diff options
-rw-r--r-- | ChangeLog | 16 | ||||
-rw-r--r-- | install-win32/settings.in | 2 | ||||
-rw-r--r-- | version.m4 | 2 |
3 files changed, 18 insertions, 2 deletions
@@ -1,6 +1,22 @@ OpenVPN Change Log Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net> +2009.11.12 -- Version 2.1_rc21 + +* Rebuilt OpenVPN Windows installer with OpenSSL 0.9.8l to address + CVE-2009-3555. Note that OpenVPN has never relied on the session + renegotiation capabilities that are built into the SSL/TLS protocol, + therefore the fix in OpenSSL 0.9.8l (disable SSL/TLS renegotiation + completely) will not adversely affect OpenVPN mid-session SSL/TLS + renegotation or any other OpenVPN capabilities. + +* Added additional session renegotiation hardening. OpenVPN has always + required that mid-session renegotiations build up a new SSL/TLS + session from scratch. While the client certificate common name is + already locked against changes in mid-session TLS renegotiations, we + now extend this locking to the auth-user-pass username as well as all + certificate content in the full client certificate chain. + 2009.10.01 -- Version 2.1_rc20 * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the diff --git a/install-win32/settings.in b/install-win32/settings.in index cbfe58d..643ef99 100644 --- a/install-win32/settings.in +++ b/install-win32/settings.in @@ -22,7 +22,7 @@ ;!define OPENVPN_XGUI_DIR "../ovpnxml" # Prebuilt libraries. DMALLOC is optional. -!define OPENSSL_DIR "../openssl-0.9.8k" +!define OPENSSL_DIR "../openssl-0.9.8l" !define LZO_DIR "../lzo-2.02" !define PKCS11_HELPER_DIR "../pkcs11-helper" ;!define DMALLOC_DIR "../dmalloc-5.4.2" @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.1_rc20a]) +define(PRODUCT_VERSION,[2.1_rc21]) dnl define the TAP version define(PRODUCT_TAP_ID,[tap0901]) define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9]) |