pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: pkgsrc/net/openconnect




OK, I'll add that to my checklist.

Cheers,

    JB

On 2020-06-05 12:20, Leonardo Taccari wrote:
Hello Jason,

Jason Bacon writes:
[...]
Log Message:
net/openconnect: Upgrade to 8.10

Fixes build for Darwin
Based on wip/openconnect with help from Louis Guillaume
[...]
Thanks for updating it!

When updating packages please always include a changelog/summary of
changes.  This is helpful for readers of pkgsrc-changes@, maintainers
and also other teams like pkgsrc releng and pkgsrc Security.

 From ${WRKSRC}/www/changelog.xml:

  | * OpenConnect v8.10
  |     + Install bash completion script to ${datadir}/bash-completion/
  |       completions/openconnect.
  |     + Improve compatibility of csd-post.sh trojan.
  |     + Update Android build dependencies and bump API level to support
  |       Android 10.
  |     + Fix potential buffer overflow with GnuTLS describing local certs
  |       (CVE-2020-12823).
  |
  | * OpenConnect v8.09
  |     + Add bash completion support.
  |     + Give more helpful error in case of Pulse servers asking for TNCC.
  |     + Sanitize non-canonical Legacy IP network addresses (!97)
  |     + Fix OpenSSL validation for trusted but invalid certificates
  |       (CVE-2020-12105).
  |     + Convert tncc-wrapper.py to Python 3, and include modernized
  |       tncc-emulate.py as well. (!91)
  |     + Disable Nagle's algorithm for TLS sockets, to improve interactivity
  |       when tunnel runs over TCP rather than UDP. (!89
  |     + GlobalProtect: more resilient handling of periodic HIP check and login
  |       arguments, and predictable naming of challenge forms (!95, !93, !90)
  |     + Work around PKCS#11 tokens which forget to set CKF_LOGIN_REQUIRED
  |       (#123).
  |
  | * OpenConnect v8.08
  |     + Fix check of pin-sha256: public key hashes to be case sensitive (#116).
  |     + Don't give non-functioning stderr to CSD trojan scripts.
  |     + Fix crash with uninitialised OIDC token.
  |
  | * OpenConnect v8.07
  |     + Don't abort Pulse connection when server-provided certificate MD5
  |       doesn't match.
  |     + Fix off-by-one in check for bad GnuTLS versions, and add build and run
  |       time checks.
  |     + Don't abort connection if CSD wrapper script returns non-zero (for
  |       now).
  |     + Make --passtos work for protocols that use ESP, in addition to DTLS.
  |     + Convert tncc-wrapper.py to Python 3, and include modernized
  |       tncc-emulate.py as well.
  |
  | * OpenConnect v8.06
  |     + Implement EAP-TTLS fragmentation.
  |     + Fix Windows build with MSYS2 (#74).
  |     + Allow custom stoken rcfile to be specified (#71).
  |     + Periodic HIP checking for GlobalProtect, and cross-protocol API (!56).
  |     + Ciphersuite priority override options (!71).
  |     + Clearer GlobalProtect debugging/SAML output (!66, !69).
  |     + Explain experimental Pulse support for servers where Juniper oNCP is
  |       disabled (!48).
  |     + Ignore missing Cisco CSD stub and simply CSD subprocess invocation
  |       (!77, !74).
  |     + Pass IDLE_TIMEOUT to vpnc-script (!67).
  |     + Windows line-ending flexibility for standard input (!78).
  |     + Disable DTLS for GnuTLS versions between 3.6.3 and 3.6.13 inclusive
  |       due to GnuTLS #960.
  |     + Add RFC6750 Bearer token support (!70).





Home | Main Index | Thread Index | Old Index