Preparing release 2.5.3

version.m4, ChangeLog, Changes.rst

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/ChangeLog b/ChangeLog
index 1a0edbc9503ce0ea0076056289f5db97c5dab035..5b66ea740d8f5aaf152420b4e6d7bcfee38197bc 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,37 @@
 OpenVPN Change Log
 Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
 
+2021.06.17 -- Version 2.5.3
+
+Arne Schwabe (3):
+      Add missing free_key_ctx for auth_token
+      Add github actions
+      Implement auth-token-user
+
+David Sommerseth (1):
+      Update copyrights
+
+Lev Stipakov (8):
+      openvpnmsica: properly schedule reboot in the end of installation
+      msvc: add ARM64 configuration
+      msvc: standalone building
+      contrib/vcpkg-ports: add pkcs11-helper port
+      vcpkg-ports: restore trailing whitespaces in .patch files
+      GitHub actions: add MSVC build
+      crypto_openssl.c: disable explicit initialization on Windows (CVE-2121-3606)
+      contrib/vcpkg-ports: add openssl port with --no-autoload-config option set (CVE-2121-3606)
+
+Matthias Andree (1):
+      Fix SIGSEGV (NULL deref) receiving push "echo"
+
+Max Fillinger (1):
+      Fix build with mbedtls w/o SSL renegotiation support
+
+Selva Nair (2):
+      Improve documentation of AUTH_PENDING related directives
+      Apply the connect-retry backoff to only one side of a connection
+
+
 2021.04.20 -- Version 2.5.2
 
 Arne Schwabe (10):

diff --git a/Changes.rst b/Changes.rst
index b0a6b273c7e0601b831703be1e9130cb4d06aa2c..df2e89004c2a079914fd939fc237ac49b657fccf 100644 (file)
--- a/Changes.rst
+++ b/Changes.rst
@@ -1,3 +1,42 @@
+Overview of changes in 2.5.3
+============================
+Bugfixes
+--------
+- CVE-2121-3606
+  see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
+
+  OpenVPN windows builds could possibly load OpenSSL Config files from
+  world writeable locations, thus posing a security risk to OpenVPN.
+
+  As a fix, disable OpenSSL config loading completely on Windows.
+
+- disable connect-retry backoff for p2p (--secret) instances
+  (Trac #1010, #1384)
+
+- fix build with mbedtls w/o SSL renegotiation support
+
+- Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409)
+
+- MSI installers: properly schedule reboot in the end of installation
+
+- fix small memory leak in free_key_ctx for auth_token
+
+
+User-visible Changes
+--------------------
+- update copyright messages in files and --version output
+
+New features
+------------
+- add --auth-token-user option (for --auth-token deployments without
+  --auth-user-pass in client config)
+
+- improve MSVC building for Windows
+
+- official MSI installers will now contain arm64 drivers and binaries
+  (x86, amd64, arm64)
+
+
 Overview of changes in 2.5.2
 ============================
 

diff --git a/version.m4 b/version.m4
index bbb6372ae76143862c7d0ba0563cd45aaf23537c..4b0d6772c9e73036358f8643014ee55ba7bff330 100644 (file)
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [5])
-define([PRODUCT_VERSION_PATCH], [.2])
+define([PRODUCT_VERSION_PATCH], [.3])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,5,2,0])
+define([PRODUCT_VERSION_RESOURCE], [2,5,3,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])