Preparing release 2.5.3

version.m4, ChangeLog, Changes.rst Signed-off-by: Gert Doering <[email protected]>
Knudn · Jun 17, 2021 · ecaf88f · ecaf88f
1 parent 92535b6
commit ecaf88f
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,6 +1,37 @@
 OpenVPN Change Log
 Copyright (C) 2002-2021 OpenVPN Inc <[email protected]>
 
+2021.06.17 -- Version 2.5.3
+
+Arne Schwabe (3):
+      Add missing free_key_ctx for auth_token
+      Add github actions
+      Implement auth-token-user
+
+David Sommerseth (1):
+      Update copyrights
+
+Lev Stipakov (8):
+      openvpnmsica: properly schedule reboot in the end of installation
+      msvc: add ARM64 configuration
+      msvc: standalone building
+      contrib/vcpkg-ports: add pkcs11-helper port
+      vcpkg-ports: restore trailing whitespaces in .patch files
+      GitHub actions: add MSVC build
+      crypto_openssl.c: disable explicit initialization on Windows (CVE-2121-3606)
+      contrib/vcpkg-ports: add openssl port with --no-autoload-config option set (CVE-2121-3606)
+
+Matthias Andree (1):
+      Fix SIGSEGV (NULL deref) receiving push "echo"
+
+Max Fillinger (1):
+      Fix build with mbedtls w/o SSL renegotiation support
+
+Selva Nair (2):
+      Improve documentation of AUTH_PENDING related directives
+      Apply the connect-retry backoff to only one side of a connection
+
+
 2021.04.20 -- Version 2.5.2
 
 Arne Schwabe (10):

diff --git a/Changes.rst b/Changes.rst
@@ -1,3 +1,42 @@
+Overview of changes in 2.5.3
+============================
+Bugfixes
+--------
+- CVE-2121-3606
+  see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
+
+  OpenVPN windows builds could possibly load OpenSSL Config files from
+  world writeable locations, thus posing a security risk to OpenVPN.
+
+  As a fix, disable OpenSSL config loading completely on Windows.
+
+- disable connect-retry backoff for p2p (--secret) instances
+  (Trac #1010, #1384)
+
+- fix build with mbedtls w/o SSL renegotiation support
+
+- Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409)
+
+- MSI installers: properly schedule reboot in the end of installation
+
+- fix small memory leak in free_key_ctx for auth_token
+
+
+User-visible Changes
+--------------------
+- update copyright messages in files and --version output
+
+New features
+------------
+- add --auth-token-user option (for --auth-token deployments without
+  --auth-user-pass in client config)
+
+- improve MSVC building for Windows
+
+- official MSI installers will now contain arm64 drivers and binaries
+  (x86, amd64, arm64)
+
+
 Overview of changes in 2.5.2
 ============================
 

diff --git a/version.m4 b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [5])
-define([PRODUCT_VERSION_PATCH], [.2])
+define([PRODUCT_VERSION_PATCH], [.3])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [[email protected]])
-define([PRODUCT_VERSION_RESOURCE], [2,5,2,0])
+define([PRODUCT_VERSION_RESOURCE], [2,5,3,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])