From 6fb2a2560845e15da8918c114fe020b4a06b3cef Mon Sep 17 00:00:00 2001
From: Gert Doering <gert@greenie.muc.de>
Date: Thu, 18 Jul 2024 14:23:03 +0200
Subject: [PATCH] Preparing release 2.5.11

version.m4, ChangeLog, Changes.rst

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 ChangeLog   |  6 ++++++
 Changes.rst | 12 ++++++++++++
 version.m4  |  4 ++--
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 250a06743b9..c7a91d4c652 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,12 @@
 OpenVPN Change Log
 Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
 
+2024.07.18 -- Version 2.5.11
+
+Arne Schwabe (2):
+      Properly handle null bytes and invalid characters in control messages
+      Allow trailing \r and \n in control channel message
+
 2024.03.21 -- Version 2.5.10
 
 Arne Schwabe (1):
diff --git a/Changes.rst b/Changes.rst
index 59626c3ca54..9c729f6ed62 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -1,3 +1,15 @@
+Overview of changes in 2.5.11
+=============================
+Security fixes
+--------------
+- CVE-2024-5594: control channel: refuse control channel messages with
+  nonprintable characters in them.  Security scope: a malicious openvpn
+  peer can send garbage to openvpn log, or cause high CPU load.
+  (Reynir Björnsson)
+
+  (Backport of the security fix in 2.6.11 and the fix for the bugfix
+  in 2.6.12)
+
 Overview of changes in 2.5.10
 =============================
 Security fixes
diff --git a/version.m4 b/version.m4
index c6afb8bd1d4..e4b66e49f9b 100644
--- a/version.m4
+++ b/version.m4
@@ -3,12 +3,12 @@ define([PRODUCT_NAME], [OpenVPN])
 define([PRODUCT_TARNAME], [openvpn])
 define([PRODUCT_VERSION_MAJOR], [2])
 define([PRODUCT_VERSION_MINOR], [5])
-define([PRODUCT_VERSION_PATCH], [.10])
+define([PRODUCT_VERSION_PATCH], [.11])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MAJOR])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_MINOR], [[.]])
 m4_append([PRODUCT_VERSION], [PRODUCT_VERSION_PATCH], [[]])
 define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net])
-define([PRODUCT_VERSION_RESOURCE], [2,5,10,0])
+define([PRODUCT_VERSION_RESOURCE], [2,5,11,0])
 dnl define the TAP version
 define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901])
 define([PRODUCT_TAP_WIN_MIN_MAJOR], [9])