[Openvpn-devel] OpenVPN 2.0.8 and 2.1_beta15 released
2006.09.12 -- Version 2.0.8 * Windows installer updated with OpenSSL 0.9.7k DLLs to fix RSA Signature Forgery (CVE-2006-4339). * No changes to OpenVPN source code between 2.0.7 and 2.0.8. 2006.09.12 -- Version 2.1-beta15 * Windows installer updated with OpenSSL 0.9.7k DLLs to fix RSA Signature Forgery (CVE-2006-4339). * Fixed bug introduced with the --port-share directive (back in 2.1-beta9 which causes TLS soft resets (1 per hour by default) in TCP server mode to force a blockage of tunnel packets and later time-out and restart the connection. * pkcs11 changes: 1. Modified ssl.c to not FATAL and return to init.c so auth-retry will work. 2. Modifed pkcs11-helper.c to fix some problem with multiple providers. 3. Updated makefile.w32-vc to include lladdr.*, updated linkage libraries. 4. Modified lladdr.c to be compiled under visual C. 5. Added retry counter to PKCS#11 PIN hook. 6. Modified PKCS#11 PIN retry loop to return correct error code when PIN is incorrect. 7. Fix handling (ignoring) zero sized attributes. 8. Fix gcc-2 issues. 9. Fix openssl 0.9.6 (first version) issues. 10. easy-rsa Makefile (install) is now available so that distribs will be able to install it safely. * Added two new management states: OPENVPN_STATE_RESOLVE -- DNS lookup OPENVPN_STATE_TCP_CONNECT -- Connecting to TCP server * Echo management state change to log. * Minor syshead.h change for NetBSD to allow TCP_NODELAY flag to work. * Modified --port-share code to remove the assumption that CMSG_SPACE always evaluates to a constant, to enable compilation on NetBSD and possibly other BSDs as well. * Eliminated gcc 3.3.3 warnings on NetBSD when ./configure --enable-strict is used. * Added optional minimum-number-of-bytes parameter to --inactive directive. James
Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.0.8 and 2.1_beta15 released
James Yonan wrote: > 2006.09.12 -- Version 2.0.8 > > * Windows installer updated with OpenSSL 0.9.7k DLLs to fix > RSA Signature Forgery (CVE-2006-4339). > > * No changes to OpenVPN source code between 2.0.7 and 2.0.8. > > 2006.09.12 -- Version 2.1-beta15 hi, is there any estimate/schedule/roadmap for 2.1 final? yours. -- Levente "Si vis pacem para bellum!"
Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.0.8 and 2.1_beta15 released
Farkas Levente wrote: James Yonan wrote: 2006.09.12 -- Version 2.0.8 * Windows installer updated with OpenSSL 0.9.7k DLLs to fix RSA Signature Forgery (CVE-2006-4339). * No changes to OpenVPN source code between 2.0.7 and 2.0.8. 2006.09.12 -- Version 2.1-beta15 hi, is there any estimate/schedule/roadmap for 2.1 final? yours. We are basically there. Beta15 has a number of changes and fixes that need to be tested. I would like to see it out in the field for 30 to 60 days before we promote it to final. James
Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.0.8 and 2.1_beta15 released
James Yonan wrote: > Farkas Levente wrote: >> James Yonan wrote: >> >>> 2006.09.12 -- Version 2.0.8 >>> >>> * Windows installer updated with OpenSSL 0.9.7k DLLs to fix >>> RSA Signature Forgery (CVE-2006-4339). >>> >>> * No changes to OpenVPN source code between 2.0.7 and 2.0.8. >>> >>> 2006.09.12 -- Version 2.1-beta15 >>> >> >> hi, >> is there any estimate/schedule/roadmap for 2.1 final? >> yours. >> >> > We are basically there. Beta15 has a number of changes and fixes that > need to be tested. I would like to see it out in the field for 30 to 60 > days before we promote it to final. thanks. the reason why i waiting for the final is not because we can't use beta (actually all of our client and server are use the latest beta), but as the topology is only in the beta series and other product as openvpn gui, openvpn for pocket pc etc. are all based on the latest stable or not follow the beta series. it'd be nice to reach the 2.1 final. in this case all other upstream packager follow this step. (eg. currently we can't use pda (pocket pc) to connect to our server which use topology) or we should have to rebuild the pocket pc port which is not so trivial. -- Levente "Si vis pacem para bellum!"
Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.0.8 and 2.1_beta15 released
> -Original Message- > From: openvpn-users-boun...@lists.sourceforge.net > [mailto:openvpn-users-boun...@lists.sourceforge.net]On Behalf Of James > Yonan > Sent: Tuesday, September 12, 2006 3:17 AM > To: 'openvpn-users'; OpenVPN devel; > openvpn-annou...@lists.sourceforge.net > Subject: [Openvpn-users] OpenVPN 2.0.8 and 2.1_beta15 released > > > 2006.09.12 -- Version 2.0.8 > > * Windows installer updated with OpenSSL 0.9.7k DLLs to fix > RSA Signature Forgery (CVE-2006-4339). > > * No changes to OpenVPN source code between 2.0.7 and 2.0.8. > > 2006.09.12 -- Version 2.1-beta15 > > * Windows installer updated with OpenSSL 0.9.7k DLLs to fix > RSA Signature Forgery (CVE-2006-4339). > Hello everyone. I see the new 2.1 beta has a fix for (CVE-2006-4339). Does this mean 2.0.7 is not affected by the OpenSSL RSA Signature Forgery vulnerablility? Thanks, Jim
[Openvpn-devel] Technology, ERP, CRM, ISV, VAR, oracle, sap, peoplesoft, ibm, hp customer lists
About Us This email is to introduce Repharm; a knowledge management company that provides installed customer lists for companies such as Oracle, PeopleSoft, Siebel, etc. Listed below are just a few of the customer lists we have. Some of the fields we include in our databases are: Company, Street, City, State/Province, ZipCode/Postal Code, Country, Telephone, Url, Sales/Revenue, Total Employees, SIC Code, Primary Industry and Parent Company. Contacts/Titles include: Chief Executive Officer, Chief Financial Officer, Chief Information Officer, Vice President Sales/Marketing, Vice President Human Resources, etc. We also provide Director/Manager level titles as well. We have obtained these lists through ongoing direct mail, fax and telemarketing campaigns, internet research, etc. Mike Gordon Repharm Tel: 905-721-8456 Fax: 905-721-1471 Email: r...@look.ca These are just a few of the lists we offer: ERP (Enterprise Resource Planning): Baan Epicor JD Edwards Lawson Made2Manage Mapics Marcam Oracle Peoplesoft SAP SSA CRM (Customer Relationship Management): Clarify E.piphany HNC Onyx Pivotal Siebel Vantive Xchange E-business Applications Ariba BMC BroadVision Commerce One Webtrends Middleware/Connectivity/App Servers/ Web Servers: Bea Systems Iona Unisys Operating Systems/Hardware/Software: COMPAQ HP 3000 HP 9000 HP-UX IBM AS/400 IBM OS/390 Lotus Notes Microsoft Sun Microsystems DATABASE: DB2 FileMaker Informix Oracle SQL Sybase SUPPLY CHAIN: Agile i2 Technologies Manugistics QAD Webplan COMMUNICATIONS: ASPs CLECS ISPs E-COMMERCE: Dot Com Directory Consultant Directory Software Directory EXECUTIVE DIRECTORIES: CEO Directory CFO Directory CIO Directory Engineering Human Resources Purchasing Sales/Marketing INDUSTRY SPECIFIC LISTS: Agriculture, Forestry and Fishing Communications Construction Finance, Insurance and Real Estate Manufacturing Mining Public Administration Retail Trade Services Transportation Utilities Wholesale Trade FRONT OFFICE SERVICES: We offer the following Front Office Services: Fax Campaigns Telemarketing Direct Mail Customer Satisfaction Surveys This email complies with the CAN-SPAM Act. If you wish to be removed please forward back a reply and put remove in the subject line.
Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.0.8 and 2.1_beta15 released
James Miller wrote: -Original Message- From: openvpn-users-boun...@lists.sourceforge.net [mailto:openvpn-users-boun...@lists.sourceforge.net]On Behalf Of James Yonan Sent: Tuesday, September 12, 2006 3:17 AM To: 'openvpn-users'; OpenVPN devel; openvpn-annou...@lists.sourceforge.net Subject: [Openvpn-users] OpenVPN 2.0.8 and 2.1_beta15 released 2006.09.12 -- Version 2.0.8 * Windows installer updated with OpenSSL 0.9.7k DLLs to fix RSA Signature Forgery (CVE-2006-4339). * No changes to OpenVPN source code between 2.0.7 and 2.0.8. 2006.09.12 -- Version 2.1-beta15 * Windows installer updated with OpenSSL 0.9.7k DLLs to fix RSA Signature Forgery (CVE-2006-4339). Hello everyone. I see the new 2.1 beta has a fix for (CVE-2006-4339). Does this mean 2.0.7 is not affected by the OpenSSL RSA Signature Forgery vulnerablility? Basically any version of OpenVPN that uses OpenSSL versions prior to 0.9.7k is potentially vulnerable (including 2.0.7), however using "tls-auth" in the OpenVPN configuration reduces the vulnerability to a large extent. Now having said that, if you are using 2.0.7 on unix, you can continue to use 2.0.7, just stop the OpenVPN daemon(s), upgrade the OpenSSL package on your system, and then restart OpenVPN. If you are using 2.0.7 on Windows, you can do one of two things: (1) Upgrade to 2.0.8, which automatically upgrades OpenSSL to 0.9.7k. (2) Continue using 2.0.7, but drop in new versions of the OpenSSL DLLs (libeay32.dll and libssl32.dll) replacing the files in 2.0.7 of the same name. They are usually stored in \Program Files\OpenVPN\bin. You can download these and their related GnuPG signatures here: http://openvpn.net/release/openssl/ James
