OpenVPN Change Log
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+2017.09.25 -- Version 2.3.18
+Antonio Quartulli (1):
+ crypto: correct typ0 in error message
+
+Steffan Karger (2):
+ Deprecate --ns-cert-type
+ Fix bounds check in read_key()
+
+Szilárd Pfeiffer (1):
+ OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag
+
+
2017.06.21 -- Version 2.3.17
David Sommerseth (2):
extension instead. Make sure your certificates carry these to be able to
use ``--remote-cert-tls``.
+Behavioural changes
+-------------------
+- OpenVPN built against OpenSSL will now prefer the TLS cipher used by the
+ server for the control channel cipher.
+
+Security
+--------
+- CVE-2017-12166: Fix bounds check for configurations using ``--key-method 1``
+ Before this fix, it could allow an attacker to send a malformed packet to
+ trigger a stack overflow. This is considered to be a low risk issue, as
+ ``--key-method 2`` has been the default since OpenVPN 2.0 (released on
+ 2005-04-17). This option is already deprecated in v2.4 and will be
+ completely removed in v2.5.
+
Version 2.3.17
==============
dnl define the OpenVPN version
define([PRODUCT_NAME], [OpenVPN])
define([PRODUCT_TARNAME], [openvpn])
-define([PRODUCT_VERSION], [2.3.17])
+define([PRODUCT_VERSION], [2.3.18])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,3,17,0])
+define([PRODUCT_VERSION_RESOURCE], [2,3,18,0])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
projects / thirdparty / openvpn.git / commitdiff
