OpenConnect 8.04 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The most interesting part here is the support for Pulse Connect Secure,
of course. We now finally have IPv6 support instead of being stuck in
the 20th century (actually, make that the 1980s; even IPv6 was 1990s)
with the Juniper NC compatibility. We still don't have Host Checker
support for Pulse yet though; that would be nice to add.

Also fixes password handling for proxies, reworks and improves the MTU
detection for DTLS, and a few other fixes.

ftp://ftp.infradead.org/pub/openconnect/openconnect-8.04.tar.gz
ftp://ftp.infradead.org/pub/openconnect/openconnect-8.04.tar.gz.asc

Colin Petrie (1):
      Update CSTP for IPv6 DNS servers

Daniel Lenski (10):
      make dump_buf_hex() show printable characters as well
      Better spoofed HIP report
      Report GP session lifetime
      Incomplete, speculative IPv6 for GlobalProtect
      Clean up and simplify GP ESP keying
      comment about GlobalProtect HTTP user-agent value
      consolidate GlobalProtect OS name translation
      Add hipreport-android.sh
      also support sha256 with GlobalProtect ESP
      fix GP MTU calculation

David Woodhouse (44):
      Consolidate common parts of setup_esp_keys()
      Revamp MTU detection
      Fix peer_cert_hash memory leaks
      Convert dump_buf_hex() to use oc_text_buf instead of sprintf
      Add Pulse Connect Secure support
      Add HMAC-SHA256-128 support for ESP
      pulse: Split out config packet handling and loop until end-of-config received
      Add ESP support for Pulse
      Split out construct_esp_packet() to avoid duplication
      Set ESP Next Header field to 0x29 for IPv6 packets
      Disable encrypt-then-mac where possible with DTLS and OpenSSL
      Fix pulse build without HAVE_ESP
      Refuse to use libp11 0.4.7 as it's broken
      Fix EAP-TTLS build for OpenSSL 1.0.2 and earlier
      pulse: Handle multiple IF-T/TLS records in a single SSL record
      Import translations from GNOME
      Update changelog
      Set IPv6 netmask vs. address fields correctly for Pulse
      Revert "Set ESP Next Header field to 0x29 for IPv6 packets"
      Look a lot more like the Windows client...
      Improve Pulse ESP setup reliability.
      Translate strings in openconnect_get_supported_protocols()
      Turn off Extended Master Secret support (RFC7627) for resumed DTLS sessions
      Add IPv6 DNS and split routing for Pulse.
      Add tokencode support for Pulse
      Acknowledge Pulse post-signin message
      Interpret Pulse auth failure AVP
      Revert "Look a lot more like the Windows client..."
      Allow oversized incoming DTLS packets
      Attempt to handle Pulse password/passcode auth flow better
      Various documentation updates (DTLSv1.2, Pulse, TNCC)
      Update translatons from GNOME
      Set ESP Next Header correctly for IPv6 again
      For Pulse, send ESP only of the same IP protocol as we're connected over
      Add IPPROTO_IPIP compat definition to fix MinGW build
      Support autobuild for COPR
      Increase buffer size for oNCP configuration
      Kill bogus 'no GSSAPI' warning when it isn't true
      Update translatons from GNOME
      Implicitly enable basic auth for SOCKS if creds are provided.
      Fix proxy username and password parsing.
      Simplify openconnect_set_http_proxy() and report errors
      Remove hipreport-android.sh from COPR RPM build
      Tag version 8.04

Rosen Penev (2):
      Fix compilation without deprecated OpenSSL 1.1 APIs
      Fix DTLS bug when lacking deprecated APIs

raminfp (1):
      gpst: Fix memory leak if udp_connect() fails.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel

[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux