summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2017-06-27 13:56:16 +0200
committerJörg Frings-Fürst <debian@jff-webhosting.net>2017-06-27 13:56:16 +0200
commit749384a154025e268b53cf3cc79eaeddde2b3ceb (patch)
tree27baa9e6aec76635d750405d90cd461440a656d1 /ChangeLog
parentdb4f04c584f7d4e828b5d317cf40962b9d854ac5 (diff)
initial stretch branch release 2.4.0-6
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog164
1 files changed, 0 insertions, 164 deletions
diff --git a/ChangeLog b/ChangeLog
index 537beaa..9ecf4f0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,170 +1,6 @@
OpenVPN Change Log
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
-2017.06.21 -- Version 2.4.3
-Antonio Quartulli (1):
- Ignore auth-nocache for auth-user-pass if auth-token is pushed
-
-David Sommerseth (3):
- crypto: Enable SHA256 fingerprint checking in --verify-hash
- copyright: Update GPLv2 license texts
- auth-token with auth-nocache fix broke --disable-crypto builds
-
-Emmanuel Deloget (8):
- OpenSSL: don't use direct access to the internal of X509
- OpenSSL: don't use direct access to the internal of EVP_PKEY
- OpenSSL: don't use direct access to the internal of RSA
- OpenSSL: don't use direct access to the internal of DSA
- OpenSSL: force meth->name as non-const when we free() it
- OpenSSL: don't use direct access to the internal of EVP_MD_CTX
- OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
- OpenSSL: don't use direct access to the internal of HMAC_CTX
-
-Gert Doering (6):
- Fix NCP behaviour on TLS reconnect.
- Remove erroneous limitation on max number of args for --plugin
- Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
- Fix potential 1-byte overread in TCP option parsing.
- Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
- Update Changes.rst with relevant info for 2.4.3 release.
-
-Guido Vranken (6):
- refactor my_strupr
- Fix 2 memory leaks in proxy authentication routine
- Fix memory leak in add_option() for option 'connection'
- Ensure option array p[] is always NULL-terminated
- Fix a null-pointer dereference in establish_http_proxy_passthru()
- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
-
-Jérémie Courrèges-Anglas (2):
- Fix an unaligned access on OpenBSD/sparc64
- Missing include for socket-flags TCP_NODELAY on OpenBSD
-
-Matthias Andree (1):
- Make openvpn-plugin.h self-contained again.
-
-Selva Nair (1):
- Pass correct buffer size to GetModuleFileNameW()
-
-Steffan Karger (11):
- Log the negotiated (NCP) cipher
- Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
- Skip tls-crypt unit tests if required crypto mode not supported
- openssl: fix overflow check for long --tls-cipher option
- Add a DSA test key/cert pair to sample-keys
- Fix mbedtls fingerprint calculation
- mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
- mbedtls: require C-string compatible types for --x509-username-field
- Fix remote-triggerable memory leaks (CVE-2017-7521)
- Restrict --x509-alt-username extension types
- Fix potential double-free in --x509-alt-username (CVE-2017-7521)
-
-Steven McDonald (1):
- Fix gateway detection with OpenBSD routing domains
-
-
-2017.05.11 -- Version 2.4.2
-David Sommerseth (5):
- auth-token: Ensure tokens are always wiped on de-auth
- docs: Fixed man-page warnings discoverd by rpmlint
- Make --cipher/--auth none more explicit on the risks
- plugin: Fix documentation typo for type_mask
- plugin: Export secure_memzero() to plug-ins
-
-Hristo Venev (1):
- Fix extract_x509_field_ssl for external objects, v2
-
-Selva Nair (1):
- In auth-pam plugin clear the password after use
-
-Steffan Karger (10):
- cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
- Don't run packet_id unit tests for --disable-crypto builds
- Fix Changes.rst layout
- Fix memory leak in x509_verify_cert_ku()
- mbedtls: correctly check return value in pkcs11_certificate_dn()
- Restore pre-NCP frame parameters for new sessions
- Always clear username/password from memory on error
- Document tls-crypt security considerations in man page
- Don't assert out on receiving too-large control packets (CVE-2017-7478)
- Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
-
-ValdikSS (1):
- Set a low interface metric for tap adapter when block-outside-dns is in use
-
-2017.03.21 -- Version 2.4.1
-Antonio Quartulli (4):
- attempt to add IPv6 route even when no IPv6 address was configured
- fix redirect-gateway behaviour when an IPv4 default route does not exist
- CRL: use time_t instead of struct timespec to store last mtime
- ignore remote-random-hostname if a numeric host is provided
-
-Christian Hesse (7):
- man: fix formatting for alternative option
- systemd: Use automake tools to install unit files
- systemd: Do not race on RuntimeDirectory
- systemd: Add more security feature for systemd units
- Clean up plugin path handling
- plugin: Remove GNUism in openvpn-plugin.h generation
- fix typo in notification message
-
-David Sommerseth (6):
- management: >REMOTE operation would overwrite ce change indicator
- management: Remove a redundant #ifdef block
- git: Merge .gitignore files into a single file
- systemd: Move the READY=1 signalling to an earlier point
- plugin: Improve the handling of default plug-in directory
- cleanup: Remove faulty env processing functions
-
-Emmanuel Deloget (8):
- OpenSSL: check for the SSL reason, not the full error
- OpenSSL: don't use direct access to the internal of X509_STORE_CTX
- OpenSSL: don't use direct access to the internal of SSL_CTX
- OpenSSL: don't use direct access to the internal of X509_STORE
- OpenSSL: don't use direct access to the internal of X509_OBJECT
- OpenSSL: don't use direct access to the internal of RSA_METHOD
- OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1
- OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit()
-
-Eric Thorpe (1):
- Fix Building Using MSVC
-
-Gert Doering (4):
- Add openssl_compat.h to openvpn_SOURCES
- Fix '--dev null'
- Fix installation of IPv6 host route to VPN server when using iservice.
- Make ENABLE_OCC no longer depend on !ENABLE_SMALL
-
-Gisle Vanem (1):
- Crash in options.c
-
-Ilya Shipitsin (2):
- Resolve several travis-ci issues
- travis-ci: remove unused files
-
-Olivier Wahrenberger (1):
- Fix building with LibreSSL 2.5.1 by cleaning a hack.
-
-Selva Nair (4):
- Fix push options digest update
- Always release dhcp address in close_tun() on Windows.
- Add a check for -Wl, --wrap support in linker
- Fix user's group membership check in interactive service to work with domains
-
-Simon Matter (1):
- Fix segfault when using crypto lib without AES-256-CTR or SHA256
-
-Steffan Karger (8):
- More broadly enforce Allman style and braces-around-conditionals
- Use SHA256 for the internal digest, instead of MD5
- OpenSSL: 1.1 fallout - fix configure on old autoconf
- Fix types in WIN32 socket_listen_accept()
- Remove duplicate X509 env variables
- Fix non-C99-compliant builds: don't use const size_t as array length
- Deprecate --ns-cert-type
- Be less picky about keyUsage extensions
-
-
2016.12.26 -- Version 2.4.0
David Sommerseth (5):
dev-tools: Added script for updating copyright years in files