Changelog for
libopenconnect5-9.12-122.10.i586.rpm :
* Thu Mar 21 2024 pgajdosAATTsuse.com- remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476]
* Sat May 20 2023 Andrea Manzini
- Update to release 9.12:
* Explicitly reject overly long tun device names.
* Increase maximum input size from stdin (#579).
* Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58).
* Fix stray (null) in URL path after Pulse authentication (4023bd95).
* Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475).
* Fix case sensitivity in GPST header matching (!474).
* Mon May 08 2023 Andrea Manzini - Update to release 9.10:
* Fix external browser authentication with KDE plasma-nm < 5.26.
* Always redirect stdout to stderr when spawning external browser.
* Increase default queue length to 32 packets.
* Fix receiving multiple packets in one TLS frame, and single packets split across multiple TLS frames, for Array.
* Handle idiosyncratic variation in search domain separators for all protocols
* Support region selection field for Pulse authentication
* Support modified configuration packet from Pulse 9.1R16 servers
* Allow hidden form fields to be populated or converted to text fields on the command line
* Support yet another strange way of encoding challenge-based 2FA for GlobalProtect
* Add --sni option (and corresponding C and Java API functions) to allow domain-fronting connections in censored/filtered network environments
* Parrot a GlobalProtect server\'s software version, if present, as the client version (!333)
* Fix NULL pointer dereference that has left Android builds broken since v8.20 (!389).
* Fix Fortinet authentication bug where repeated SVPNCOOKIE causes segfaults (#514, !418).
* Support F5 VPNs which encode authentication forms only in JSON, not in HTML.
* Support simultaneous IPv6 and Legacy IP (\"dual-stack\") for Fortinet .
* Support \"FTM-push\" token mode for Fortinet VPNs .
* Send IPv6-compatible version string in Pulse IF/T session establishment
* Add --no-external-auth option to not advertise external-browser authentication
* Many small improvements in server response parsing, and better logging messages and documentation.
* Thu Dec 15 2022 Andrea Manzini - Update to release 9.01:
* Add support for AnyConnect \"Session Token Re-use Anchor Protocol\" (STRAP)
* Add support for AnyConnect \"external browser\" SSO mode
* Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20
* Support Cisco\'s multiple-certificate authentication
* Revert GlobalProtect default route handling change from v8.20
* Suppo split-exclude routes for Fortinet
* Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect
* Mon Apr 18 2022 Jan Engelhardt - Update to release 8.20:
* Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect.
* Emulated a newer version of GlobalProtect official clients, 5.1.5-8; was 4.0.2-19
* Support Juniper login forms containing both password and 2FA token
* Explicitly disable 3DES and RC4, unless enabled with - -allow-insecure-crypto
* Allow protocols to delay tunnel setup and shutdown (!117)
* Support for GlobalProtect IPv6
* SIGUSR1now causes OpenConnect to log detailed connection information and statistics
* Allow --servercert to be specified multiple times in order to accept server certificates matching more than one possible fingerprint
* Demangle default routes sent as split routes by GlobalProtect
* Support more Juniper login forms, including some SSO forms
* Restore compatibility with newer Cisco servers, by no longer sending them the X-AnyConnect-Platform header
* Add support for PPP-based protocols, currently over TLS only.
* Add support for two PPP-based protocols, F5 with - -protocol=f5 and Fortinet with --protocol=fortinet.
* Add support for Array Networks SSL VPN.
* Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm and hardware TPM.
* Tue Nov 23 2021 Robert Munteanu - Import the latest version of the vpnc-script, revision 1d35a8527e5422967514dd1d47350ff2ede55903 (boo#1140772)
* This brings a lot of improvements for non-trivial network setups, IPv6 etc
* Fri Jan 08 2021 olafAATTaepfle.de- Build with --without-gnutls-version-check
* Fri May 15 2020 Martin Hauke - Update to version 8.10:
* Install bash completion script to ${datadir}/bash-completion/completions/openconnect.
* Improve compatibility of csd-post.sh trojan.
* Fix potential buffer overflow with GnuTLS describing local certs (CVE-2020-12823, bsc#1171862, gl#openconnect/openconnect!108).
* Fri May 01 2020 Martin Hauke - Fix CVE-2020-12105 (boo#1170452)- Introduce subpackage for bash-completion- Update to 8.09:
* Add bash completion support.
* Give more helpful error in case of Pulse servers asking for TNCC.
* Sanitize non-canonical Legacy IP network addresses.
* Fix OpenSSL validation for trusted but invalid certificates (CVE-2020-12105).
* Convert tncc-wrapper.py to Python 3, and include modernized tncc-emulate.py as well. (!91)
* Disable Nagle\'s algorithm for TLS sockets, to improve interactivity when tunnel runs over TCP rather than UDP.
* GlobalProtect: more resilient handling of periodic HIP check and login arguments, and predictable naming of challenge forms.
* Work around PKCS#11 tokens which forget to set CKF_LOGIN_REQUIRED.- Update to 8.0.8:
* Fix check of pin-sha256: public key hashes to be case sensitive
* Don\'t give non-functioning stderr to CSD trojan scripts.
* Fix crash with uninitialised OIDC token.- Update to 8.0.7:
* Don\'t abort Pulse connection when server-provided certificate MD5 doesn\'t match.
* Fix off-by-one in check for bad GnuTLS versions, and add build and run time checks.
* Don\'t abort connection if CSD wrapper script returns non-zero (for now).
* Make --passtos work for protocols that use ESP, in addition to DTLS.
* Convert tncc-wrapper.py to Python 3, and include modernized tncc-emulate.py as well.
* Wed Jan 08 2020 Tomáš Chvátal - Remove tncc-wrapper.py script as it is python2 only bsc#1157446