mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-19 19:42:30 +02:00
Version 2.1_rc10
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3323 e7ae566f-a301-0410-adde-c780ea21d3b5
This commit is contained in:
james
parent
727cda8f7a
commit
375a373310
93
ChangeLog
93
ChangeLog
@ -3,6 +3,99 @@ Copyright (C) 2002-2008 Telethra, Inc. <sales@openvpn.net>
|
||||
|
||||
$Id$
|
||||
|
||||
2008.09.10 -- Version 2.1_rc10
|
||||
|
||||
* Added "--server-bridge" (without parameters) to enable
|
||||
DHCP proxy mode: Configure server mode for ethernet
|
||||
bridging using a DHCP-proxy, where clients talk to the
|
||||
OpenVPN server-side DHCP server to receive their IP address
|
||||
allocation and DNS server addresses.
|
||||
|
||||
* Added "--route-gateway dhcp", to enable the extraction
|
||||
of the gateway address from a DHCP negotiation with the
|
||||
OpenVPN server-side LAN.
|
||||
|
||||
* Fixed minor issue with --redirect-gateway bypass-dhcp or bypass-dns
|
||||
on Windows. If the bypass IP address is 0.0.0.0 or 255.255.255.255,
|
||||
ignore it.
|
||||
|
||||
* Warn when ethernet bridging that the IP address of the bridge adapter
|
||||
is probably not the same address that the LAN adapter was set to
|
||||
previously.
|
||||
|
||||
* When running as a server, warn if the LAN network address is
|
||||
the all-popular 192.168.[0|1].x, since this condition commonly
|
||||
leads to subnet conflicts down the road.
|
||||
|
||||
* Primarily on the client, check for subnet conflicts between
|
||||
the local LAN and the VPN subnet.
|
||||
|
||||
* Added a 'netmask' parameter to get_default_gateway, to return
|
||||
the netmask of the adapter containing the default gateway.
|
||||
Only implemented on Windows so far. Other platforms will
|
||||
return 255.255.255.0. Currently the netmask information is
|
||||
only used to warn about subnet conflicts.
|
||||
|
||||
* Minor fix to cryptoapi.c to not compile itself unless USE_CRYPTO
|
||||
and USE_SSL flags are enabled (Alon Bar-Lev).
|
||||
|
||||
* Updated openvpn/t_cltsrv.sh (used by "make check") to conform to new
|
||||
--script-security rules. Also adds retrying if the addresses are in
|
||||
use (Matthias Andree).
|
||||
|
||||
* Fixed build issue with ./configure --disable-socks --disable-http.
|
||||
|
||||
* Fixed separate compile errors in options.c and ntlm.c that occur
|
||||
on strict C compilers (such as old versions of gcc) that require
|
||||
that C variable declarations occur at the start of a {} block,
|
||||
not in the middle.
|
||||
|
||||
* Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, which
|
||||
the new implementation of extract_x509_field_ssl depends on.
|
||||
|
||||
* LZO compression buffer overflow errors will now invalidate
|
||||
the packet rather than trigger a fatal assertion.
|
||||
|
||||
* Fixed minor compile issue in ntlm.c (mid-block declaration).
|
||||
|
||||
* Added --allow-pull-fqdn option which allows client to pull DNS names
|
||||
from server (rather than only IP address) for --ifconfig, --route, and
|
||||
--route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names
|
||||
for these options to be pulled and translated to IP addresses by default.
|
||||
Now --allow-pull-fqdn will be explicitly required on the client to enable
|
||||
DNS-name-to-IP-address translation of pulled options.
|
||||
|
||||
* 2.1_rc8 and earlier did implicit shell expansion on script
|
||||
arguments since all scripts were called by system().
|
||||
The security hardening changes made to 2.1_rc9 no longer
|
||||
use system(), but rather use the safer execve or CreateProcess
|
||||
system calls. The security hardening also introduced a
|
||||
backward incompatibility with 2.1_rc8 and earlier in that
|
||||
script parameters were no longer shell-expanded, so
|
||||
for example:
|
||||
|
||||
client-connect "docc CLIENT-CONNECT"
|
||||
|
||||
would fail to work because execve would try to execute
|
||||
a script called "docc CLIENT-CONNECT" instead of "docc"
|
||||
with "CLIENT-CONNECT" as the first argument.
|
||||
|
||||
This patch fixes the issue, bringing the script argument
|
||||
semantics back to pre 2.1_rc9 behavior in order to preserve
|
||||
backward compatibility while still using execve or CreateProcess
|
||||
to execute the script/executable.
|
||||
|
||||
* Modified ip_or_dns_addr_safe, which validates pulled DNS names,
|
||||
to more closely conform to RFC 3696:
|
||||
|
||||
(1) DNS name length must not exceed 255 characters
|
||||
|
||||
(2) DNS name characters must be limited to alphanumeric,
|
||||
dash ('-'), and dot ('.')
|
||||
|
||||
* Fixed bug in intra-session TLS key rollover that was introduced with
|
||||
deferred authentication features in 2.1_rc8.
|
||||
|
||||
2008.07.31 -- Version 2.1_rc9
|
||||
|
||||
* Security Fix -- affects non-Windows OpenVPN clients running
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
dnl define the OpenVPN version
|
||||
define(PRODUCT_VERSION,[2.1_rc9b])
|
||||
define(PRODUCT_VERSION,[2.1_rc10])
|
||||
dnl define the TAP version
|
||||
define(PRODUCT_TAP_ID,[tap0901])
|
||||
define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])
|
||||
|
||||
Loading…
Reference in New Issue
Block a user