Subject: CVS commit: pkgsrc/net/openconnect
From: Amitai Schleier
Date: 2023-05-05 15:21:22
Message id: 20230505132122.CC1E3FA87@cvs.NetBSD.org

Log Message:
Update to 9.10. From the changelog:

- Fix external browser authentication with KDE plasma-nm < 5.26.
- Always redirect stdout to stderr when spawning external browser.
- Increase default queue length to 32 packets (#582).
- Make the Wintun Layer 3 TUN driver the default on Windows (!427).
- Add support for and bundle Wintun 0.14.1 (!294).
- Fix receiving multiple packets in one TLS frame, and single packets
  split across multiple TLS frames, for Array (#435).
- Fix ESP failures under Windows (#427).
- Add list-system-keys tool to assist Windows/MacOS users in setup.
- Handle idiosyncratic variation in search domain separators for all
  protocols (#433, #443, !388).
- Support region selection field for Pulse authentication (!399).
- Support modified configuration packet from Pulse 9.1R16 servers
  (#472, !401)
- Allow hidden form fields to be populated or converted to text fields
  on the command line (#493, #489, !409)
- Support yet another strange way of encoding challenge-based 2FA for
  GlobalProtect (#495, !411)
- Add --sni option (and corresponding C and Java API functions) to allow
  domain-fronting connections in censored/filtered network environments
  (!297, !451).
- Parrot a GlobalProtect server's software version, if present, as the
  client version (!333)
- Fix NULL pointer dereference that has left Android builds broken since
  v8.20 (!389).
- Fix Fortinet authentication bug where repeated SVPNCOOKIE causes
  segfaults (#514, !418).
- Support F5 VPNs which encode authentication forms only in JSON, not in
  HTML (#512, !431).
- Persist Windows installers for tagged builds (#463, !391).
- Support simultaneous IPv6 and Legacy IP ("dual-stack") for Fortinet
  (#568, !456).
- Support "FTM-push" token mode for Fortinet VPNs (#555, !450).
- Send IPv6-compatible version string in Pulse IF/T session
  establishment, and avoid its ESP/IP version layering idiocy on newer
  servers (#506, !414)
- Add --no-external-auth option to not advertise external-browser
  authentication, as a workaround for servers which behave differently
  when it is advertised (#470, !398)
- Emulate MacOS-specific contents in the HIP report for GlobalProtect (!471).
- Many small improvements in server response parsing, and better logging
  messages and documentation.

Files:
RevisionActionfile
1.27modifypkgsrc/net/openconnect/Makefile
1.16modifypkgsrc/net/openconnect/distinfo