 dnl define the OpenVPN version
 define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
-define([PRODUCT_VERSION], [2.3.11])
+define([PRODUCT_VERSION], [2.3.12])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,3,11,0])
+define([PRODUCT_VERSION_RESOURCE], [2,3,12,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])