| September 15, 2008 | ||
|---|---|---|
 |
View 5fc1087
Version 2.1_rc11james authored on 2008/09/15 10:46:29 |
|
| September 10, 2008 | ||
|---|---|---|
|
View 375a373
Version 2.1_rc10james authored on 2008/09/10 16:16:14 |
|
| September 8, 2008 | ||
|---|---|---|
|
View 727cda8
Version 2.1_rc9bjames authored on 2008/09/08 13:00:11 |
|
|
View 1c4af9e
Fixed bug in intra-session TLS key rollover that was introduced with deferred authentication features in 2.1_rc8.james authored on 2008/09/08 12:52:52 |
|
| September 6, 2008 | ||
|---|---|---|
|
View b4b5c31
Modified ip_or_dns_addr_safe, which validates pulled DNS names, to more closely conform to RFC 3696:james authored on 2008/09/06 19:43:31 |
|
|
View b8fb090
2.1_rc8 and earlier did implicit shell expansion on script arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example:james authored on 2008/09/06 18:42:17 |
|
| September 5, 2008 | ||
|---|---|---|
|
View 0a838de
Added --allow-pull-fqdn option which allows client to pull DNS names from server (rather than only IP address) for --ifconfig, --route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options.james authored on 2008/09/05 05:35:09 |
|
| August 11, 2008 | ||
|---|---|---|
|
View 4f23b71
Fixed minor compile issue in ntlm.c (mid-block declaration).james authored on 2008/08/11 22:12:34 |
|
|
View e1cf60c
LZO compression buffer overflow errors will now invalidate the packet rather than trigger a fatal assertion.james authored on 2008/08/11 12:37:40 |
|
|
View c282a2c
Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, which the new implementation of extract_x509_field_ssl depends on.james authored on 2008/08/11 07:37:18 |
|
|
View 6383b36
Fixed build issue with ./configure --disable-socks --disable-http.james authored on 2008/08/11 04:29:00 |
|
|
View cbaf199
Tagged security fix in 2.1-rc9 as CVE-2008-3459.james authored on 2008/08/11 04:05:02 |
|
|
View fd381bc
Updated openvpn/t_cltsrv.sh (used by "make check") to conform to new --script-security rules. Also adds retrying if the addresses are in use (Matthias Andree).james authored on 2008/08/11 03:49:28 |
|
| August 6, 2008 | ||
|---|---|---|
|
View 0eb2ee1
Reverted r3181, accomplish the same thing via a special case for Windows stdcall functions in configure.ac (Alon Bar-Lev).james authored on 2008/08/06 05:34:43 |
|
| August 5, 2008 | ||
|---|---|---|
|
View 96f77a2
Workaround for MinGW autoconf issue where HAVE_SETSOCKOPT, HAVE_GETSOCKOPT, and HAVE_POLL are undefined even though the underlying functions are present.james authored on 2008/08/05 16:52:06 |
|