version.m4, ChangeLog, Changes.rst
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -1,6 +1,37 @@ |
1 | 1 |
OpenVPN Change Log |
2 | 2 |
Copyright (C) 2002-2020 OpenVPN Inc <sales@openvpn.net> |
3 | 3 |
|
4 |
+2021.04.20 -- Version 2.5.2 |
|
5 |
+ |
|
6 |
+Arne Schwabe (10): |
|
7 |
+ Avoid generating unecessary mbed debug messages |
|
8 |
+ Restore also ping related options on a reconnect |
|
9 |
+ Cleanup print_details and add signature/ED certificate print |
|
10 |
+ Always disable TLS renegotiations |
|
11 |
+ Also restore/save route-gateway options on SIGUSR1 reconnects |
|
12 |
+ Move context_auth from context_2 to tls_multi and name it multi_state |
|
13 |
+ Fix condition to generate session keys |
|
14 |
+ Move auth_token_state from multi to key_state |
|
15 |
+ Ensure auth-token is only sent on a fully authenticated session |
|
16 |
+ Ensure key state is authenticated before sending push reply |
|
17 |
+ |
|
18 |
+Gert Doering (2): |
|
19 |
+ Fix potential NULL ptr crash if compiled with DMALLOC |
|
20 |
+ |
|
21 |
+Max Fillinger (2): |
|
22 |
+ In init_ssl, open the correct CRL path pre-chroot |
|
23 |
+ Abort if CRL file can't be stat-ed in ssl_init |
|
24 |
+ |
|
25 |
+Richard Bonhomme (1): |
|
26 |
+ Do not print Diffie Hellman parameters file to log file |
|
27 |
+ |
|
28 |
+Simon Rozman (1): |
|
29 |
+ openvpnserv: Cache last error before it is overridden |
|
30 |
+ |
|
31 |
+Vladislav Grishenko (1): |
|
32 |
+ Fix IPv4 default gateway with multiple route tables |
|
33 |
+ |
|
34 |
+ |
|
4 | 35 |
2021.02.24 -- Version 2.5.1 |
5 | 36 |
|
6 | 37 |
Arne Schwabe (5): |
... | ... |
@@ -1,3 +1,48 @@ |
1 |
+Overview of changes in 2.5.2 |
|
2 |
+============================ |
|
3 |
+ |
|
4 |
+Bugfixes |
|
5 |
+-------- |
|
6 |
+- CVE-2020-15078 |
|
7 |
+ see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements |
|
8 |
+ |
|
9 |
+ This bug allows - under very specific circumstances - to trick a |
|
10 |
+ server using delayed authentication (plugin or management) into |
|
11 |
+ returning a PUSH_REPLY before the AUTH_FAILED message, which can |
|
12 |
+ possibly be used to gather information about a VPN setup. |
|
13 |
+ |
|
14 |
+ In combination with "--auth-gen-token" or an user-specific token auth |
|
15 |
+ solution it can be possible to get access to a VPN with an |
|
16 |
+ otherwise-invalid account. |
|
17 |
+ |
|
18 |
+- restore pushed "ping" settings correctly on a SIGUSR1 restart |
|
19 |
+ |
|
20 |
+- avoid generating unecessary mbed debug messages - this is actually |
|
21 |
+ a workaround for an mbedTLS 2.25 bug when using Curve25519 and Curve448 |
|
22 |
+ ED curves - mbedTLS crashes on preparing debug infos that we do not |
|
23 |
+ actually need unless running with "--verb 8" |
|
24 |
+ |
|
25 |
+- do not print inlined (<dh>...</dh>) Diffie Hellman parameters to log file |
|
26 |
+ |
|
27 |
+- fix Linux/SITNL default route lookup in case of multiple routing tables |
|
28 |
+ with more than one default route present (always use "main table" for now) |
|
29 |
+ |
|
30 |
+- Fix CRL file handling in combination with chroot |
|
31 |
+ |
|
32 |
+User-visible Changes |
|
33 |
+-------------------- |
|
34 |
+ |
|
35 |
+- OpenVPN will now refuse to start if CRL file is not present at startup |
|
36 |
+ time. At "reload time" absense of the CRL file is still OK (and the |
|
37 |
+ in memory copy is used) but at startup it is now considered an error. |
|
38 |
+ |
|
39 |
+ |
|
40 |
+New features |
|
41 |
+------------ |
|
42 |
+- printing of the TLS ciphers negotiated has been extended, especially |
|
43 |
+ displaying TLS 1.3 and EC certificates more correctly. |
|
44 |
+ |
|
45 |
+ |
|
1 | 46 |
Overview of changes in 2.5.1 |
2 | 47 |
============================ |
3 | 48 |
|
... | ... |
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) |
3 | 3 |
define([PRODUCT_TARNAME], [openvpn]) |
4 | 4 |
define([PRODUCT_VERSION_MAJOR], [2]) |
5 | 5 |
define([PRODUCT_VERSION_MINOR], [5]) |
6 |
-define([PRODUCT_VERSION_PATCH], [.1]) |
|
6 |
+define([PRODUCT_VERSION_PATCH], [.2]) |
|
7 | 7 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) |
8 | 8 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) |
9 | 9 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) |
10 | 10 |
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) |
11 |
-define([PRODUCT_VERSION_RESOURCE], [2,5,1,0]) |
|
11 |
+define([PRODUCT_VERSION_RESOURCE], [2,5,2,0]) |
|
12 | 12 |
dnl define the TAP version |
13 | 13 |
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) |
14 | 14 |
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |