diff options
| author | Bernhard Schmidt <berni@debian.org> | 2020-04-19 15:52:38 +0200 |
|---|---|---|
| committer | Bernhard Schmidt <berni@debian.org> | 2020-04-19 15:52:38 +0200 |
| commit | 7728a9676dc67128c9adf56bc1d31a4e5b815b26 (patch) | |
| tree | ae25e1ac822e848183a4e61eac8d5c53f520f128 /Changes.rst | |
| parent | f90a78a23c77c840b764b0a95732f3ee3738ef99 (diff) | |
| parent | 620785fe268a1221c1ba7a9cb5a70f3140a4f1ca (diff) | |
Update upstream source from tag 'upstream/2.4.9'
Update to upstream version '2.4.9'
with Debian dir b64ac777b141e10bd0a11149a47506fd704401b8
Diffstat (limited to 'Changes.rst')
| -rw-r--r-- | Changes.rst | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/Changes.rst b/Changes.rst index 65d1eb3..fee48e2 100644 --- a/Changes.rst +++ b/Changes.rst @@ -321,6 +321,56 @@ Maintainer-visible changes i386/i686 builds on RHEL5. +Version 2.4.9 +============= +This is primarily a maintenance release with minor bugfixes and improvements. + +New features +------------ +- Allow unicode search string in --cryptoapicert option (Windows) + +User visible changes +-------------------- +- Skip expired certificates in Windows certificate store (Windows) (trac #966) + +- OpenSSL: Fix --crl-verify not loading multiple CRLs in one file (trac #623) + +- When using "--auth-user-pass file" with just a username and no password + in the file, OpenVPN now queries the management interface (if active) + for the credentials. Previously it would query the console for the + password, and fail if no console available (normal case on Windows) + (trac #757) + +- Swap the order of checks for validating interactive service user + (Windows: check config location before querying domain controller for + group membership, which can be slow) + + +Bug fixes +--------- +- fix condition where a client's session could "float" to a new IP address + that is not authorized ("fix illegal client float"). + + This can be used to disrupt service to a freshly connected client (no + session keys negotiated yet). It can not be used to inject or steal + VPN traffic. CVE-2020-11810, trac #1272). + +- fix combination of async push (deferred auth) and NCP (trac #1259) + +- Fix OpenSSL 1.1.1 not using auto elliptic curve selection (trac #1228) + +- Fix OpenSSL error stack handling of tls_ctx_add_extra_certs + +- mbedTLS: Make sure TLS session survives move (trac #880) + +- Fix OpenSSL private key passphrase notices + +- Fix building with --enable-async-push in FreeBSD (trac #1256) + +- Fix broken fragmentation logic when using NCP (trac #1140) + + + Version 2.4.8 ============= This is primarily a maintenance release with minor bugfixes and improvements. |