OpenVPN Change Log
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
+2020.04.16 -- Version 2.4.9
+Antonio Quartulli (1):
+ socks: use the right function when printing struct openvpn_sockaddr
+
+Arne Schwabe (3):
+ Fetch OpenSSL versions via source/old links
+ Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
+ Fix OpenSSL 1.1.1 not using auto elliptic curve selection
+
+Lev Stipakov (4):
+ Fix broken fragmentation logic when using NCP
+ Fix building with --enable-async-push in FreeBSD
+ Fix broken async push with NCP is used
+ Fix illegal client float (CVE-2020-11810)
+
+Maxim Plotnikov (1):
+ OpenSSL: Fix --crl-verify not loading multiple CRLs in one file
+
+Santtu Lakkala (1):
+ Fix OpenSSL private key passphrase notices
+
+Selva Nair (7):
+ Swap the order of checks for validating interactive service user
+ Move querying username/password from management interface to a function
+ When auth-user-pass file has no password query the management interface (if available).
+ Fix possibly uninitialized return value in GetOpenvpnSettings()
+ Fix possible access of uninitialized pipe handles
+ Skip expired certificates in Windows certificate store
+ Allow unicode search string in --cryptoapicert option
+
+Tom van Leeuwen (1):
+ mbedTLS: Make sure TLS session survives move
+
+WGH (1):
+ docs: Add reference to X509_LOOKUP_hash_dir(3)
+
+
2019.10.30 -- Version 2.4.8
Antonio Quartulli (1):
mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()
i386/i686 builds on RHEL5.
+Version 2.4.9
+=============
+This is primarily a maintenance release with minor bugfixes and improvements.
+
+New features
+------------
+- Allow unicode search string in --cryptoapicert option (Windows)
+
+User visible changes
+--------------------
+- Skip expired certificates in Windows certificate store (Windows) (trac #966)
+
+- OpenSSL: Fix --crl-verify not loading multiple CRLs in one file (trac #623)
+
+- When using "--auth-user-pass file" with just a username and no password
+ in the file, OpenVPN now queries the management interface (if active)
+ for the credentials. Previously it would query the console for the
+ password, and fail if no console available (normal case on Windows)
+ (trac #757)
+
+- Swap the order of checks for validating interactive service user
+ (Windows: check config location before querying domain controller for
+ group membership, which can be slow)
+
+
+Bug fixes
+---------
+- fix condition where a client's session could "float" to a new IP address
+ that is not authorized ("fix illegal client float").
+
+ This can be used to disrupt service to a freshly connected client (no
+ session keys negotiated yet). It can not be used to inject or steal
+ VPN traffic. CVE-2020-11810, trac #1272).
+
+- fix combination of async push (deferred auth) and NCP (trac #1259)
+
+- Fix OpenSSL 1.1.1 not using auto elliptic curve selection (trac #1228)
+
+- Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
+
+- mbedTLS: Make sure TLS session survives move (trac #880)
+
+- Fix OpenSSL private key passphrase notices
+
+- Fix building with --enable-async-push in FreeBSD (trac #1256)
+
+- Fix broken fragmentation logic when using NCP (trac #1140)
+
+
+
Version 2.4.8
=============
This is primarily a maintenance release with minor bugfixes and improvements.
define([PRODUCT_TARNAME], [openvpn])
define([PRODUCT_VERSION_MAJOR], [2])
define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [.8])
+define([PRODUCT_VERSION_PATCH], [.9])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,4,8,0])
+define([PRODUCT_VERSION_RESOURCE], [2,4,9,0])
dnl define the TAP version
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])
projects / thirdparty / openvpn.git / commitdiff
