The NetBSD Project

CVS log for pkgsrc/net/openconnect/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / openconnect

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.18: download - view: text, markup, annotated - select for diffs
Sat May 20 15:41:19 2023 UTC (18 months, 2 weeks ago) by schmonz
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, HEAD
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +4 -4 lines
Update to 9.12. From the changelog:

- Fix FreeBSD build and tests.
- Explicitly reject overly long tun device names.
- Work around ambiguity between <json.h> from json-parser vs
  json-c (!476).
- Fix symbol versioning for openconnect_set_sni().
- Increase maximum input size from stdin (#579).
- Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58).
- Fix Mac OS build of os-tcp-mtu tool (#612).

Revision 1.17: download - view: text, markup, annotated - select for diffs
Thu May 18 13:55:54 2023 UTC (18 months, 2 weeks ago) by schmonz
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +5 -5 lines
Update to 9.11. From the changelog:

- Rebuild test suite certificate chains (which had expired: #609)
- Fix stray (null) in URL path after Pulse authentication.
- Fix config XML parsing mistake that left GlobalProtect ESP non-working
  in v9.10 (!475).
- Fix case sensitivity in GPST header matching (!474).
- Add external browser support for Windows (#553).

Revision 1.16: download - view: text, markup, annotated - select for diffs
Fri May 5 13:21:22 2023 UTC (19 months ago) by schmonz
Branches: MAIN
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +4 -4 lines
Update to 9.10. From the changelog:

- Fix external browser authentication with KDE plasma-nm < 5.26.
- Always redirect stdout to stderr when spawning external browser.
- Increase default queue length to 32 packets (#582).
- Make the Wintun Layer 3 TUN driver the default on Windows (!427).
- Add support for and bundle Wintun 0.14.1 (!294).
- Fix receiving multiple packets in one TLS frame, and single packets
  split across multiple TLS frames, for Array (#435).
- Fix ESP failures under Windows (#427).
- Add list-system-keys tool to assist Windows/MacOS users in setup.
- Handle idiosyncratic variation in search domain separators for all
  protocols (#433, #443, !388).
- Support region selection field for Pulse authentication (!399).
- Support modified configuration packet from Pulse 9.1R16 servers
  (#472, !401)
- Allow hidden form fields to be populated or converted to text fields
  on the command line (#493, #489, !409)
- Support yet another strange way of encoding challenge-based 2FA for
  GlobalProtect (#495, !411)
- Add --sni option (and corresponding C and Java API functions) to allow
  domain-fronting connections in censored/filtered network environments
  (!297, !451).
- Parrot a GlobalProtect server's software version, if present, as the
  client version (!333)
- Fix NULL pointer dereference that has left Android builds broken since
  v8.20 (!389).
- Fix Fortinet authentication bug where repeated SVPNCOOKIE causes
  segfaults (#514, !418).
- Support F5 VPNs which encode authentication forms only in JSON, not in
  HTML (#512, !431).
- Persist Windows installers for tagged builds (#463, !391).
- Support simultaneous IPv6 and Legacy IP ("dual-stack") for Fortinet
  (#568, !456).
- Support "FTM-push" token mode for Fortinet VPNs (#555, !450).
- Send IPv6-compatible version string in Pulse IF/T session
  establishment, and avoid its ESP/IP version layering idiocy on newer
  servers (#506, !414)
- Add --no-external-auth option to not advertise external-browser
  authentication, as a workaround for servers which behave differently
  when it is advertised (#470, !398)
- Emulate MacOS-specific contents in the HIP report for GlobalProtect (!471).
- Many small improvements in server response parsing, and better logging
  messages and documentation.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Thu Oct 20 19:12:57 2022 UTC (2 years, 1 month ago) by schmonz
Branches: MAIN
CVS tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -1 lines
Define environ before it's used, to fix build on at least NetBSD.
Take MAINTAINER.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Tue Oct 18 01:18:10 2022 UTC (2 years, 1 month ago) by schmonz
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +4 -5 lines
Update to 9.01. From the changelog:

9.01:
- Fix library minor version (missing bump to 5.8).

9.00:
- Add support for AnyConnect "Session Token Re-use Anchor Protocol"
  (STRAP) (#410).
- Add support for AnyConnect "external browser" SSO mode (!354).
- On Windows, fix crash on tunnel setup. (#370, 6a2ffbb)
- Bugfix RSA SecurID token decryption and PIN entry forms, broken in
  v8.20. (#388, !344)
- Support Cisco's multiple-certificate authentication (!194).
- Append internal=no to GlobalProtect authentication/configuration
  forms, for compatibility with servers which apparently require this to
  function properly. (#246, !337)
- Revert GlobalProtect default route handling change from v8.20. (!367)
- Support split-exclude routes for Fortinet. (#394, !345)
- Add openconnect_set_useragent() function.
- Add webview callback and SAML/SSO support for AnyConnect,
  GlobalProtect. (!126).

8.20:
- When the queue length (-Q option) is 16 or more, try using vhost-net
  to accelerate tun device access.
- Use epoll() where available.
- Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. (#249)
- Make tncc-emulate.py work with Python 3.7+. (#152, !120)
- Emulated a newer version of GlobalProtect official clients, 5.1.5-8;
  was 4.0.2-19 (!131)
- Support Juniper login forms containing both password and 2FA
  token (!121)
- Explicitly disable 3DES and RC4, unless enabled with
  --allow-insecure-crypto (!114)
- Add obsolete-server-crypto test (!114)
- Allow protocols to delay tunnel setup and shutdown (!117)
- Support for GlobalProtect IPv6 (!155 and !188; previous work in
  d6db0ec)
- SIGUSR1 causes OpenConnect to log detailed connection information and
  statistics (!154)
- Allow --servercert to be specified multiple times in order to accept
  server certificates matching more than one possible fingerprint
  (!162, #25)
- Add insecure debugging build mode for developers (!112)
- Demangle default routes sent as split routes by GlobalProtect (!118)
- Improve GlobalProtect login argument decoding (!143)
- Add detection of authentication expiration date, intended to allow
  front-ends to cache and reuse authentication cookies/sessions (!156)
- Small bug fixes and clarification of many logging messages.
- Support more Juniper login forms, including some SSO forms (!171)
- Automatically build Windows installers for OpenConnect command-line
  interface (!176)
- Restore compatibility with newer Cisco servers, by no longer sending
  them the X-AnyConnect-Platform header (#101, !175)
- Add support for PPP-based protocols, currently over TLS only (!165).
- Add support for two PPP-based protocols, F5 with --protocol=f5 and
  Fortinet with --protocol=fortinet (!169).
- Add experimental support for Wintun Layer 3 TUN driver under Windows
  (#231, !178).
- Clean up and improve Windows routing/DNS configuration script
  (vpnc-scripts!26, vpnc-scripts!41, vpnc-scripts!44).
- On Windows, reclaim needed IP addresses from down network interfaces
  so that configuration script can succeed (!178).
- Fix output redirection under Windows (#229)
- More gracefully handle idle timeouts and other fatal errors for
  Juniper and Pulse (!187)
- Ignore failures to fetch the Juniper/oNCP landing page if the
  authentication was successful (3e779436).
- Add support for Array Networks SSL VPN (#102)
- Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm
  and hardware TPM. (ed80bfac...ee1cd782)
- Add openconnect_get_connect_url() to simplify passing correct server
  information to the connecting openconnect process.
  (NetworkManager-openconnect #46, #53)
- Disable brittle "system policy" enforcement where it cannot be
  gracefully overridden at user request. (RH#1960763).
- Pass "portal cookie" fields from GlobalProtect portal to gateway to
  avoid repetition of password- or SAML-based login (!199)
- With --user, enter username supplied via command-line into all
  authentication forms, not just the first. (#267, !220).
- Fix a subtle bug which has prevented ESP rekey and ESP-to-TLS fallback
  from working reliably with the Juniper/oNCP protocol since v8.04.
  (#322, !293).
- Fix a bug in csd-wrapper.sh which has prevented it from correctly
  downloading compressed Trojan binaries since at least v8.00. (!305)
- Make Windows socketpair emulation more robust in the face of Windows's
  ability to break its localhost routes. (#228, #361, !320)
- Perform proper disconnect and routes cleanup on Windows when receiving
  Ctrl+C or Ctrl+Break. (#362, !323)
- Improve logging in routing/DNS configuration scripts. (!328,
  vpnc-scripts!45)
- Support modified configuration packet from Pulse 9.1R14 servers
  (#379, !331)

Revision 1.13: download - view: text, markup, annotated - select for diffs
Tue Oct 26 11:06:11 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
CVS tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +2 -2 lines

net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch

Revision 1.12: download - view: text, markup, annotated - select for diffs
Thu Oct 7 14:42:02 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +1 -2 lines
net: Remove SHA1 hashes for distfiles

Revision 1.11: download - view: text, markup, annotated - select for diffs
Fri Jun 5 15:50:31 2020 UTC (4 years, 6 months ago) by bacon
Branches: MAIN
CVS tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +6 -5 lines
net/openconnect: Upgrade to 8.10

Fixes build for Darwin
Based on wip/openconnect with help from Louis Guillaume

Revision 1.10: download - view: text, markup, annotated - select for diffs
Thu Sep 12 19:23:13 2019 UTC (5 years, 2 months ago) by schmonz
Branches: MAIN
CVS tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +5 -5 lines
Update to 8.05. From the changelog:

- Fix GlobalProtect ESP stall (#55).
- Fix HTTP chunked encoding buffer overflow (CVE-2019-16239).

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sat Sep 7 19:30:21 2019 UTC (5 years, 2 months ago) by schmonz
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +5 -5 lines
Update to 8.04. From the changelog:

- Rework DTLS MTU detection. (#10)
- Add Pulse Connect Secure support.
- OpenSSL build fixes (#51).
- Add HMAC-SHA256-128 (RFC4868) support for ESP.
- Support IPv6 in ESP.
- Translate user-visible strings from openconnect_get_supported_protocols().
- Fix proxy username/password handling to allow special characters
  and escaping.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Mon May 20 14:16:21 2019 UTC (5 years, 6 months ago) by schmonz
Branches: MAIN
CVS tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +5 -5 lines
Update to 8.03. From the changelog:

_ Fix detection of utun support on OS X (#18).
_ Fix Cisco DTLSv1.2 support for AES256-GCM-SHA384.
_ Fix Solaris 11.4 build by properly detecting memset_s().
_ Fix recognition of OTP password fields (#24).

Revision 1.7: download - view: text, markup, annotated - select for diffs
Tue Jan 22 18:28:40 2019 UTC (5 years, 10 months ago) by schmonz
Branches: MAIN
CVS tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +5 -5 lines
Update to 8.02. From the changelog:

- Fix GNU/Hurd build.
- Discover vpnc-script in default packaged location on FreeBSD/OpenBSD.
- Support split-exclude routes for GlobalProtect.
- Fix GnuTLS builds without libtasn1.
- Fix DTLS support with OpenSSL 1.1.1+.
- Add Cisco-compatible DTLSv1.2 support.
- Invoke script with reason=attempt-reconnect before doing so.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Mon Jan 7 22:23:52 2019 UTC (5 years, 10 months ago) by schmonz
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +5 -5 lines
Update to 8.01. From the changelog:

- Fix memset_s() arguments.
- Fix OpenBSD build.
- Clear form submissions (which may include passwords) before freeing (CVE-2018-20319).
- Allow form responses to be provided on command line.
- Add support for SSL keys stored in TPM2.
- Fix ESP rekey when replay protection is disabled.
- Drop support for GnuTLS older than 3.2.10.
- Fix --passwd-on-stdin for Windows to not forcibly open console.
- Fix portability of shell scripts in test suite.
- Add Google Authenticator TOTP support for Juniper.
- Add RFC7469 key PIN support for cert hashes.
- Add protocol method to securely log out the Juniper session.
- Relax requirements for Juniper hostname packet response to support old gateways.
- Add API functions to query the supported protocols.
- Verify ESP sequence numbers and warn even if replay protection is disabled.
- Add support for PAN GlobalProtect VPN protocol (--protocol=gp).
- Reorganize listing of command-line options, and include information on supported protocols.
- SIGTERM cleans up the session similarly to SIGINT.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Tue Jan 3 00:02:03 2017 UTC (7 years, 11 months ago) by khorben
Branches: MAIN
CVS tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +5 -5 lines
Update openconnect to version 7.08

Changelog:

    Add SHA256 support for server cert hashes.
    Enable DHE ciphers for Cisco DTLS.
    Increase initial oNCP configuration buffer size.
    Reopen CONIN$ when stdin is redirected on Windows.
    Improve support for point-to-point routing on Windows.
    Check for non-resumed DTLS sessions which may indicate a MiTM attack.
    Add TUNIDX environment variable on Windows.
    Fix compatibility with Pulse Secure 8.2R5.
    Fix IPv6 support in Solaris.
    Support DTLS automatic negotiation.
    Support --key-password for GnuTLS PKCS#11 PIN.
    Support automatic DTLS MTU detection with OpenSSL.
    Drop support for combined GnuTLS/OpenSSL build.
    Update OpenSSL to allow TLSv1.2, improve compatibility options.
    Remove --no-cert-check option. It was being (mis)used.
    Fix OpenSSL support for PKCS#11 EC keys without public key.
    Support for final OpenSSL 1.1 release.
    Fix polling/retry on "tun" socket when buffers full.
    Fix AnyConnect server-side MTU setting.
    Fix ESP replay detection.
    Allow build with LibreSSL (for fetishists only; do not use this as DTLS is broken).
    Add certificate torture test suite.
    Support PKCS#11 PIN via pin-value= and --key-password for OpenSSL.
    Fix integer overflow issues with ESP packet replay detection.
    Add --pass-tos option as in OpenVPN.
    Support rôle selection form in Juniper VPN.
    Support DER-format certificates, add certificate format torture tests.
    For OpenSSL >= 1.0.2, fix certificate validation when only an intermediate CA is specified with the --cafile option.
    Support Juniper "Pre Sign-in Message".

Revision 1.4: download - view: text, markup, annotated - select for diffs
Fri Oct 28 10:02:38 2016 UTC (8 years, 1 month ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +5 -5 lines
Updated openconnect to 7.07.

From Kai-Uwe Eckhardt in PR 51576.

OpenConnect v7.07 (PGP signature) — 2016-07-11

    More fixes for OpenSSL 1.1 build.
    Support Juniper "Post Sign-in Message".
    Add --protocol option.
    Fix ChaCha20-Poly1305 cipher suite to reflect final standard.
    Add ability to disable IPv6 support via library API.
    Set groups appropriately when using setuid().
    Automatic DTLS MTU detection.
    Support SSL client certificate authentication with Juniper servers.
    Revamp SSL certificate validation for OpenSSL and stop supporting OpenSSL older than 0.9.8.
    Fix handling of multiple DNS search domains with Network Connect.
    Fix handling of large configuration packets for Network Connect.
    Enable SNI when built with OpenSSL (1.0.1g or later).
    Add --resolve and --local-hostname options to command line.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Wed Nov 4 00:35:17 2015 UTC (9 years, 1 month ago) by agc
Branches: MAIN
CVS tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +2 -1 lines
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Wed Oct 14 13:13:44 2015 UTC (9 years, 1 month ago) by wiz
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +4 -4 lines
Update to 7.06, based on PR 50336 by Kai-Uwe Eckhardt:

OpenConnect v7.06 (PGP signature) — 2015-03-17

    Fix openconnect.pc breakage after liboath removal.
    Refactor Juniper Network Connect receive loop.
    Fix some memory leaks.
    Add Bosnian translation.


OpenConnect v7.05 (PGP signature) — 2015-03-10

    Fix alignment issue which broke LZS compression on ARM etc.
    Support HTTP authentication to servers, not just proxies.
    Work around Yubikey issue with non-ASCII passphrase set on pre-KitKat Android.
    Add SHA256/SHA512 support for OATH.
    Remove liboath dependency.
    Support DTLS v1.2 and AES-GCM with OpenSSL 1.0.2.
    Add OpenSSL 1.0.2 to known-broken releases (RT#3703, RT#3711).
    Fix build with OpenSSL HEAD (OpenSSL 1.1.x).
    Preliminary support for Juniper SSL VPN.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Mon Mar 2 15:27:58 2015 UTC (9 years, 9 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1
Import openconnect-7.04 as net/openconnect, packaged for wip by
pdtafti, hfath, asau, kristerw, jakllsch, and keckhardt.

OpenConnect is a client for Cisco's AnyConnect SSL VPN
released under LGPL v2.1.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>