2019-09-07 21:30:21 by Amitai Schleier | Files touched by this commit (3) |
Log message:
Update to 8.04. From the changelog:
- Rework DTLS MTU detection. (#10)
- Add Pulse Connect Secure support.
- OpenSSL build fixes (#51).
- Add HMAC-SHA256-128 (RFC4868) support for ESP.
- Support IPv6 in ESP.
- Translate user-visible strings from openconnect_get_supported_protocols().
- Fix proxy username/password handling to allow special characters
and escaping.
|
2019-05-20 16:16:21 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 8.03. From the changelog:
_ Fix detection of utun support on OS X (#18).
_ Fix Cisco DTLSv1.2 support for AES256-GCM-SHA384.
_ Fix Solaris 11.4 build by properly detecting memset_s().
_ Fix recognition of OTP password fields (#24).
|
2019-04-25 09:33:32 by Maya Rashish | Files touched by this commit (620) |
Log message:
PKGREVISION bump for anything using python without a PYPKGPREFIX.
This is a semi-manual PKGREVISION bump.
|
2019-02-09 07:13:50 by Makoto Fujiwara | Files touched by this commit (1) |
Log message:
Fix ERROR: [check-interpreter.mk]
+REPLACE_BASH= trojans/csd-post.sh
+REPLACE_BASH+= trojans/csd-wrapper.sh
|
2019-01-22 19:28:41 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 8.02. From the changelog:
- Fix GNU/Hurd build.
- Discover vpnc-script in default packaged location on FreeBSD/OpenBSD.
- Support split-exclude routes for GlobalProtect.
- Fix GnuTLS builds without libtasn1.
- Fix DTLS support with OpenSSL 1.1.1+.
- Add Cisco-compatible DTLSv1.2 support.
- Invoke script with reason=attempt-reconnect before doing so.
|
2019-01-07 23:23:52 by Amitai Schleier | Files touched by this commit (3) |
Log message:
Update to 8.01. From the changelog:
- Fix memset_s() arguments.
- Fix OpenBSD build.
- Clear form submissions (which may include passwords) before freeing \
(CVE-2018-20319).
- Allow form responses to be provided on command line.
- Add support for SSL keys stored in TPM2.
- Fix ESP rekey when replay protection is disabled.
- Drop support for GnuTLS older than 3.2.10.
- Fix --passwd-on-stdin for Windows to not forcibly open console.
- Fix portability of shell scripts in test suite.
- Add Google Authenticator TOTP support for Juniper.
- Add RFC7469 key PIN support for cert hashes.
- Add protocol method to securely log out the Juniper session.
- Relax requirements for Juniper hostname packet response to support old gateways.
- Add API functions to query the supported protocols.
- Verify ESP sequence numbers and warn even if replay protection is disabled.
- Add support for PAN GlobalProtect VPN protocol (--protocol=gp).
- Reorganize listing of command-line options, and include information on \
supported protocols.
- SIGTERM cleans up the session similarly to SIGINT.
|
2017-01-03 01:02:03 by Pierre Pronchery | Files touched by this commit (3) |
Log message:
Update openconnect to version 7.08
Changelog:
Add SHA256 support for server cert hashes.
Enable DHE ciphers for Cisco DTLS.
Increase initial oNCP configuration buffer size.
Reopen CONIN$ when stdin is redirected on Windows.
Improve support for point-to-point routing on Windows.
Check for non-resumed DTLS sessions which may indicate a MiTM attack.
Add TUNIDX environment variable on Windows.
Fix compatibility with Pulse Secure 8.2R5.
Fix IPv6 support in Solaris.
Support DTLS automatic negotiation.
Support --key-password for GnuTLS PKCS#11 PIN.
Support automatic DTLS MTU detection with OpenSSL.
Drop support for combined GnuTLS/OpenSSL build.
Update OpenSSL to allow TLSv1.2, improve compatibility options.
Remove --no-cert-check option. It was being (mis)used.
Fix OpenSSL support for PKCS#11 EC keys without public key.
Support for final OpenSSL 1.1 release.
Fix polling/retry on "tun" socket when buffers full.
Fix AnyConnect server-side MTU setting.
Fix ESP replay detection.
Allow build with LibreSSL (for fetishists only; do not use this as DTLS is \
broken).
Add certificate torture test suite.
Support PKCS#11 PIN via pin-value= and --key-password for OpenSSL.
Fix integer overflow issues with ESP packet replay detection.
Add --pass-tos option as in OpenVPN.
Support rôle selection form in Juniper VPN.
Support DER-format certificates, add certificate format torture tests.
For OpenSSL >= 1.0.2, fix certificate validation when only an \
intermediate CA is specified with the --cafile option.
Support Juniper "Pre Sign-in Message".
|
2016-10-28 12:02:38 by Thomas Klausner | Files touched by this commit (2) |
Log message:
Updated openconnect to 7.07.
From Kai-Uwe Eckhardt in PR 51576.
OpenConnect v7.07 (PGP signature) â 2016-07-11
More fixes for OpenSSL 1.1 build.
Support Juniper "Post Sign-in Message".
Add --protocol option.
Fix ChaCha20-Poly1305 cipher suite to reflect final standard.
Add ability to disable IPv6 support via library API.
Set groups appropriately when using setuid().
Automatic DTLS MTU detection.
Support SSL client certificate authentication with Juniper servers.
Revamp SSL certificate validation for OpenSSL and stop supporting OpenSSL \
older than 0.9.8.
Fix handling of multiple DNS search domains with Network Connect.
Fix handling of large configuration packets for Network Connect.
Enable SNI when built with OpenSSL (1.0.1g or later).
Add --resolve and --local-hostname options to command line.
|
2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) |
Log message:
Bump PKGREVISION for security/openssl ABI bump.
|
2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748) |
Log message:
Add SHA512 digests for distfiles for net category
Problems found with existing digests:
Package haproxy distfile haproxy-1.5.14.tar.gz
159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package bsddip: missing distfile bsddip-1.02.tar.Z
Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
Package djbdns: missing distfile djbdns-cachestats.patch
Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
Package gated: missing distfile gated-3-5-11.tar.gz
Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
Package poink: missing distfile poink-1.6.tar.gz
Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
Package waste: missing distfile waste-source.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|