Preparing release v2.4.11 (ChangeLog, version.m4, Changes.rst)

Signed-off-by: Gert Doering <[email protected]>
Knudn · Apr 20, 2021 · 0927346 · 0927346
1 parent 0e5516a
commit 0927346
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,6 +1,23 @@
 OpenVPN Change Log
 Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
 
+2021.04.20 -- Version 2.4.11
+
+Arne Schwabe (1):
+      Ensure key state is authenticated before sending push reply
+
+Gert Doering (2):
+      clean up / rewrite sample-plugins/defer/simple.c
+      Fix potential NULL ptr crash if compiled with DMALLOC
+
+Greg Cox (5):
+      Fix naming error in sample-plugins/defer/simple.c
+      Documentation fixes around openvpn_plugin_func_v3 in openvpn-plugin.h.in
+      Update openvpn_plugin_func_v2 to _v3 in sample-plugins/defer/simple.c
+      More explicit versioning compatibility in sample-plugins/defer/simple.c
+      Explain structver usage in sample defer plugin.
+
+
 2020.12.09 -- Version 2.4.10
 
 Antonio Quartulli (1):

diff --git a/Changes.rst b/Changes.rst
@@ -321,6 +321,31 @@ Maintainer-visible changes
   i386/i686 builds on RHEL5.
 
 
+Version 2.4.11
+=============
+This is primarily a maintenance release with minor bugfixes and improvements.
+
+Bug fixes
+---------
+- CVE-2020-15078
+  see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
+
+  This bug allows - under very specific circumstances - to trick a
+  server using delayed authentication (plugin or management) into
+  returning a PUSH_REPLY before the AUTH_FAILED message, which can
+  possibly be used to gather information about a VPN setup.
+
+  In combination with "--auth-gen-token" or an user-specific token auth
+  solution it can be possible to get access to a VPN with an
+  otherwise-invalid account.
+
+- Fix potential NULL ptr crash if compiled with DMALLOC
+
+Enhancements
+------------
+ - multiple patches to improve "sample defer plugin" + documentation
+
+
 Version 2.4.10
 =============
 This is primarily a maintenance release with minor bugfixes and improvements.

diff --git a/version.m4 b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [4])
-define([PRODUCT_VERSION_PATCH], [.10])
+define([PRODUCT_VERSION_PATCH], [.11])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [[email protected]])
-define([PRODUCT_VERSION_RESOURCE], [2,4,10,0])
+define([PRODUCT_VERSION_RESOURCE], [2,4,11,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])