Detailed Changelog from our rc9 to rc11-1 in Debian:
[regressionfix] Fixed --lladdr bug introduced in 2.1-rc9 where input validation
code was incorrectly expecting the lladdr parameter to be an IP address when it
is actually a MAC address (HoverHell).
[bugfix] Fixed a bug that can cause SSL/TLS negotiations in UDP mode to fail if
UDP packets are dropped.
[feature] Added "--server-bridge" (without parameters) to enable DHCP proxy
mode: Configure server mode for ethernet bridging using a DHCP-proxy, where
clients talk to the OpenVPN server-side DHCP server to receive their IP address
allocation and DNS server addresses.
[feature] Added "--route-gateway dhcp", to enable the extraction of the gateway
address from a DHCP negotiation with the OpenVPN server-side LAN.
[feature] Warn when ethernet bridging that the IP address of the bridge adapter
is probably not the same address that the LAN adapter was set to previously.
[feature] When running as a server, warn if the LAN network address is the
all-popular 192.168.[0|1].x, since this condition commonly leads to subnet
conflicts down the road.
[bugfix] Primarily on the client, check for subnet conflicts between the local
LAN and the VPN subnet.
[buildfix] Minor fix to cryptoapi.c to not compile itself unless USE_CRYPTO and
USE_SSL flags are enabled (Alon Bar-Lev).
[buildfix] Updated openvpn/t_cltsrv.sh (used by "make check") to conform to new
--script-security rules. Also adds retrying if the addresses are in use
(Matthias Andree).
[buildfix] Fixed build issue with ./configure --disable-socks --disable-http.
[buildfix] Fixed separate compile errors in options.c and ntlm.c that occur on
strict C compilers (such as old versions of gcc) that require that C variable
declarations occur at the start of a {} block, not in the middle.
[bugfix] Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, which the new
implementation of extract_x509_field_ssl depends on.
[bugfix] LZO compression buffer overflow errors will now invalidate the packet
rather than trigger a fatal assertion.
[buildfix] Fixed minor compile issue in ntlm.c (mid-block declaration).
[regressionfix] Added --allow-pull-fqdn option which allows client to pull DNS
names from server (rather than only IP address) for --ifconfig, --route, and
--route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for
these options to be pulled and translated to IP addresses by default. Now
--allow-pull-fqdn will be explicitly required on the client to enable
DNS-name-to-IP-address translation of pulled options.
[regressionfix] 2.1_rc8 and earlier did implicit shell expansion on script
arguments since all scripts were called by system(). The security hardening
changes made to 2.1_rc9 no longer use system(), but rather use the safer execve
or CreateProcess system calls. The security hardening also introduced a
backward incompatibility with 2.1_rc8 and earlier in that script parameters
were no longer shell-expanded
[rfc-conformancefix] Modified ip_or_dns_addr_safe, which validates pulled DNS
names to more closely conform to RFC 3696
[regressionfix] Fixed bug in intra-session TLS key rollover that was introduced
with deferred authentication features in 2.1_rc8.
We would also merge the fix for "exit with 0 status when trying to start
an already running VPN" in our improved initscript.
--
script failed: could not execute external program
https://bugs.launchpad.net/bugs/277447
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
