This releases fixes an issue with the two-stage authentication that is used with tools like NetworkManager (or openconnect --authenticate), where you first authenticate with an interactive client and then make the actual VPN connection separately with the resulting cookie. Round-robin DNS can give you multiple A or AAAA records for the same hostname, and in that case the authentication would carefully report the IP address it connected to instead of the hostname, to ensure that the second stage would definitely reconnect to the *same* server that we authenticated to. However, there are cases where you can get different results each time even when there is only *one* answer, with trick DNS servers to do load-balancing or attempt geographical matching. We didn't cope with that. Since NetworkManager is fairly bad at handling the error feedback, the result would be a failure to connect after you think you've authenticated OK and the auth-dialog box has gone away. Now the authentication stage will *always* report the IP address; never the hostname. There are some other internal improvements which aren't stunningly exciting, as well as updates to the Android build infrastructure; especially to support PIE builds. ftp://ftp.infradead.org/pub/openconnect/openconnect-7.03.tar.gz ftp://ftp.infradead.org/pub/openconnect/openconnect-7.03.tar.gz.asc David Woodhouse (17): Add undocumented --gnutls-debug command line option Import translations from GNOME Add missing newline on vpn_perror() output Change vpninfo->deflate to three separate bitmasks for requested/CSTP/DTLS Do compression context setup *after* negotiation rather than before Calculate correct upper bound for zlib buffers Kill static dtls_pkt Stop receiving CSTP to stack Always output specific IP address in authentication results Fix some untranslated strings Make constant data const in cstp.c Make constant data const in ntlm.c Make constant data const in main.c Update translations from GNOME Fix 'vX.XX-unknown' when RPM package applies patches Update changelog Tag version 7.03 Kevin Cernekee (8): android: Don't install symlinks into the sysroot android: Build with NDK r10d android: Update nettle, gnutls, stoken, and oath-toolkit android: Make a $(PKG_CONFIG) helper variable android: Drop libtomcrypt dependency android: Build openconnect binary as PIE android: Import run_pie helper program from Chromium android: Fix bogus liboath pathname -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150109/07fe54d2/attachment-0001.bin>
