From: Gert Doering Date: Thu, 19 Apr 2018 15:37:18 +0000 (+0200) Subject: preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst) X-Git-Tag: v2.4.6^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3a7f452206607fb23d5cea76339dfb164c283f2;p=thirdparty%2Fopenvpn.git preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst) Signed-off-by: Gert Doering --- diff --git a/ChangeLog b/ChangeLog index 0db3e5b8f..2d6f3e576 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,32 @@ OpenVPN Change Log Copyright (C) 2002-2018 OpenVPN Inc +2018.04.19 -- Version 2.4.6 +David Sommerseth (1): + management: Warn if TCP port is used without password + +Gert Doering (2): + Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4 + Fix potential double-free() in Interactive Service (CVE-2018-9336) + +Gert van Dijk (1): + manpage: improve description of --status and --status-version + +Joost Rijneveld (1): + Make return code external tls key match docs + +Selva Nair (3): + Delete the IPv6 route to the "connected" network on tun close + Management: warn about password only when the option is in use + Avoid overflow in wakeup time computation + +Simon Matter (1): + Add missing #ifdef SSL_OP_NO_TLSv1_1/2 + +Steffan Karger (1): + Check for more data in control channel + + 2018.02.28 -- Version 2.4.5 Antonio Quartulli (4): reload HTTP proxy credentials when moving to the next connection profile diff --git a/Changes.rst b/Changes.rst index 4168d629c..b8ed5ce9c 100644 --- a/Changes.rst +++ b/Changes.rst @@ -320,6 +320,32 @@ Maintainer-visible changes use -std=gnu99 in CFLAGS. This is known to be needed when doing i386/i686 builds on RHEL5. +Version 2.4.6 +============= +This is primarily a maintenance release with minor bugfixes and improvements, +and one security relevant fix for the Windows Interactive Service. + +User visible changes +-------------------- +- warn if the management interface is configured with a TCP port and + no password is set (because it might be possible to interfere with + OpenVPN operation by tricking other programs into connecting to the + management interface and inject unwanted commands) + +Bug fixes +--------- +- CVE-2018-9336: fix potential double-free() in the Interactive Service + (Windows) on malformed input. + +- avoid possible integer overflow in wakeup computation (trac #922) + +- improve handling of incoming packet bursts for control channel data + +- fix compilation with older OpenSSL versions that were broken in 2.4.5 + +- Windows + interactive Service: delete the IPv6 route to the "connected" + network on tun close + Version 2.4.5 ============= diff --git a/version.m4 b/version.m4 index 7ccc1792f..fd4f32a1b 100644 --- a/version.m4 +++ b/version.m4 @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [4]) -define([PRODUCT_VERSION_PATCH], [.5]) +define([PRODUCT_VERSION_PATCH], [.6]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,4,5,0]) +define([PRODUCT_VERSION_RESOURCE], [2,4,6,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])