It is currently 19.09.2017 11:49


All times are UTC




Post new topic Reply to topic  [ 14 posts ] 
Author Message
 Post subject: Aktuelle OpenVPN Versionen 2.0.9
PostPosted: 18.04.2005 09:20 
Top-Supporter
Top-Supporter
User avatar

Joined: 13.09.2004 08:51
Posts: 1465
Location: Schwobaländle
Wie zu erwarten ist es soweit
Code:
2005.04.17 -- Version 2.0

* Fixed minor options string typo in options.c.

hier geht es zum Download
falls sich jemand für das Change Log interessiert zum Cange Log


Last edited by dabu66 on 03.11.2005 20:08, edited 5 times in total.

Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 07.05.2005 12:43 
Top-Supporter
Top-Supporter
User avatar

Joined: 13.09.2004 08:51
Posts: 1465
Location: Schwobaländle
Es war wohl doch etwas zu früh. Na dafür heisst die neue jetzt 2.0.1-RC1

Code:
2005.04.30 -- Version 2.0.1-rc1

* Fixed bug where certain kinds of fatal errors after
  initialization (such as port in use) would leave plugin
  processes (such as openvpn-auth-pam) still running.
* Added optional openvpn_plugin_abort_v1 plugin function for
  closing initialized plugin objects in the event of a fatal
  error by main OpenVPN process.
* When the --remote list is > 1, and --resolv-retry is not
  specified (meaning that it defaults to "infinite"), apply the
  infinite timeout to the --remote list as a whole, but try each
  list item only once before moving on to the next item.
* Added new --syslog directive which redirects output
  to syslog without requiring the use of the --daemon or --inetd
  directives.
* Added openvpn.spec option to allow RPM to be built with support
  for passwords read from a file:
  rpmbuild -tb [openvpn.x.tar.gz] --define 'with_password_save 1'


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 18.05.2005 06:52 
Top-Supporter
Top-Supporter
User avatar

Joined: 13.09.2004 08:51
Posts: 1465
Location: Schwobaländle
RC-2 ist da der neuen Version
Code:
2005.05.16 -- Version 2.0.1-rc2

* Modified vendor test in openvpn.spec file to match against
  "Mandrakesoft" in addition to "MandrakeSoft".
* Using --iroute in a --client-config-dir file while in --dev tap
  mode is not currently supported and will produce a warning
  message. Fixed bug where in certain cases, in addition to
  generating a warning message, this combination of options
  would also produce a fatal assertion in mroute.c.
* Pass --auth-user-pass username to server-side plugin without
  performing any string remapping (plugins, unlike scripts,
  don't get any security benefit from string remapping).
  This is intended to fix an issue with openvpn-auth-pam/pam_winbind
  where backslash characters in a username ('\') were being remapped
  to underscore ('_').
* Updated OpenSSL DLLs in Windows build to 0.9.7g.
* Documented --explicit-exit-notify in man page.
* --explicit-exit-notify seconds parameter defaults to 1 if
  unspecified.


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 13.06.2005 09:25 
2.0.1-RC3 ist da :) http://openvpn.net/beta/

Code:
2005.05.12 -- Version 2.0.1-rc3

* Fixed a bug which caused standard file handles to not be closed
  after daemonization when --plugin and --daemon are used together,
  and if the plugin initialization function forks (as does auth-pam
  and down-root) (Simon Perreault).
* Added client-side up/down scripts in contrib/pull-resolv-conf
  for accepting server-pushed "dhcp-option DOMAIN" and "dhcp-option DNS"
  on Linux/Unix systems (Jesse Adelman).
* Fixed bug where if client-connect scripts/plugins were cascaded,
  and one (but not all) of them returned an error status, there might
  be cases where for an individual script/plugin, client-connect was
  called but not client-disconnect.  The goal of this fix is to
  ensure that if client-connect is called on a given client instance,
  then client-disconnect will definitely be called.  A potential
  complication of this fix is that when client-connect functions are
  cascaded, it's possible that the client-disconnect function would
  be called in cases where the related client-connect function returned
  an error status.  This fix should not alter OpenVPN behavior when
  scripts/plugins are not cascaded.
* Changed the hard-to-reproduce "Assertion failed at fragment.c:312"
  fatal error to a warning: "FRAG: outgoing buffer is not empty".
  Need more info on how to reproduce this one.
* When --duplicate-cn is used, the --ifconfig-pool allocation
  algorithm will now allocate the first available IP address.
* When --daemon and --management-hold are used together,
  OpenVPN will daemonize before it enters the management hold state.


Top
  
Reply with quote  
 Post subject:
PostPosted: 16.06.2005 19:27 
Top-Supporter
Top-Supporter
User avatar

Joined: 13.09.2004 08:51
Posts: 1465
Location: Schwobaländle
Wie in alten Tagen immer wieder eine neu RC :wink:

Code:
2005.06.xx -- Version 2.0.1-rc4

* Support LZO 2.0, including changes to configure script to
  autodetect LZO version.


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 17.06.2005 17:56 
Keine ZIP oder EXE...? http://openvpn.net/beta/ :(


Top
  
Reply with quote  
 Post subject:
PostPosted: 26.07.2005 14:39 
Top-Supporter
Top-Supporter
User avatar

Joined: 13.09.2004 08:51
Posts: 1465
Location: Schwobaländle
Da ich jetzt aus meinem Urlaub zurück bin muss ich wohl was nachholen 8)

Code:
2005.07.04 -- Version 2.0.1-rc5

* Windows version will log a for-further-info URL when
  initialization sequence is completed with errors.
* Added DLOPEN_PAM parameter to plugin/auth-pam/Makefile
  to control whether auth-pam plugin links to PAM via
  dlopen or -lpam.  By default, DLOPEN_PAM=1 so pre-existing
  behavior should be preserved.  DLOPEN_PAM=0 is the preferred
  setting to link via -lpam, but DLOPEN_PAM=1 works around
  a bug in SuSE 9.1 (and possibly other distros as well)
  where the PAM modules are not linked with -lpam.  See
  thread on openvpn-devel for more discussion about this
  patch (Simon Perreault).

Code:
2005.07.15 -- Version 2.0.1-rc6

* Commented out "user nobody" and "group nobody" in sample
  client/server config files.
* Allow '@' character to be used in --client-config-dir
  file names.

Code:
2005.07.21 -- Version 2.0.1-rc7

* Support LZO 2.01 which renamed its library to lzo2 (Matthias Andree).
* Include linux/types.h before checking for linux/errqueue.h (Matthias
  Andree).


@Martinator: Von jedem ReleaseCanditate sind *zip's da. Zumindestens jetzt :)


Top
Offline Profile  
Reply with quote  
 Post subject: OpenVPN 2.0.1 released mit wichtigen updates
PostPosted: 17.08.2005 16:06 
Top-Supporter
Top-Supporter
User avatar

Joined: 13.09.2004 08:51
Posts: 1465
Location: Schwobaländle
Code:
2005.08.16 -- Version 2.0.1

* Security Fix -- DoS attack against server when run with "verb 0" and
  without "tls-auth".  If a client connection to the server fails
  certificate verification, the OpenSSL error queue is not properly
  flushed, which can result in another unrelated client instance on the
  server seeing the error and responding to it, resulting in disconnection
  of the unrelated client (CAN-2005-2531).
* Security Fix -- DoS attack against server by authenticated client.
  This bug presents a potential DoS attack vector against the server
  which can only be initiated by a connected and authenticated client.
  If the client sends a packet which fails to decrypt on the server,
  the OpenSSL error queue is not properly flushed, which can result in
  another unrelated client instance on the server seeing the error and
  responding to it, resulting in disconnection of the unrelated client
  (CAN-2005-2532).
* Security Fix -- DoS attack against server by authenticated client.
  A malicious client in "dev tap" ethernet bridging mode could
  theoretically flood the server with packets appearing to come from
  hundreds of thousands of different MAC addresses, causing the OpenVPN
  process to deplete system virtual memory as it expands its internal
  routing table.  A --max-routes-per-client directive has been added
  (default=256) to limit the maximum number of routes in OpenVPN's
  internal routing table which can be associated with a given client
  (CAN-2005-2533).
* Security Fix -- DoS attack against server by authenticated client.
  If two or more client machines try to connect to the server at the
  same time via TCP, using the same client certificate, and when
  --duplicate-cn is not enabled on the server, a race condition can
  crash the server with "Assertion failed at mtcp.c:411"
  (CAN-2005-2534).
* Fixed server bug where under certain circumstances, the client instance
  object deletion function would try to delete iroutes which had never been
  added in the first place, triggering "Assertion failed at mroute.c:349".
* Added --auth-retry option to prevent auth errors from being fatal
  on the client side, and to permit username/password requeries in case
  of error.  Also controllable via new "auth-retry" management interface
  command.  See man page for more info.
* Added easy-rsa 2.0 scripts to the tarball in easy-rsa/2.0
* Fixed bug in openvpn.spec where rpmbuild --define 'without_pam 1'
  would fail to build.
* Implement "make check" to perform loopback tests (Matthias Andree).


Top
Offline Profile  
Reply with quote  
 Post subject: Die Entwicklung geht weiter
PostPosted: 24.08.2005 14:13 
Top-Supporter
Top-Supporter
User avatar

Joined: 13.09.2004 08:51
Posts: 1465
Location: Schwobaländle
2005.08.24 -- Version 2.0.2-rc1

* Fixed regression bug in Win32 installer, introduced in 2.0.1,
which incorrectly set OpenVPN service to autostart.
* Don't package source code zip file in Windows installer
in order to reduce the size of the installer. The source
zip file can always be downloaded separately if needed.
* Fixed bug in route.c in FreeBSD, Darwin, OpenBSD and NetBSD
version of get_default_gateway. Allocated socket for route
manipulation is never freed so number of mbufs continuously
grow and exhaust system resources after a while (Jaroslav Klaus).
* Fixed bug where "--proto tcp-server --mode p2p --management
host port" would cause the management port to not respond until
the OpenVPN peer connects.
* Modified pkitool script to be /bin/sh compatible (Johnny Lam).


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 01.09.2005 08:49 
Top-Supporter
Top-Supporter
User avatar

Joined: 13.09.2004 08:51
Posts: 1465
Location: Schwobaländle
Openvpn 2.0.2-rc1 wurde direkt ohne Änderungen zur 2.0.2 released.


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 03.11.2005 08:01 
AES 256 bit
AES 256 bit
User avatar

Joined: 04.06.2004 12:08
Posts: 363
Location: Hannover
WICHTIG: http://www.heise.de/security/news/meldung/65612

Code:
2005.11.02 -- Version 2.0.5

* Fixed bug in Linux get_default_gateway function
  introduced in 2.0.4, which would cause redirect-gateway
  on Linux clients to fail.
* Restored easy-rsa/2.0 tree (backported from 2.1 beta
  series) which accidentally disappeared in
  2.0.2 -> 2.0.4 transition.

2005.11.01 -- Version 2.0.4

* Security fix -- Affects non-Windows OpenVPN clients of
  version 2.0 or higher which connect to a malicious or
  compromised server.  A format string vulnerability
  in the foreign_option function in options.c could
  potentially allow a malicious or compromised server
  to execute arbitrary code on the client.  Only
  non-Windows clients are affected.  The vulnerability
  only exists if (a) the client's TLS negotiation with
  the server succeeds, (b) the server is malicious or
  has been compromised such that it is configured to
  push a maliciously crafted options string to the client,
  and (c) the client indicates its willingness to accept
  pushed options from the server by having "pull" or
  "client" in its configuration file (Credit: Vade79).
  CVE-2005-3393
* Security fix -- Potential DoS vulnerability on the
  server in TCP mode.  If the TCP server accept() call
  returns an error status, the resulting exception handler
  may attempt to indirect through a NULL pointer, causing
  a segfault.  Affects all OpenVPN 2.0 versions.
  CVE-2005-3409
* Fix attempt of assertion at multi.c:1586 (note that
  this precise line number will vary across different
  versions of OpenVPN).
* Added ".PHONY: plugin" to Makefile.am to work around
  "make dist" issue.
* Fixed double fork issue that occurs when --management-hold
  is used.
* Moved TUN/TAP read/write log messages from --verb 8 to 6.
* Warn when multiple clients having the same common name or
  username usurp each other when --duplicate-cn is not used.
* Modified Windows and Linux versions of get_default_gateway
  to return the route with the smallest metric
  if multiple 0.0.0.0/0.0.0.0 entries are present.

2005.09.25 -- Version 2.0.3-rc1   

* openvpn_plugin_abort_v1 function wasn't being properly
  registered on Windows.
* Fixed a bug where --mode server --proto tcp-server --cipher none
  operation could cause tunnel packet truncation.


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 01.05.2006 17:28 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 05.03.2006 15:16
Posts: 962
Location: Nähe Nürnberg
Code:
2006.04.12 -- Version 2.0.7

* Code added in 2.0.6-rc1 to extend byte counters
  to 64 bits caused a bug in the Windows version which has now
  been fixed.  The bug could cause intermittent crashes.

2006.04.05 -- Version 2.0.6

* Security Vulnerability affecting OpenVPN 2.0 through 2.0.5.
  An OpenVPN client connecting to a
  malicious or compromised server could potentially receive
  "setenv" configuration directives from the server which could
  cause arbitrary code execution on the client via a LD_PRELOAD
  attack.  A successful attack appears to require that (a) the
  client has agreed to allow the server to push configurat
  directives to it by including "pull" or the macro "client" in
  its configuration file, (b) the client configuration file uses
  a scripting directive such as "up" or "down", (c) the client
  succesfully authenticates the server, (d) the server is
  malicious or has been compromised and is under the control of
  the attacker, and (e) the attacker has at least some level of
  pre-existing control over files on the client (this might be
  accomplished by having the server respond to a client web
  request with a specially crafted file).  Credit: Hendrik Weimer.
  CVE-2006-1629.
   
  The fix is to disallow "setenv" to be pushed to clients from
  the server.  For those who need this capability, OpenVPN
  2.1 supports a new "setenv-safe" directive which is free
  of this vulnerability.

* When deleting routes under Linux, use the route metric
  as a differentiator to ensure that the route teardown
  process only deletes the identical route which was originally
  added via the "route" directive (Roy Marples).

* Fix the t_cltsrv.sh file in FreeBSD 4 jails
  (Matthias Andree, Dirk Meyer, Vasil Dimov).

* Extended tun device configure code to support ethernet
  bridging on NetBSD (Emmanuel Kasper).

2006.01.03 -- Version 2.0.6-rc1
   
* Fixed bug where "make check" inside a FreeBSD "jail"
  would never complete (Matthias Andree).
* Fixed bug where --server directive in --dev tap mode
  claimed that it would support subnets of /30 or less
  but actually would only accept /29 or less.
* Extend byte counters to 64 bits (M. van Cuijk).
* Fixed bug in acinclude.m4 where capability of compiler
  to handle zero-length arrays in structs is tested
  (David Stipp).
* Fixed typo in manage.c where inline function declaration
  was declared without the "static" keyword (David Stipp).
* Removed redundant base64 code.
* Better sanity checking of --server and --server-bridge
  IP pool ranges, so as not to hit the assertion at
  pool.c:119 (2.0.5).
* Fixed bug where --daemon and --management-query-passwords
  used together would cause OpenVPN to block prior to
  daemonization.
* Fixed client/server race condition which could occur
  when --auth-retry interact is set and the initially
  provided auth-user-pass credentials are incorrect,
  forcing a username/password re-query.
* Fixed bug where if --daemon and --management-hold are
  used together, --user or --group options would be ignored.


:arrow: Hier gehts zum Download

_________________
mein Google+
OpenVPN e.V.
Satzung - Mitglied werden


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 14.09.2006 10:16 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 05.03.2006 15:16
Posts: 962
Location: Nähe Nürnberg
Quote:
2006.09.12 -- Version 2.0.8

* Windows installer updated with OpenSSL 0.9.7k DLLs to fix
RSA Signature Forgery (CVE-2006-4339).
* No changes to OpenVPN source code between 2.0.7 and 2.0.8.


:arrow: Hier gehts zum Download

_________________
mein Google+
OpenVPN e.V.
Satzung - Mitglied werden


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 02.10.2006 06:32 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 05.03.2006 15:16
Posts: 962
Location: Nähe Nürnberg
Quote:
2006.10.01 -- Version 2.0.9

* Windows installer updated with OpenSSL 0.9.7l DLLs to fix
published vulnerabilities.

* Fixed TAP-Win32 bug that caused BSOD on Windows Vista
(Henry Nestler). The TAP-Win32 driver has now been
upgraded to version 8.4.


:arrow: Hier gehts zum Download

_________________
mein Google+
OpenVPN e.V.
Satzung - Mitglied werden


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net