From 311ea893aa3aba4bb1314e2ce4acbf39a9d3fb57 Mon Sep 17 00:00:00 2001 From: james Date: Thu, 12 Nov 2009 09:30:45 +0000 Subject: Version 2.1_rc21 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5152 e7ae566f-a301-0410-adde-c780ea21d3b5 --- ChangeLog | 16 ++++++++++++++++ install-win32/settings.in | 2 +- version.m4 | 2 +- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2822b5b..b25d9c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,22 @@ OpenVPN Change Log Copyright (C) 2002-2009 OpenVPN Technologies, Inc. +2009.11.12 -- Version 2.1_rc21 + +* Rebuilt OpenVPN Windows installer with OpenSSL 0.9.8l to address + CVE-2009-3555. Note that OpenVPN has never relied on the session + renegotiation capabilities that are built into the SSL/TLS protocol, + therefore the fix in OpenSSL 0.9.8l (disable SSL/TLS renegotiation + completely) will not adversely affect OpenVPN mid-session SSL/TLS + renegotation or any other OpenVPN capabilities. + +* Added additional session renegotiation hardening. OpenVPN has always + required that mid-session renegotiations build up a new SSL/TLS + session from scratch. While the client certificate common name is + already locked against changes in mid-session TLS renegotiations, we + now extend this locking to the auth-user-pass username as well as all + certificate content in the full client certificate chain. + 2009.10.01 -- Version 2.1_rc20 * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the diff --git a/install-win32/settings.in b/install-win32/settings.in index cbfe58d..643ef99 100644 --- a/install-win32/settings.in +++ b/install-win32/settings.in @@ -22,7 +22,7 @@ ;!define OPENVPN_XGUI_DIR "../ovpnxml" # Prebuilt libraries. DMALLOC is optional. -!define OPENSSL_DIR "../openssl-0.9.8k" +!define OPENSSL_DIR "../openssl-0.9.8l" !define LZO_DIR "../lzo-2.02" !define PKCS11_HELPER_DIR "../pkcs11-helper" ;!define DMALLOC_DIR "../dmalloc-5.4.2" diff --git a/version.m4 b/version.m4 index 4e1fd3d..9f61a81 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.1_rc20a]) +define(PRODUCT_VERSION,[2.1_rc21]) dnl define the TAP version define(PRODUCT_TAP_ID,[tap0901]) define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9]) -- cgit v1.2.3