SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openconnect-debugsource-7.06-3.4.x86_64.rpm :

* Tue Mar 17 2015 idonmezAATTsuse.com- Update to version 7.0.6
* Fix openconnect.pc breakage after liboath removal.
* Refactor Juniper Network Connect receive loop.
* Fix some memory leaks.
* Add Bosnian translation.
* Wed Mar 11 2015 idonmezAATTsuse.com- Update to version 7.0.5
* Fix alignment issue which broke LZS compression on ARM etc.
* Support HTTP authentication to servers, not just proxies.
* Add SHA256/SHA512 support for OATH.
* Remove liboath dependency.
* Support DTLS v1.2 and AES-GCM with OpenSSL 1.0.2.
* Add OpenSSL 1.0.2 to known-broken releases (RT#3703, RT#3711).
* Fix build with OpenSSL HEAD (OpenSSL 1.1.x).
* Preliminary support for Juniper SSL VPN.
* Mon Jan 26 2015 idonmezAATTsuse.com- Update to Version 7.04
* Change default behaviour to enable only stateless compression.
* Add --compression argument and openconnect_set_compression_mode().
* Add support for LZS compression
* Add support for LZ4 compression- Add liblz4-devel dependency for LZ4 compression support.
* Wed Jan 14 2015 idonmezAATTsuse.com- Update to Version 7.03
* Clean up handling of incoming packets.
* Fix issue with two-stage (i.e. NetworkManager) connection to servers with trick DNS (rh#1179681).
* Stop using static variables for received packets.
* Fri Dec 19 2014 rsalevskyAATTsuse.com- Update to Version 7.02
* Add PKCS#11 support for OpenSSL.
* Fix handling of select options in openconnect_set_option_value().
* Wed Dec 10 2014 rsalevskyAATTsuse.com- Update to Version 7.01
* Try harder to find a PKCS#11 key to match a given certificate.
* Handle \'Connection: close\' from proxies correctly.
* Warn when MTU is set too low (<1280) to permit IPv6 connectivity.
* Add support for X-CSTP-DynDNS, to trigger DNS lookup on each reconnec
* Thu Dec 04 2014 rsalevskyAATTsuse.com- Update to Version 7.00
* Add support for GnuTLS 3.4 system: keys including Windows certificate store.
* Add support for HOTP/TOTP keys from Yubikey NEO devices.
* Add ---no-system-trust option to disable default certificate authorities.
* Improve libiconv and libintl detection.
* Stop calling setenv() from library functions.
* Support utun driver on OS X.
* Change library API so string ownership is never transferred.
* Support new NDIS6 TAP-Windows driver shipped with OpenVPN 2.3.4.
* Support using PSKC (RFC6030) token files for HOTP/TOTP tokens.
* Support for updating HOTP token storage when token is used.
* Support for reading OTP token data from a file.
* Add full character set handling for legacy non-UTF8 systems (including Windows).
* Fix legacy (i.e. not XML POST) submission of non-ASCII form entries (even in UTF-8 locales).
* Avoid retrying without XML POST, when we failed to even reach the server.
* Fix off-by-one in parameter substitution in error messages.
* Improve reporting when GSSAPI auth requested but not compiled in.
* Fix parsing of split include routes on Windows.
* Fix crash on invocation with --token-mode but no --token-secret.
* Tue Jul 15 2014 darinAATTdarins.net- Add token support via stoken
* Wed Jul 09 2014 rsalevskyAATTsuse.com- Update to Version 6.00
* Support SOCKS proxy authentication (password, GSSAPI).
* Support HTTP proxy authentication (Basic, Digest, NTLM and GSSAPI).
* Download XML profile in XML POST mode.
* Fix a couple of bugs involving DTLS rekeying.
* Fix problems seen when building or connecting without DTLS enabled.
* Fix tun error handling on Windows hosts.
* Skip password prompts when using PKCS#8 and PKCS#12 certificates with empty passwords.
* Fix several minor memory leaks and error paths.
* Update several Android dependencies, and make the download process more robust.
* Wed Mar 05 2014 rsalevskyAATTsuse.com- Update to Version 5.99
* Add RFC4226 HOTP token support.
* Tolerate servers closing connection uncleanly after HTTP/1.0 response (Ubuntu #1225276).
* Add support for IPv6 split tunnel configuration.
* Add Windows support with MinGW (tested with both IPv6 and Legacy IP with latest vpnc-script-win.js)
* Change library API to support updating the auth form when the authgroup is changed (Ubuntu #1229195).
* Change --os mac to --os mac-intel, to match the identifier used by Cisco clients.
* Add new API functions to support invoking the VPN mainloop directly from an application.
* Add JNI interface and sample Java application.
* Fix junk in --cookieonly output when CSD is enabled.
* Enable TOTP, stoken, and JNI support in the Android builds.
* Add --pfs option to enforce perfect forward secrecy.
* Enable elliptic curves with GnuTLS 3.2.9+, where there is a workaround for certain firewalls that fail with client hellos between 256 and 512 bytes.
* Add padding when sending password, to avoid leakage of password and username length.
* Add support for DTLS 1.2 and AES-GCM when connecting to ocserv.
* Add support for server name indication when compiled with GnuTLS 3.2.9+.
* Mon Feb 10 2014 rsalevskyAATTsuse.com- Update to version 5.03
* Fix crash on --authenticate due to freeing --cafile option in argv.- Update to version 5.02
* Fix XML POST issues with authgroups by falling back to old style login.
* Fix --cookie-on-stdin with cookies from ocserv.
* Fix reconnection to wrong host after redirect.
* Reduce limit of queued packets on DTLS socket, to fix VoIP latency.
* Fix Solaris build breakage due to missing includes.
* Include path in node.
* Include supporting CA certificates from PKCS#11 tokens (with GnuTLS 3.2.7+).
* Fix possible heap overflow if MTU is increased on reconnection (CVE-2013-7098).- Update to version 5.01
* Attempt to handle in aggregate auth mode.
* Don\'t include X-Aggregate-Auth: header in fallback mode.
* Enable AES256 mode for DTLS with GnuTLS (RH#955710).
* Add --dump-http-traffic option for debugging.
* Be more permissive in parsing XML forms.
* Use original URL when falling back to non-XML POST mode.
* Add --no-xmlpost option to revert to older, compatible behaviour.
* Close connection before falling back to non-xmlpost mode (RH#964650).
* Improve error handling when server closes connection (Debian #708928).- Update to version 5.00
* Use GnuTLS by default instead of OpenSSL.
* Avoid using deprecated gnutls_pubkey_verify_data() function.
* Fix compatibility issues with XML POST authentication.
* Fix memory leaks on realloc() failure.
* Fix certificate validation problem caused by hostname canonicalisation.
* Add RFC6238 TOTP token support using liboath.
* Replace --stoken option with more generic --token-mode and --token-secret options.- Update to version 4.99
* Add --os switch to report a different OS type to the gateway.
* Support new XML POST format.
* Add SecurID token support using libstoken.
* Mon Apr 29 2013 robert.munteanuAATTgmail.com- Fix bnc#817152- Update to version 4.09
* Fix overflow on HTTP request buffers (CVE-2012-6128)
* Fix connection to servers with round-robin DNS with two-stage auth/connect.
* Impose minimum MTU of 1280 bytes.
* Fix some harmless issues reported by Coverity.
* Improve \"Attempting to connect...\" message to be explicit when it\'s connecting to a proxy.- Update to version 4.07
* Fix segmentation fault when invoked with -p argument.
* Fix handling of write stalls on CSTP (TCP) socket.- Update to version 4.06
* Fix default CA location for non-Fedora systems with old GnuTLS.
* Improve error handing when vpnc-script exits with error.
* Handle PKCS#11 tokens which won\'t list keys without login.- Update to version 4.05
* Use correct CSD script for Mac OS X.
* Fix endless loop in PIN cache handling with multiple PKCS#11 tokens.
* Fix PKCS#11 URI handling to preserve all attributes.
* Don\'t forget key password on GUI reconnect.
* Fix GnuTLS v3 build on OpenBSD.- Update to version 4.04
* Fix GnuTLS password handling for PKCS#8 files.- Update to version 4.03
* Fix --no-proxy option.
* Fix handling of requested vs. received MTU settings.
* Fix DTLS MTU for GnuTLS 3.0.21 and newer.
* Support more ciphers for OpenSSL encrypted PEM keys, with GnuTLS.
* Fix GnuTLS compatibilty issue with servers that insist on TLSv1.0 or non-AES ciphers (RH#836558).- Update to version 4.02
* Fix build failure due to unconditional inclusion of .- Update to version 4.01
* Add support for OpenSSL\'s odd encrypted PKCS#1 files, for GnuTLS.
* Fix repeated passphrase retry for OpenSSL.
* Add keystore support for Android.
* Support TPM, and also additional checks on PKCS#11 certs, even with GnuTLS 2.12.
* Fix library references to OpenSSL\'s ERR_print_errors_cb() when built against GnuTLS v2.12.- Update to version 4.00
* Add support for OpenSSL\'s odd encrypted PKCS#1 files, for GnuTLS.
* Fix repeated passphrase retry for OpenSSL.
* Add keystore support for Android.
* Support TPM, and also additional checks on PKCS#11 certs, even with GnuTLS 2.12.
* Fix library references to OpenSSL\'s ERR_print_errors_cb() when built against GnuTLS v2.12.
* Tue Jun 19 2012 cfarrellAATTsuse.com- license update: LGPL-2.1+ No LGPL-2.1 \"only\" licenses found. Fedora also uses LGPL-2.1 \"or later\" as license
* Mon Jun 18 2012 toddrme2178AATTgmail.com- Fixes buffer overflow security vulnerability. See:
* CVE-2012-3291
* BNC#767616- Update to version 3.99
* Enable native TPM support when built with GnuTLS.
* Enable PKCS#11 token support when built with GnuTLS.
* Eliminate all SSL library exposure through libopenconnect.
* Parse split DNS information, provide $CISCO_SPLIT_DNS environment variable to vpnc-script.
* Attempt to provide new-style MTU information to server (on Linux only, unless specified on command line).
* Allow building against GnuTLS, including DTLS support.
* Add --with-pkgconfigdir= option to configure for FreeBSD\'s benefit (fd#48743).- Update to version 3.20
* Cope with non-keepalive HTTP response on authentication success
* Fix progress callback with incorrect cbdata which caused KDE crash.- Update to version 3.19
* Add --config option for reading options from file.
* Improve OpenSSL DTLS compatibility to work on Ubuntu 10.04.
* Flush progress logging output promptly after each message.
* Add symbol versioning for shared library (on sane platforms).
* Add openconnect_set_cancel_fd() function to allow clean cancellation.
* Fix corruption of URL in openconnect_parse_url() if it specifies a port number.
* Fix inappropriate exit() calls from library code.
* Library namespace cleanup — all symbols now have the prefix openconnect_ on platforms where symbol versioning works.
* Fix --non-inter option so it still uses login information from command line.- Update to version 3.18
* Fix autohate breakage with --disable-nls... hopefully.
* Fix buffer overflow in banner handling.- Update to version 3.17
* Work around time() brokenness on Solaris.
* Fix interface plumbing on Solaris 10.
* Provide asprintf() function for (unpatched) Solaris 10.
* Make vpnc-script mandatory, like it is for vpnc
* Don\'t set Legacy IP address on tun device; let vpnc-script do it.
* Detect OpenSSL even without pkg-config.
* Stop building static library by default.
* Invoke vpnc-script with \"pre-init\" reason to load tun module if necessary.- Update to version 3.16
* Fix build failure on Debian/kFreeBSD and Hurd.
* Fix memory leak of deflated packets.
* Fix memory leak of zlib state on CSTP reconnect.
* Eliminate memcpy() calls on packets from DTLS and tunnel device
* Use I_LINK instead of I_PLINK on Solaris to plumb interface for Legacy IP.
* Plumb interface for IPv6 on Solaris, instead of expecting vpnc-script to do it.
* Refer to vpnc-script and help web pages in openconnect output.
* Fix potential crash when processing libproxy results.
* Be more conservative in detecting libproxy without pkg-config.- Add optional libproxy-devel buildrequires- Add new mandatory vpnc buildrequires- Package new documentation in doc package- Remove static devel libraries since this is the new upstream default
* Thu Jan 05 2012 toddrme2178AATTgmail.com- Update to version 3.15
* Fix for reading multiple packets from Solaris tun device.
* Call bindtextdomain() to ensure that translations are found in install path.- Update to version 3.14
* Move executable to $prefix/sbin.
* Fix build issues on OSX, OpenIndiana, DragonFlyBSD, OpenBSD, FreeBSD & NetBSD.
* Fix non-portable (void
*) arithmetic.
* Make more messages translatable.
* Attempt to make NLS support more portable (with fewer dependencies).- Update to version 3.13
* Add --cert-expire-warning option.
* Give visible warning when server dislikes client SSL certificate.
* Add localisation support.
* Fix build on Debian systems where dtls1_stop_timer() is not available.
* Fix libproxy detection.
* Enable a useful set of compiler warnings by default.
* Fix various minor compiler warnings.- Update to version 3.12
* Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.
* Fix build failures on GNU Hurd, on systems with ancient OpenSSL, and on Debian.
* Add --pid-file option.
* Print SHA1 fingerprint with server certificate details.- spec file changes
* Package language files in a lang package
* Since the binary is in /usr/sbin, keep the manual as man8
* Package .a file in -devel package and have -devel package provide -devel-static
* Thu Aug 25 2011 toddrme2178AATTgmail.com- Simplified man file installation- Cleaned up spec file formatting
* Mon Aug 08 2011 toddrme2178AATTgmail.com- Changed manuals to man1
* Sun Aug 07 2011 toddrme2178AATTgmail.com- Removed %{?_smp_mflags}
* Sun Aug 07 2011 toddrme2178AATTgmail.com- Removed unneeded libopenconnect.la file.- Minor formatting changes to several spec file macros
* Sun Aug 07 2011 toddrme2178AATTgmail.com- Added upstream url to Source0: tag- Switched back to original tar.gz file
* Sun Aug 07 2011 toddrme2178AATTgmail.com- Fixed license name- Fixed spec file header- Switched to %make_install macro- Added %doc macro for manual files- Removed norootforbuild
* Sun Aug 07 2011 toddrme2178AATTgmail.com- Moved .so file to devel package
* Thu Aug 04 2011 toddrme2178AATTgmail.com- Update to version 3.11
* Add Android.mk file for Android build support
* Add logging support for Android, in place of standard syslog().
* Switch back to using TLSv1, but without extensions.
* Make TPM support optional, dependent on OpenSSL ENGINE support.- Update to version 3.10
* Switch to using GNU autoconf/automake/libtool.
* Produce shared library for authentication.
* Improve library API to make life easier for C++ users.
* Be more explicit about requiring pkg-config.
* Invoke script with reason=reconnect on CSTP reconnect.
* Add --non-inter option to avoid all user input.- Update to version .02
* Install man page in make install target.
* Add openconnect_vpninfo_free() to libopenconnect.
* Clear cached peer_addr to avoid reconnecting to wrong host.- Update to version 3.01
* Add libxml2 to pkg-config requirements.- Update to version 3.00
* Create libopenconnect.a for GUI authentication dialog to use.
* Remove auth-dialog, which now lives in the network-manager-openconnect package.
* Cope with more entries in authentication forms.
* Add --csd-wrapper option to wrap CSD trojan.
* Report error and abort if CA file cannot be opened.- Update to version 2.26
* Fix potential crash on relative HTTP redirect.
* Use correct TUN/TAP device node on Android.
* Check client certificate expiry date.
* Implement CSTP and DTLS rekeying (both by reconnecting CSTP).
* Add --force-dpd option to set minimum DPD interval.
* Don\'t print webvpn cookie in debug output.
* Fix host selection in NetworkManager auth dialog.
* Use SSLv3 instead of TLSv1; some servers (or their firewalls) don\'t accept any ClientHello options.
* Never include address family prefix on script-tun connections.- Fix build errors and rpmlint errors
* Fri Aug 06 2010 andreaAATTopensuse.org- New pacakge
  
ICM