OpenVPN 2.4.4
OpenVPN е изцяло безвъзмезден програмен продукт, план с отворен код, основан на опциите на семейството протоколи SSL – стратегия за основаване на виртуални частни мрежи (VPN). В OpenVPN се употребяват общоприети механизми SSL/TLS за автентификация и криптиране на връзката, които са постоянни, необятно публикувани и надеждни. Предимството му по отношение на IPSec се крие в неговото доста по-лесно имплементиране в разнообразни операционни системи, а по отношение на PPTP – в по-добрата отбрана. OpenVPN може да се конфигурира в потребителски или сървърен режим под Linux/Unix/Windows/Mac. Лиценз: Безплатен (GPL) .
Промени в OpenVPN 2.4.4:
Antonio Quartulli (23):
crypto: correct typ0 in error message
use M_ERRNO instead of explicitly printing errno
don’t print errno twice
ntlm: avoid useless cast
ntlm: unwrap multiple function calls
route: improve error message
management: preserve wait_for_push field when asking for user/pass
tls-crypt: avoid warnings when –disable-crypto is used
ntlm: convert binary buffers to uint8_t *
ntlm: restyle compressed multiple function calls
ntlm: improve code style and readability
OpenSSL: remove unreachable call to SSL_CTX_get0_privatekey()
make function declarations C99 compliant
remove unused functions
use NULL instead of 0 when assigning pointers
add missing static attribute to functions
ntlm: avoid breaking anti-aliasing rules
remove the –disable-multi config switch
rename mroute_extract_addr_ipv4 to mroute_extract_addr_ip
route: avoid definition of unused variables in certain configurations
fix a couple of typ0s in comments and strings
fragment.c: simplify boolean expression
tcp-server: ensure AF family is propagated to child context
Arne Schwabe (2):
Set tls-cipher restriction before loading certificates
Print ec bit details, refuse management-external-key if key is not RSA
Conrad Hoffmann (2):
Use provided env vars in up/down script.
Document down-root plugin usage in client.down
David Sommerseth (12):
doc: The CRL processing is not a deprecated feature
cleanup: Move write_pid() to where it is being used
contrib: Remove keychain-mcd code
cleanup: Move init_random_seed() to where it is being used
sample-plugins: fix ASN1_STRING_to_UTF8 return value checks
Highlight deprecated features
Use consistent version references
docs: Replace all PolarSSL references to mbed TLS
systemd: Ensure systemd shuts down OpenVPN in a proper way
systemd: Enable systemd’s auto-restart feature for server profiles
lz4: Move towards a newer LZ4 API
Prepare the release of OpenVPN 2.4.4
Emmanuel Deloget (3):
OpenSSL: remove pre-1.1 function from the OpenSSL compat interface
OpenSSL: remove EVP_CIPHER_CTX_new() from the compat layer
OpenSSL: remove EVP_CIPHER_CTX_free() from the compat layer
Gert van Dijk (1):
Warn that DH config option is only meaningful in a tls-server context
Ilya Shipitsin (3):
travis-ci: add 3 missing patches from master to release/2.4
travis-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1
travis-ci: update pkcs11-helper to 1.22
Richard Bonhomme (1):
man: Corrections to doc/openvpn.8
Steffan Karger (17):
Fix typo in extract_x509_extension() debug message
Move adjust_power_of_2() to integer.h
Undo cipher push in client options state if cipher is rejected
Remove strerror_ts()
Move openvpn_sleep() to manage.c
fixup: also change missed openvpn_sleep() occurrences
Always use default keysize for NCP’d ciphers
Move create_temp_file() out of #ifdef ENABLE_CRYPTO
Deprecate –keysize
Deprecate –no-replay
Move run_up_down() to init.c
tls-crypt: introduce tls_crypt_kt()
crypto: create function to initialize encrypt and decrypt key
Add coverity static analysis to Travis CI config
tls-crypt: don’t leak memory for incorrect tls-crypt messages
travis: reorder matrix to speed up build
Fix bounds check in read_key()
Szilárd Pfeiffer (1):
OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag
Thomas Veerman via Openvpn-devel (1):
Fix socks_proxy_port pointing to invalid data
OpenVPN 2.4.3
Antonio Quartulli (1):
Ignore auth-nocache for auth-user-pass if auth-token is pushed
David Sommerseth (3):
crypto: Enable SHA256 fingerprint checking in –verify-hash
copyright: Update GPLv2 license texts
auth-token with auth-nocache fix broke –disable-crypto builds
Emmanuel Deloget (8):
OpenSSL: don’t use direct access to the internal of X509
OpenSSL: don’t use direct access to the internal of EVP_PKEY
OpenSSL: don’t use direct access to the internal of RSA
OpenSSL: don’t use direct access to the internal of DSA
OpenSSL: force meth->name as non-const when we free() it
OpenSSL: don’t use direct access to the internal of EVP_MD_CTX
OpenSSL: don’t use direct access to the internal of EVP_CIPHER_CTX
OpenSSL: don’t use direct access to the internal of HMAC_CTX
Gert Doering (6):
Fix NCP behaviour on TLS reconnect.
Remove erroneous limitation on max number of args for –plugin
Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
Fix potential 1-byte overread in TCP option parsing.
Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
Guido Vranken (6):
refactor my_strupr
Fix 2 memory leaks in proxy authentication routine
Fix memory leak in add_option() for option ‘connection’
Ensure option array p[] is always NULL-terminated
Fix a null-pointer dereference in establish_http_proxy_passthru()
Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
Jérémie Courrèges-Anglas (2):
Fix an unaligned access on OpenBSD/sparc64
Missing include for socket-flags TCP_NODELAY on OpenBSD
Matthias Andree (1):
Make openvpn-plugin.h self-contained again.
Selva Nair (1):
Pass correct buffer size to GetModuleFileNameW()
Steffan Karger (11):
Log the negotiated (NCP) cipher
Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
Skip tls-crypt unit tests if required crypto mode not supported
openssl: fix overflow check for long –tls-cipher option
Add a DSA test key/cert pair to sample-keys
Fix mbedtls fingerprint calculation
mbedtls: fix –x509-track post-authentication remote DoS (CVE-2017-7522)
mbedtls: require C-string compatible types for –x509-username-field
Fix remote-triggerable memory leaks (CVE-2017-7521)
Restrict –x509-alt-username extension types
Fix potential double-free in –x509-alt-username (CVE-2017-7521)
Steven McDonald (1):
Fix gateway detection with OpenBSD routing domains
#td_uid_40_59caaecb53634.td-doubleSlider-2.td-item1{background:url(https://www.kaldata.com/wp-content/uploads/2014/05/OpenVPN1-80x60.jpg) 0 0 no-repeat}#td_uid_40_59caaecb53634.td-doubleSlider-2.td-item2{background:url(https://www.kaldata.com/wp-content/uploads/2014/05/OpenVPN2-80x60.jpg) 0 0 no-repeat}#td_uid_40_59caaecb53634.td-doubleSlider-2.td-item3{background:url(https://www.kaldata.com/wp-content/uploads/2014/05/OpenVPN2-80x60.png) 0 0 no-repeat}Екрани1 от 3
Официална страница
Изтегли: OpenVPN 2.4.4 за Windows x86 (3.31 MB)
Изтегли: OpenVPN 2.4.4 за Linux и MAC
Промени в OpenVPN 2.4.4:
Antonio Quartulli (23):
crypto: correct typ0 in error message
use M_ERRNO instead of explicitly printing errno
don’t print errno twice
ntlm: avoid useless cast
ntlm: unwrap multiple function calls
route: improve error message
management: preserve wait_for_push field when asking for user/pass
tls-crypt: avoid warnings when –disable-crypto is used
ntlm: convert binary buffers to uint8_t *
ntlm: restyle compressed multiple function calls
ntlm: improve code style and readability
OpenSSL: remove unreachable call to SSL_CTX_get0_privatekey()
make function declarations C99 compliant
remove unused functions
use NULL instead of 0 when assigning pointers
add missing static attribute to functions
ntlm: avoid breaking anti-aliasing rules
remove the –disable-multi config switch
rename mroute_extract_addr_ipv4 to mroute_extract_addr_ip
route: avoid definition of unused variables in certain configurations
fix a couple of typ0s in comments and strings
fragment.c: simplify boolean expression
tcp-server: ensure AF family is propagated to child context
Arne Schwabe (2):
Set tls-cipher restriction before loading certificates
Print ec bit details, refuse management-external-key if key is not RSA
Conrad Hoffmann (2):
Use provided env vars in up/down script.
Document down-root plugin usage in client.down
David Sommerseth (12):
doc: The CRL processing is not a deprecated feature
cleanup: Move write_pid() to where it is being used
contrib: Remove keychain-mcd code
cleanup: Move init_random_seed() to where it is being used
sample-plugins: fix ASN1_STRING_to_UTF8 return value checks
Highlight deprecated features
Use consistent version references
docs: Replace all PolarSSL references to mbed TLS
systemd: Ensure systemd shuts down OpenVPN in a proper way
systemd: Enable systemd’s auto-restart feature for server profiles
lz4: Move towards a newer LZ4 API
Prepare the release of OpenVPN 2.4.4
Emmanuel Deloget (3):
OpenSSL: remove pre-1.1 function from the OpenSSL compat interface
OpenSSL: remove EVP_CIPHER_CTX_new() from the compat layer
OpenSSL: remove EVP_CIPHER_CTX_free() from the compat layer
Gert van Dijk (1):
Warn that DH config option is only meaningful in a tls-server context
Ilya Shipitsin (3):
travis-ci: add 3 missing patches from master to release/2.4
travis-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1
travis-ci: update pkcs11-helper to 1.22
Richard Bonhomme (1):
man: Corrections to doc/openvpn.8
Steffan Karger (17):
Fix typo in extract_x509_extension() debug message
Move adjust_power_of_2() to integer.h
Undo cipher push in client options state if cipher is rejected
Remove strerror_ts()
Move openvpn_sleep() to manage.c
fixup: also change missed openvpn_sleep() occurrences
Always use default keysize for NCP’d ciphers
Move create_temp_file() out of #ifdef ENABLE_CRYPTO
Deprecate –keysize
Deprecate –no-replay
Move run_up_down() to init.c
tls-crypt: introduce tls_crypt_kt()
crypto: create function to initialize encrypt and decrypt key
Add coverity static analysis to Travis CI config
tls-crypt: don’t leak memory for incorrect tls-crypt messages
travis: reorder matrix to speed up build
Fix bounds check in read_key()
Szilárd Pfeiffer (1):
OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag
Thomas Veerman via Openvpn-devel (1):
Fix socks_proxy_port pointing to invalid data
OpenVPN 2.4.3
Antonio Quartulli (1):
Ignore auth-nocache for auth-user-pass if auth-token is pushed
David Sommerseth (3):
crypto: Enable SHA256 fingerprint checking in –verify-hash
copyright: Update GPLv2 license texts
auth-token with auth-nocache fix broke –disable-crypto builds
Emmanuel Deloget (8):
OpenSSL: don’t use direct access to the internal of X509
OpenSSL: don’t use direct access to the internal of EVP_PKEY
OpenSSL: don’t use direct access to the internal of RSA
OpenSSL: don’t use direct access to the internal of DSA
OpenSSL: force meth->name as non-const when we free() it
OpenSSL: don’t use direct access to the internal of EVP_MD_CTX
OpenSSL: don’t use direct access to the internal of EVP_CIPHER_CTX
OpenSSL: don’t use direct access to the internal of HMAC_CTX
Gert Doering (6):
Fix NCP behaviour on TLS reconnect.
Remove erroneous limitation on max number of args for –plugin
Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
Fix potential 1-byte overread in TCP option parsing.
Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
Guido Vranken (6):
refactor my_strupr
Fix 2 memory leaks in proxy authentication routine
Fix memory leak in add_option() for option ‘connection’
Ensure option array p[] is always NULL-terminated
Fix a null-pointer dereference in establish_http_proxy_passthru()
Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
Jérémie Courrèges-Anglas (2):
Fix an unaligned access on OpenBSD/sparc64
Missing include for socket-flags TCP_NODELAY on OpenBSD
Matthias Andree (1):
Make openvpn-plugin.h self-contained again.
Selva Nair (1):
Pass correct buffer size to GetModuleFileNameW()
Steffan Karger (11):
Log the negotiated (NCP) cipher
Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
Skip tls-crypt unit tests if required crypto mode not supported
openssl: fix overflow check for long –tls-cipher option
Add a DSA test key/cert pair to sample-keys
Fix mbedtls fingerprint calculation
mbedtls: fix –x509-track post-authentication remote DoS (CVE-2017-7522)
mbedtls: require C-string compatible types for –x509-username-field
Fix remote-triggerable memory leaks (CVE-2017-7521)
Restrict –x509-alt-username extension types
Fix potential double-free in –x509-alt-username (CVE-2017-7521)
Steven McDonald (1):
Fix gateway detection with OpenBSD routing domains
#td_uid_40_59caaecb53634.td-doubleSlider-2.td-item1{background:url(https://www.kaldata.com/wp-content/uploads/2014/05/OpenVPN1-80x60.jpg) 0 0 no-repeat}#td_uid_40_59caaecb53634.td-doubleSlider-2.td-item2{background:url(https://www.kaldata.com/wp-content/uploads/2014/05/OpenVPN2-80x60.jpg) 0 0 no-repeat}#td_uid_40_59caaecb53634.td-doubleSlider-2.td-item3{background:url(https://www.kaldata.com/wp-content/uploads/2014/05/OpenVPN2-80x60.png) 0 0 no-repeat}Екрани1 от 3
Официална страница
Изтегли: OpenVPN 2.4.4 за Windows x86 (3.31 MB)
Изтегли: OpenVPN 2.4.4 за Linux и MAC
Източник: kaldata.com
КОМЕНТАРИ