Hi, On Mon, Jun 19, 2017 at 04:37:29PM +0200, Javier Santos wrote: > By the way, the one that Samuli created, 2.4.2-jessie0.deb for Debian Jessie, > includes new functionality, is that correct?
From a quick glance, mostly bugfixes or featurettes ("make things work
more like they were originally intended to").
But the list is surprisingly long...
$ git shortlog v2.4.0..v2.4.2
Antonio Quartulli (4):
attempt to add IPv6 route even when no IPv6 address was configured
fix redirect-gateway behaviour when an IPv4 default route does not exist
CRL: use time_t instead of struct timespec to store last mtime
ignore remote-random-hostname if a numeric host is provided
Christian Hesse (7):
man: fix formatting for alternative option
systemd: Use automake tools to install unit files
systemd: Do not race on RuntimeDirectory
systemd: Add more security feature for systemd units
Clean up plugin path handling
plugin: Remove GNUism in openvpn-plugin.h generation
fix typo in notification message
David Sommerseth (12):
management: >REMOTE operation would overwrite ce change indicator
management: Remove a redundant #ifdef block
git: Merge .gitignore files into a single file
systemd: Move the READY=1 signalling to an earlier point
plugin: Improve the handling of default plug-in directory
cleanup: Remove faulty env processing functions
auth-token: Ensure tokens are always wiped on de-auth
docs: Fixed man-page warnings discoverd by rpmlint
Make --cipher/--auth none more explicit on the risks
plugin: Fix documentation typo for type_mask
plugin: Export secure_memzero() to plug-ins
Preparing v2.4.2 release
Emmanuel Deloget (8):
OpenSSL: check for the SSL reason, not the full error
OpenSSL: don't use direct access to the internal of X509_STORE_CTX
OpenSSL: don't use direct access to the internal of SSL_CTX
OpenSSL: don't use direct access to the internal of X509_STORE
OpenSSL: don't use direct access to the internal of X509_OBJECT
OpenSSL: don't use direct access to the internal of RSA_METHOD
OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1
OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit()
Eric Thorpe (1):
Fix Building Using MSVC
Gert Doering (5):
Add openssl_compat.h to openvpn_SOURCES
Fix '--dev null'
Fix installation of IPv6 host route to VPN server when using iservice.
Make ENABLE_OCC no longer depend on !ENABLE_SMALL
Preparing for release v2.4.1 (ChangeLog, version.m4)
Gisle Vanem (1):
Crash in options.c
Hristo Venev (1):
Fix extract_x509_field_ssl for external objects, v2
Ilya Shipitsin (2):
Resolve several travis-ci issues
travis-ci: remove unused files
Olivier Wahrenberger (1):
Fix building with LibreSSL 2.5.1 by cleaning a hack.
Selva Nair (5):
Fix push options digest update
Always release dhcp address in close_tun() on Windows.
Add a check for -Wl, --wrap support in linker
Fix user's group membership check in interactive service to work with
domains
In auth-pam plugin clear the password after use
Simon Matter (1):
Fix segfault when using crypto lib without AES-256-CTR or SHA256
Steffan Karger (18):
More broadly enforce Allman style and braces-around-conditionals
Use SHA256 for the internal digest, instead of MD5
OpenSSL: 1.1 fallout - fix configure on old autoconf
Fix types in WIN32 socket_listen_accept()
Remove duplicate X509 env variables
Fix non-C99-compliant builds: don't use const size_t as array length
Deprecate --ns-cert-type
Be less picky about keyUsage extensions
cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
Don't run packet_id unit tests for --disable-crypto builds
Fix Changes.rst layout
Fix memory leak in x509_verify_cert_ku()
mbedtls: correctly check return value in pkcs11_certificate_dn()
Restore pre-NCP frame parameters for new sessions
Always clear username/password from memory on error
Document tls-crypt security considerations in man page
Don't assert out on receiving too-large control packets (CVE-2017-7478)
Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
ValdikSS (1):
Set a low interface metric for tap adapter when block-outside-dns is in
use
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
