Detailed changelog:
[regressionfix] Fixed --lladdr bug introduced in 2.1-rc9 where input
validation code was incorrectly expecting the lladdr parameter to be an
IP address when it is actually a MAC address (HoverHell).
[bugfix] Fixed a bug that can cause SSL/TLS negotiations in UDP mode to
fail if UDP packets are dropped.
[feature] Added "--server-bridge" (without parameters) to enable DHCP
proxy mode: Configure server mode for ethernet bridging using a DHCP-
proxy, where clients talk to the OpenVPN server-side DHCP server to
receive their IP address allocation and DNS server addresses.
[feature] Added "--route-gateway dhcp", to enable the extraction of the
gateway address from a DHCP negotiation with the OpenVPN server-side
LAN.
[feature] Warn when ethernet bridging that the IP address of the bridge
adapter is probably not the same address that the LAN adapter was set to
previously.
[feature] When running as a server, warn if the LAN network address is
the all-popular 192.168.[0|1].x, since this condition commonly leads to
subnet conflicts down the road.
[bugfix] Primarily on the client, check for subnet conflicts between the
local LAN and the VPN subnet.
[buildfix] Minor fix to cryptoapi.c to not compile itself unless
USE_CRYPTO and USE_SSL flags are enabled (Alon Bar-Lev).
[buildfix] Updated openvpn/t_cltsrv.sh (used by "make check") to conform
to new --script-security rules. Also adds retrying if the addresses are
in use (Matthias Andree).
[buildfix] Fixed build issue with ./configure --disable-socks --disable-
http.
[buildfix] Fixed separate compile errors in options.c and ntlm.c that
occur on strict C compilers (such as old versions of gcc) that require
that C variable declarations occur at the start of a {} block, not in
the middle.
[bugfix] Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, which the
new implementation of extract_x509_field_ssl depends on.
[bugfix] LZO compression buffer overflow errors will now invalidate the
packet rather than trigger a fatal assertion.
[buildfix] Fixed minor compile issue in ntlm.c (mid-block declaration).
[regressionfix] Added --allow-pull-fqdn option which allows client to
pull DNS names from server (rather than only IP address) for --ifconfig,
--route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier
allowed DNS names for these options to be pulled and translated to IP
addresses by default. Now --allow-pull-fqdn will be explicitly required
on the client to enable DNS-name-to-IP-address translation of pulled
options.
[regressionfix] 2.1_rc8 and earlier did implicit shell expansion on
script arguments since all scripts were called by system(). The security
hardening changes made to 2.1_rc9 no longer use system(), but rather use
the safer execve or CreateProcess system calls. The security hardening
also introduced a backward incompatibility with 2.1_rc8 and earlier in
that script parameters were no longer shell-expanded
[rfc-conformancefix] Modified ip_or_dns_addr_safe, which validates
pulled DNS names to more closely conform to RFC 3696
[regressionfix] Fixed bug in intra-session TLS key rollover that was
introduced with deferred authentication features in 2.1_rc8.
--
[FFe] Merge openvpn 2.1_rc11-1 from Debian
https://bugs.launchpad.net/bugs/279655
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
