Re: CVS commit: pkgsrc/net/openconnect

To: bacon%netbsd.org@localhost
Subject: Re: CVS commit: pkgsrc/net/openconnect
From: Leonardo Taccari <leot%NetBSD.org@localhost>
Date: Fri, 05 Jun 2020 19:20:23 +0200

Hello Jason,

Jason Bacon writes:
> [...]
> Log Message:
> net/openconnect: Upgrade to 8.10
>
> Fixes build for Darwin
> Based on wip/openconnect with help from Louis Guillaume
> [...]

Thanks for updating it!

When updating packages please always include a changelog/summary of
changes.  This is helpful for readers of pkgsrc-changes@, maintainers
and also other teams like pkgsrc releng and pkgsrc Security.

>From ${WRKSRC}/www/changelog.xml:

 | * OpenConnect v8.10
 |     + Install bash completion script to ${datadir}/bash-completion/
 |       completions/openconnect.
 |     + Improve compatibility of csd-post.sh trojan.
 |     + Update Android build dependencies and bump API level to support
 |       Android 10.
 |     + Fix potential buffer overflow with GnuTLS describing local certs
 |       (CVE-2020-12823).
 | 
 | * OpenConnect v8.09
 |     + Add bash completion support.
 |     + Give more helpful error in case of Pulse servers asking for TNCC.
 |     + Sanitize non-canonical Legacy IP network addresses (!97)
 |     + Fix OpenSSL validation for trusted but invalid certificates
 |       (CVE-2020-12105).
 |     + Convert tncc-wrapper.py to Python 3, and include modernized
 |       tncc-emulate.py as well. (!91)
 |     + Disable Nagle's algorithm for TLS sockets, to improve interactivity
 |       when tunnel runs over TCP rather than UDP. (!89
 |     + GlobalProtect: more resilient handling of periodic HIP check and login
 |       arguments, and predictable naming of challenge forms (!95, !93, !90)
 |     + Work around PKCS#11 tokens which forget to set CKF_LOGIN_REQUIRED
 |       (#123).
 | 
 | * OpenConnect v8.08
 |     + Fix check of pin-sha256: public key hashes to be case sensitive (#116).
 |     + Don't give non-functioning stderr to CSD trojan scripts.
 |     + Fix crash with uninitialised OIDC token.
 | 
 | * OpenConnect v8.07
 |     + Don't abort Pulse connection when server-provided certificate MD5
 |       doesn't match.
 |     + Fix off-by-one in check for bad GnuTLS versions, and add build and run
 |       time checks.
 |     + Don't abort connection if CSD wrapper script returns non-zero (for
 |       now).
 |     + Make --passtos work for protocols that use ESP, in addition to DTLS.
 |     + Convert tncc-wrapper.py to Python 3, and include modernized
 |       tncc-emulate.py as well.
 | 
 | * OpenConnect v8.06
 |     + Implement EAP-TTLS fragmentation.
 |     + Fix Windows build with MSYS2 (#74).
 |     + Allow custom stoken rcfile to be specified (#71).
 |     + Periodic HIP checking for GlobalProtect, and cross-protocol API (!56).
 |     + Ciphersuite priority override options (!71).
 |     + Clearer GlobalProtect debugging/SAML output (!66, !69).
 |     + Explain experimental Pulse support for servers where Juniper oNCP is
 |       disabled (!48).
 |     + Ignore missing Cisco CSD stub and simply CSD subprocess invocation
 |       (!77, !74).
 |     + Pass IDLE_TIMEOUT to vpnc-script (!67).
 |     + Windows line-ending flexibility for standard input (!78).
 |     + Disable DTLS for GnuTLS versions between 3.6.3 and 3.6.13 inclusive
 |       due to GnuTLS #960.
 |     + Add RFC6750 Bearer token support (!70).

Follow-Ups:
- Re: CVS commit: pkgsrc/net/openconnect
  - From: Jason Bacon

References:
- CVS commit: pkgsrc/net/openconnect
  - From: Jason Bacon

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/shells/bosh
Previous by Thread: CVS commit: pkgsrc/net/openconnect
Next by Thread: Re: CVS commit: pkgsrc/net/openconnect
Indexes:

Home | Main Index | Thread Index | Old Index