Path to this page:
Subject: CVS commit: pkgsrc/net/openconnect
From: Amitai Schleier
Date: 2023-05-05 15:21:22
Message id: 20230505132122.CC1E3FA87@cvs.NetBSD.org
Log Message:
Update to 9.10. From the changelog:
- Fix external browser authentication with KDE plasma-nm < 5.26.
- Always redirect stdout to stderr when spawning external browser.
- Increase default queue length to 32 packets (#582).
- Make the Wintun Layer 3 TUN driver the default on Windows (!427).
- Add support for and bundle Wintun 0.14.1 (!294).
- Fix receiving multiple packets in one TLS frame, and single packets
split across multiple TLS frames, for Array (#435).
- Fix ESP failures under Windows (#427).
- Add list-system-keys tool to assist Windows/MacOS users in setup.
- Handle idiosyncratic variation in search domain separators for all
protocols (#433, #443, !388).
- Support region selection field for Pulse authentication (!399).
- Support modified configuration packet from Pulse 9.1R16 servers
(#472, !401)
- Allow hidden form fields to be populated or converted to text fields
on the command line (#493, #489, !409)
- Support yet another strange way of encoding challenge-based 2FA for
GlobalProtect (#495, !411)
- Add --sni option (and corresponding C and Java API functions) to allow
domain-fronting connections in censored/filtered network environments
(!297, !451).
- Parrot a GlobalProtect server's software version, if present, as the
client version (!333)
- Fix NULL pointer dereference that has left Android builds broken since
v8.20 (!389).
- Fix Fortinet authentication bug where repeated SVPNCOOKIE causes
segfaults (#514, !418).
- Support F5 VPNs which encode authentication forms only in JSON, not in
HTML (#512, !431).
- Persist Windows installers for tagged builds (#463, !391).
- Support simultaneous IPv6 and Legacy IP ("dual-stack") for Fortinet
(#568, !456).
- Support "FTM-push" token mode for Fortinet VPNs (#555, !450).
- Send IPv6-compatible version string in Pulse IF/T session
establishment, and avoid its ESP/IP version layering idiocy on newer
servers (#506, !414)
- Add --no-external-auth option to not advertise external-browser
authentication, as a workaround for servers which behave differently
when it is advertised (#470, !398)
- Emulate MacOS-specific contents in the HIP report for GlobalProtect (!471).
- Many small improvements in server response parsing, and better logging
messages and documentation.
Files: