| 4 | |
| 5 | == OpenVPN 2.4.3 == |
| 6 | |
| 7 | {{{ |
| 8 | Antonio Quartulli (1): |
| 9 | Ignore auth-nocache for auth-user-pass if auth-token is pushed |
| 10 | |
| 11 | David Sommerseth (3): |
| 12 | crypto: Enable SHA256 fingerprint checking in --verify-hash |
| 13 | copyright: Update GPLv2 license texts |
| 14 | auth-token with auth-nocache fix broke --disable-crypto builds |
| 15 | |
| 16 | Emmanuel Deloget (8): |
| 17 | OpenSSL: don't use direct access to the internal of X509 |
| 18 | OpenSSL: don't use direct access to the internal of EVP_PKEY |
| 19 | OpenSSL: don't use direct access to the internal of RSA |
| 20 | OpenSSL: don't use direct access to the internal of DSA |
| 21 | OpenSSL: force meth->name as non-const when we free() it |
| 22 | OpenSSL: don't use direct access to the internal of EVP_MD_CTX |
| 23 | OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX |
| 24 | OpenSSL: don't use direct access to the internal of HMAC_CTX |
| 25 | |
| 26 | Gert Doering (6): |
| 27 | Fix NCP behaviour on TLS reconnect. |
| 28 | Remove erroneous limitation on max number of args for --plugin |
| 29 | Fix edge case with clients failing to set up cipher on empty PUSH_REPLY. |
| 30 | Fix potential 1-byte overread in TCP option parsing. |
| 31 | Fix remotely-triggerable ASSERT() on malformed IPv6 packet. |
| 32 | Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst) |
| 33 | |
| 34 | Guido Vranken (6): |
| 35 | refactor my_strupr |
| 36 | Fix 2 memory leaks in proxy authentication routine |
| 37 | Fix memory leak in add_option() for option 'connection' |
| 38 | Ensure option array p[] is always NULL-terminated |
| 39 | Fix a null-pointer dereference in establish_http_proxy_passthru() |
| 40 | Prevent two kinds of stack buffer OOB reads and a crash for invalid input data |
| 41 | |
| 42 | Jérémie Courrèges-Anglas (2): |
| 43 | Fix an unaligned access on OpenBSD/sparc64 |
| 44 | Missing include for socket-flags TCP_NODELAY on OpenBSD |
| 45 | |
| 46 | Matthias Andree (1): |
| 47 | Make openvpn-plugin.h self-contained again. |
| 48 | |
| 49 | Selva Nair (1): |
| 50 | Pass correct buffer size to GetModuleFileNameW() |
| 51 | |
| 52 | Steffan Karger (11): |
| 53 | Log the negotiated (NCP) cipher |
| 54 | Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c) |
| 55 | Skip tls-crypt unit tests if required crypto mode not supported |
| 56 | openssl: fix overflow check for long --tls-cipher option |
| 57 | Add a DSA test key/cert pair to sample-keys |
| 58 | Fix mbedtls fingerprint calculation |
| 59 | mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522) |
| 60 | mbedtls: require C-string compatible types for --x509-username-field |
| 61 | Fix remote-triggerable memory leaks (CVE-2017-7521) |
| 62 | Restrict --x509-alt-username extension types |
| 63 | Fix potential double-free in --x509-alt-username (CVE-2017-7521) |
| 64 | |
| 65 | Steven McDonald (1): |
| 66 | Fix gateway detection with OpenBSD routing domains |
| 67 | }}} |