| September 6, 2008 | ||
|---|---|---|
 |
View b8fb090
2.1_rc8 and earlier did implicit shell expansion on script arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example:james authored on 2008/09/06 18:42:17 |
|
| July 27, 2008 | ||
|---|---|---|
|
View 70899be
Added a warning message when passwords are cached in memory.james authored on 2008/07/27 09:43:49 |
|
|
View b4073a7
Perform additional input validation on options pulled by client from server. Fixes --iproute vulnerability.james authored on 2008/07/27 08:08:29 |
|
| July 26, 2008 | ||
|---|---|---|
|
View 5a2e9a2
Completely revamped the system for calling external programs and scripts:james authored on 2008/07/26 16:27:03 |
|
| July 19, 2008 | ||
|---|---|---|
|
View d1dcc3e
Added a warning when plugins are specified without an absolute pathname.james authored on 2008/07/19 08:49:50 |
|
| July 18, 2008 | ||
|---|---|---|
|
View ddad0a8
gen_path will no longer silently truncate the generated filename at 256 bytes.james authored on 2008/07/18 09:55:59 |
|
|
View 222f084
Modified create_temp_filename to create unpredictable filenames.james authored on 2008/07/18 09:32:40 |
|
|
View 093e7eb
Previously, OpenVPN might log a client's auth-user-pass password if the verbosity was set to a high debug level such as 7 or higher. Normally this would only be used by developers. Now, even at high debug levels, the password will not be output.james authored on 2008/07/18 08:31:16 |
|
|
View 73b7e69
gen_path now rejects filenames that match Windows device names such as CON, NUL, LPT1, etc.james authored on 2008/07/18 07:41:15 |
|
| July 15, 2008 | ||
|---|---|---|
|
View 1c0cc4a
Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james authored on 2008/07/15 03:59:09 |
|
| June 12, 2008 | ||
|---|---|---|
|
View eca8691
Updated copyright notice to 2008.james authored on 2008/06/12 06:59:26 |
|
| June 11, 2008 | ||
|---|---|---|
|
View 4e9a51d
Merged connection profiles from http://svn.openvpn.net/projects/openvpn/test/connjames authored on 2008/06/11 19:48:50 |
|
| May 25, 2008 | ||
|---|---|---|
|
View 344ee91
Support asynchronous/deferred authentication in OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler.james authored on 2008/05/25 08:26:11 |
|
| May 13, 2008 | ||
|---|---|---|
|
View 1bda73a
Moved branch into official BETA21 position.james authored on 2008/05/13 05:31:43 |
|
| January 22, 2008 | ||
|---|---|---|
|
View 0aee9ca
Allow OpenVPN to run completely unprivileged under Linux by allowing openvpn --mktun to be used with --user and --group to set the UID/GID of the tun device node. Also added --iproute option to allow an alternative command to be executed in place of the default iproute2 command (Alon Bar-Lev).james authored on 2008/01/22 04:34:13 |
|