From: David Sommerseth Date: Mon, 25 Sep 2017 21:42:48 +0000 (+0200) Subject: Preparing OpenVPN 2.3.18 release X-Git-Tag: v2.3.18^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F95%2Fhead;p=thirdparty%2Fopenvpn.git Preparing OpenVPN 2.3.18 release Signed-off-by: David Sommerseth --- diff --git a/ChangeLog b/ChangeLog index a9e57bce1..507cdced2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,18 @@ OpenVPN Change Log Copyright (C) 2002-2017 OpenVPN Technologies, Inc. +2017.09.25 -- Version 2.3.18 +Antonio Quartulli (1): + crypto: correct typ0 in error message + +Steffan Karger (2): + Deprecate --ns-cert-type + Fix bounds check in read_key() + +Szilárd Pfeiffer (1): + OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag + + 2017.06.21 -- Version 2.3.17 David Sommerseth (2): diff --git a/Changes.rst b/Changes.rst index 3d164b945..57553144d 100644 --- a/Changes.rst +++ b/Changes.rst @@ -116,6 +116,20 @@ Deprecated features extension instead. Make sure your certificates carry these to be able to use ``--remote-cert-tls``. +Behavioural changes +------------------- +- OpenVPN built against OpenSSL will now prefer the TLS cipher used by the + server for the control channel cipher. + +Security +-------- +- CVE-2017-12166: Fix bounds check for configurations using ``--key-method 1`` + Before this fix, it could allow an attacker to send a malformed packet to + trigger a stack overflow. This is considered to be a low risk issue, as + ``--key-method 2`` has been the default since OpenVPN 2.0 (released on + 2005-04-17). This option is already deprecated in v2.4 and will be + completely removed in v2.5. + Version 2.3.17 ============== diff --git a/version.m4 b/version.m4 index f5ab1440c..181813fc7 100644 --- a/version.m4 +++ b/version.m4 @@ -1,9 +1,9 @@ dnl define the OpenVPN version define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) -define([PRODUCT_VERSION], [2.3.17]) +define([PRODUCT_VERSION], [2.3.18]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,3,17,0]) +define([PRODUCT_VERSION_RESOURCE], [2,3,18,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])