Browse code
Preparing release 2.5.10
version.m4, ChangeLog, Changes.rst
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Gert Doering authored on 2024/03/22 02:03:36Showing 3 changed files
| ... | ... |
@@ -1,6 +1,20 @@ |
| 1 | 1 |
OpenVPN Change Log |
| 2 | 2 |
Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net> |
| 3 | 3 |
|
| 4 |
+2024.03.21 -- Version 2.5.10 |
|
| 5 |
+ |
|
| 6 |
+Arne Schwabe (1): |
|
| 7 |
+ Add Apache2 linking with for new commits |
|
| 8 |
+ |
|
| 9 |
+George Pchelkin (1): |
|
| 10 |
+ fix typo: dhcp-options to dhcp-option in vpn-network-options.rst |
|
| 11 |
+ |
|
| 12 |
+Lev Stipakov (3): |
|
| 13 |
+ win32: Enforce loading of plugins from a trusted directory |
|
| 14 |
+ interactive.c: disable remote access to the service pipe |
|
| 15 |
+ interactive.c: Fix potential stack overflow issue |
|
| 16 |
+ |
|
| 17 |
+ |
|
| 4 | 18 |
2023.02.14 -- Version 2.5.9 |
| 5 | 19 |
|
| 6 | 20 |
Arne Schwabe (6): |
| ... | ... |
@@ -1,3 +1,31 @@ |
| 1 |
+Overview of changes in 2.5.10 |
|
| 2 |
+============================= |
|
| 3 |
+Security fixes |
|
| 4 |
+-------------- |
|
| 5 |
+- CVE-2024-27459: Windows: fix a possible stack overflow in the |
|
| 6 |
+ interactive service component which might lead to a local privilege |
|
| 7 |
+ escalation. |
|
| 8 |
+ Reported-by: Vladimir Tokarev <vtokarev@microsoft.com> |
|
| 9 |
+ |
|
| 10 |
+- CVE-2024-24974: Windows: disallow access to the interactive service |
|
| 11 |
+ pipe from remote computers. |
|
| 12 |
+ Reported-by: Vladimir Tokarev <vtokarev@microsoft.com> |
|
| 13 |
+ |
|
| 14 |
+- CVE-2024-27903: Windows: disallow loading of plugins from untrusted |
|
| 15 |
+ installation paths, which could be used to attack openvpn.exe via |
|
| 16 |
+ a malicious plugin. Plugins can now only be loaded from the OpenVPN |
|
| 17 |
+ install directory, the Windows system directory, and possibly from |
|
| 18 |
+ a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir. |
|
| 19 |
+ Reported-by: Vladimir Tokarev <vtokarev@microsoft.com> |
|
| 20 |
+ |
|
| 21 |
+User visible changes |
|
| 22 |
+-------------------- |
|
| 23 |
+- License amendment: all NEW commits fall under a modified license that |
|
| 24 |
+ explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL) - |
|
| 25 |
+ see COPYING for details. Existing code in the release/2.5 branch |
|
| 26 |
+ will not been relicensed (only in release/2.6 and later branches). |
|
| 27 |
+ |
|
| 28 |
+ |
|
| 1 | 29 |
Overview of changes in 2.5.9 |
| 2 | 30 |
============================ |
| 3 | 31 |
|
| ... | ... |
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN]) |
| 3 | 3 |
define([PRODUCT_TARNAME], [openvpn]) |
| 4 | 4 |
define([PRODUCT_VERSION_MAJOR], [2]) |
| 5 | 5 |
define([PRODUCT_VERSION_MINOR], [5]) |
| 6 |
-define([PRODUCT_VERSION_PATCH], [.9]) |
|
| 6 |
+define([PRODUCT_VERSION_PATCH], [.10]) |
|
| 7 | 7 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR]) |
| 8 | 8 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]]) |
| 9 | 9 |
m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]]) |
| 10 | 10 |
define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) |
| 11 |
-define([PRODUCT_VERSION_RESOURCE], [2,5,9,0]) |
|
| 11 |
+define([PRODUCT_VERSION_RESOURCE], [2,5,10,0]) |
|
| 12 | 12 |
dnl define the TAP version |
| 13 | 13 |
define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) |
| 14 | 14 |
define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |