Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering authored on 2018/04/20 00:37:18... | ... |
@@ -1,6 +1,32 @@ |
1 | 1 |
OpenVPN Change Log |
2 | 2 |
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> |
3 | 3 |
|
4 |
+2018.04.19 -- Version 2.4.6 |
|
5 |
+David Sommerseth (1): |
|
6 |
+ management: Warn if TCP port is used without password |
|
7 |
+ |
|
8 |
+Gert Doering (2): |
|
9 |
+ Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4 |
|
10 |
+ Fix potential double-free() in Interactive Service (CVE-2018-9336) |
|
11 |
+ |
|
12 |
+Gert van Dijk (1): |
|
13 |
+ manpage: improve description of --status and --status-version |
|
14 |
+ |
|
15 |
+Joost Rijneveld (1): |
|
16 |
+ Make return code external tls key match docs |
|
17 |
+ |
|
18 |
+Selva Nair (3): |
|
19 |
+ Delete the IPv6 route to the "connected" network on tun close |
|
20 |
+ Management: warn about password only when the option is in use |
|
21 |
+ Avoid overflow in wakeup time computation |
|
22 |
+ |
|
23 |
+Simon Matter (1): |
|
24 |
+ Add missing #ifdef SSL_OP_NO_TLSv1_1/2 |
|
25 |
+ |
|
26 |
+Steffan Karger (1): |
|
27 |
+ Check for more data in control channel |
|
28 |
+ |
|
29 |
+ |
|
4 | 30 |
2018.02.28 -- Version 2.4.5 |
5 | 31 |
Antonio Quartulli (4): |
6 | 32 |
reload HTTP proxy credentials when moving to the next connection profile |
... | ... |
@@ -320,6 +320,32 @@ Maintainer-visible changes |
320 | 320 |
use -std=gnu99 in CFLAGS. This is known to be needed when doing |
321 | 321 |
i386/i686 builds on RHEL5. |
322 | 322 |
|
323 |
+Version 2.4.6 |
|
324 |
+============= |
|
325 |
+This is primarily a maintenance release with minor bugfixes and improvements, |
|
326 |
+and one security relevant fix for the Windows Interactive Service. |
|
327 |
+ |
|
328 |
+User visible changes |
|
329 |
+-------------------- |
|
330 |
+- warn if the management interface is configured with a TCP port and |
|
331 |
+ no password is set (because it might be possible to interfere with |
|
332 |
+ OpenVPN operation by tricking other programs into connecting to the |
|
333 |
+ management interface and inject unwanted commands) |
|
334 |
+ |
|
335 |
+Bug fixes |
|
336 |
+--------- |
|
337 |
+- CVE-2018-9336: fix potential double-free() in the Interactive Service |
|
338 |
+ (Windows) on malformed input. |
|
339 |
+ |
|
340 |
+- avoid possible integer overflow in wakeup computation (trac #922) |
|
341 |
+ |
|
342 |
+- improve handling of incoming packet bursts for control channel data |
|
343 |
+ |
|
344 |
+- fix compilation with older OpenSSL versions that were broken in 2.4.5 |
|
345 |
+ |
|
346 |
+- Windows + interactive Service: delete the IPv6 route to the "connected" |
|
347 |
+ network on tun close |
|
348 |
+ |
|
323 | 349 |
|
324 | 350 |
Version 2.4.5 |
325 | 351 |
============= |
... | ... |
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) |
3 | 3 |
define([PRODUCT_TARNAME], [openvpn]) |
4 | 4 |
define([PRODUCT_VERSION_MAJOR], [2]) |
5 | 5 |
define([PRODUCT_VERSION_MINOR], [4]) |
6 |
-define([PRODUCT_VERSION_PATCH], [.5]) |
|
6 |
+define([PRODUCT_VERSION_PATCH], [.6]) |
|
7 | 7 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) |
8 | 8 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) |
9 | 9 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) |
10 | 10 |
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) |
11 |
-define([PRODUCT_VERSION_RESOURCE], [2,4,5,0]) |
|
11 |
+define([PRODUCT_VERSION_RESOURCE], [2,4,6,0]) |
|
12 | 12 |
dnl define the TAP version |
13 | 13 |
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) |
14 | 14 |
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |