From: Gert Doering Date: Thu, 17 Jun 2021 09:01:55 +0000 (+0200) Subject: Preparing release 2.5.3 X-Git-Tag: v2.5.3^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ecaf88f8a4e758567dbb270900401bfd038bcd73;p=thirdparty%2Fopenvpn.git Preparing release 2.5.3 version.m4, ChangeLog, Changes.rst Signed-off-by: Gert Doering --- diff --git a/ChangeLog b/ChangeLog index 1a0edbc95..5b66ea740 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,37 @@ OpenVPN Change Log Copyright (C) 2002-2021 OpenVPN Inc +2021.06.17 -- Version 2.5.3 + +Arne Schwabe (3): + Add missing free_key_ctx for auth_token + Add github actions + Implement auth-token-user + +David Sommerseth (1): + Update copyrights + +Lev Stipakov (8): + openvpnmsica: properly schedule reboot in the end of installation + msvc: add ARM64 configuration + msvc: standalone building + contrib/vcpkg-ports: add pkcs11-helper port + vcpkg-ports: restore trailing whitespaces in .patch files + GitHub actions: add MSVC build + crypto_openssl.c: disable explicit initialization on Windows (CVE-2121-3606) + contrib/vcpkg-ports: add openssl port with --no-autoload-config option set (CVE-2121-3606) + +Matthias Andree (1): + Fix SIGSEGV (NULL deref) receiving push "echo" + +Max Fillinger (1): + Fix build with mbedtls w/o SSL renegotiation support + +Selva Nair (2): + Improve documentation of AUTH_PENDING related directives + Apply the connect-retry backoff to only one side of a connection + + 2021.04.20 -- Version 2.5.2 Arne Schwabe (10): diff --git a/Changes.rst b/Changes.rst index b0a6b273c..df2e89004 100644 --- a/Changes.rst +++ b/Changes.rst @@ -1,3 +1,42 @@ +Overview of changes in 2.5.3 +============================ +Bugfixes +-------- +- CVE-2121-3606 + see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements + + OpenVPN windows builds could possibly load OpenSSL Config files from + world writeable locations, thus posing a security risk to OpenVPN. + + As a fix, disable OpenSSL config loading completely on Windows. + +- disable connect-retry backoff for p2p (--secret) instances + (Trac #1010, #1384) + +- fix build with mbedtls w/o SSL renegotiation support + +- Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409) + +- MSI installers: properly schedule reboot in the end of installation + +- fix small memory leak in free_key_ctx for auth_token + + +User-visible Changes +-------------------- +- update copyright messages in files and --version output + +New features +------------ +- add --auth-token-user option (for --auth-token deployments without + --auth-user-pass in client config) + +- improve MSVC building for Windows + +- official MSI installers will now contain arm64 drivers and binaries + (x86, amd64, arm64) + + Overview of changes in 2.5.2 ============================ diff --git a/version.m4 b/version.m4 index bbb6372ae..4b0d6772c 100644 --- a/version.m4 +++ b/version.m4 @@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) define([PRODUCT_VERSION_MAJOR], [2]) define([PRODUCT_VERSION_MINOR], [5]) -define([PRODUCT_VERSION_PATCH], [.2]) +define([PRODUCT_VERSION_PATCH], [.3]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,5,2,0]) +define([PRODUCT_VERSION_RESOURCE], [2,5,3,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])