1 files changed, 0 insertions, 164 deletions
diff --git a/ChangeLog b/ChangeLog
index 537beaa..9ecf4f0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,170 +1,6 @@
 OpenVPN Change Log
 Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
 
-2017.06.21 -- Version 2.4.3
-Antonio Quartulli (1):
-      Ignore auth-nocache for auth-user-pass if auth-token is pushed
-
-David Sommerseth (3):
-      crypto: Enable SHA256 fingerprint checking in --verify-hash
-      copyright: Update GPLv2 license texts
-      auth-token with auth-nocache fix broke --disable-crypto builds
-
-Emmanuel Deloget (8):
-      OpenSSL: don't use direct access to the internal of X509
-      OpenSSL: don't use direct access to the internal of EVP_PKEY
-      OpenSSL: don't use direct access to the internal of RSA
-      OpenSSL: don't use direct access to the internal of DSA
-      OpenSSL: force meth->name as non-const when we free() it
-      OpenSSL: don't use direct access to the internal of EVP_MD_CTX
-      OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
-      OpenSSL: don't use direct access to the internal of HMAC_CTX
-
-Gert Doering (6):
-      Fix NCP behaviour on TLS reconnect.
-      Remove erroneous limitation on max number of args for --plugin
-      Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
-      Fix potential 1-byte overread in TCP option parsing.
-      Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
-      Update Changes.rst with relevant info for 2.4.3 release.
-
-Guido Vranken (6):
-      refactor my_strupr
-      Fix 2 memory leaks in proxy authentication routine
-      Fix memory leak in add_option() for option 'connection'
-      Ensure option array p[] is always NULL-terminated
-      Fix a null-pointer dereference in establish_http_proxy_passthru()
-      Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
-
-Jérémie Courrèges-Anglas (2):
-      Fix an unaligned access on OpenBSD/sparc64
-      Missing include for socket-flags TCP_NODELAY on OpenBSD
-
-Matthias Andree (1):
-      Make openvpn-plugin.h self-contained again.
-
-Selva Nair (1):
-      Pass correct buffer size to GetModuleFileNameW()
-
-Steffan Karger (11):
-      Log the negotiated (NCP) cipher
-      Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
-      Skip tls-crypt unit tests if required crypto mode not supported
-      openssl: fix overflow check for long --tls-cipher option
-      Add a DSA test key/cert pair to sample-keys
-      Fix mbedtls fingerprint calculation
-      mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
-      mbedtls: require C-string compatible types for --x509-username-field
-      Fix remote-triggerable memory leaks (CVE-2017-7521)
-      Restrict --x509-alt-username extension types
-      Fix potential double-free in --x509-alt-username (CVE-2017-7521)
-
-Steven McDonald (1):
-      Fix gateway detection with OpenBSD routing domains
-
-
-2017.05.11 -- Version 2.4.2
-David Sommerseth (5):
-      auth-token: Ensure tokens are always wiped on de-auth
-      docs: Fixed man-page warnings discoverd by rpmlint
-      Make --cipher/--auth none more explicit on the risks
-      plugin: Fix documentation typo for type_mask
-      plugin: Export secure_memzero() to plug-ins
-
-Hristo Venev (1):
-      Fix extract_x509_field_ssl for external objects, v2
-
-Selva Nair (1):
-      In auth-pam plugin clear the password after use
-
-Steffan Karger (10):
-      cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
-      Don't run packet_id unit tests for --disable-crypto builds
-      Fix Changes.rst layout
-      Fix memory leak in x509_verify_cert_ku()
-      mbedtls: correctly check return value in pkcs11_certificate_dn()
-      Restore pre-NCP frame parameters for new sessions
-      Always clear username/password from memory on error
-      Document tls-crypt security considerations in man page
-      Don't assert out on receiving too-large control packets (CVE-2017-7478)
-      Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
-
-ValdikSS (1):
-      Set a low interface metric for tap adapter when block-outside-dns is in use
-
-2017.03.21 -- Version 2.4.1
-Antonio Quartulli (4):
-      attempt to add IPv6 route even when no IPv6 address was configured
-      fix redirect-gateway behaviour when an IPv4 default route does not exist
-      CRL: use time_t instead of struct timespec to store last mtime
-      ignore remote-random-hostname if a numeric host is provided
-
-Christian Hesse (7):
-      man: fix formatting for alternative option
-      systemd: Use automake tools to install unit files
-      systemd: Do not race on RuntimeDirectory
-      systemd: Add more security feature for systemd units
-      Clean up plugin path handling
-      plugin: Remove GNUism in openvpn-plugin.h generation
-      fix typo in notification message
-
-David Sommerseth (6):
-      management: >REMOTE operation would overwrite ce change indicator
-      management: Remove a redundant #ifdef block
-      git: Merge .gitignore files into a single file
-      systemd: Move the READY=1 signalling to an earlier point
-      plugin: Improve the handling of default plug-in directory
-      cleanup: Remove faulty env processing functions
-
-Emmanuel Deloget (8):
-      OpenSSL: check for the SSL reason, not the full error
-      OpenSSL: don't use direct access to the internal of X509_STORE_CTX
-      OpenSSL: don't use direct access to the internal of SSL_CTX
-      OpenSSL: don't use direct access to the internal of X509_STORE
-      OpenSSL: don't use direct access to the internal of X509_OBJECT
-      OpenSSL: don't use direct access to the internal of RSA_METHOD
-      OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1
-      OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit()
-
-Eric Thorpe (1):
-      Fix Building Using MSVC
-
-Gert Doering (4):
-      Add openssl_compat.h to openvpn_SOURCES
-      Fix '--dev null'
-      Fix installation of IPv6 host route to VPN server when using iservice.
-      Make ENABLE_OCC no longer depend on !ENABLE_SMALL
-
-Gisle Vanem (1):
-      Crash in options.c
-
-Ilya Shipitsin (2):
-      Resolve several travis-ci issues
-      travis-ci: remove unused files
-
-Olivier Wahrenberger (1):
-      Fix building with LibreSSL 2.5.1 by cleaning a hack.
-
-Selva Nair (4):
-      Fix push options digest update
-      Always release dhcp address in close_tun() on Windows.
-      Add a check for -Wl, --wrap support in linker
-      Fix user's group membership check in interactive service to work with domains
-
-Simon Matter (1):
-      Fix segfault when using crypto lib without AES-256-CTR or SHA256
-
-Steffan Karger (8):
-      More broadly enforce Allman style and braces-around-conditionals
-      Use SHA256 for the internal digest, instead of MD5
-      OpenSSL: 1.1 fallout - fix configure on old autoconf
-      Fix types in WIN32 socket_listen_accept()
-      Remove duplicate X509 env variables
-      Fix non-C99-compliant builds: don't use const size_t as array length
-      Deprecate --ns-cert-type
-      Be less picky about keyUsage extensions
-
-
 2016.12.26 -- Version 2.4.0
 David Sommerseth (5):
       dev-tools: Added script for updating copyright years in files