Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: openconnect | Distribution: openSUSE Tumbleweed |
Version: 9.12 | Vendor: openSUSE |
Release: 3.2 | Build date: Thu Mar 21 15:48:59 2024 |
Group: Productivity/Networking/Security | Build host: reproducible |
Size: 156015 | Source RPM: openconnect-9.12-3.2.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: http://www.infradead.org/openconnect.html | |
Summary: Client for Cisco AnyConnect VPN |
This package provides a multi-protocol client for a number of SSL VPNs, such as: * Cisco's "AnyConnect" VPN (HTTPS/DTLS) supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers, and probably others. * Array Networks AG SSL VPN * Juniper SSL VPN * Pulse Connect Secure * Palo Alto Networks GlobalProtect SSL VPN * F5 Big-IP SSL VPN * Fortinet Fortigate SSL VPN
LGPL-2.1-or-later
* Thu Mar 21 2024 pgajdos@suse.com - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] * Sat May 20 2023 Andrea Manzini <andrea.manzini@suse.com> - Update to release 9.12: * Explicitly reject overly long tun device names. * Increase maximum input size from stdin (#579). * Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58). * Fix stray (null) in URL path after Pulse authentication (4023bd95). * Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475). * Fix case sensitivity in GPST header matching (!474). * Mon May 08 2023 Andrea Manzini <andrea.manzini@suse.com> - Update to release 9.10: * Fix external browser authentication with KDE plasma-nm < 5.26. * Always redirect stdout to stderr when spawning external browser. * Increase default queue length to 32 packets. * Fix receiving multiple packets in one TLS frame, and single packets split across multiple TLS frames, for Array. * Handle idiosyncratic variation in search domain separators for all protocols * Support region selection field for Pulse authentication * Support modified configuration packet from Pulse 9.1R16 servers * Allow hidden form fields to be populated or converted to text fields on the command line * Support yet another strange way of encoding challenge-based 2FA for GlobalProtect * Add --sni option (and corresponding C and Java API functions) to allow domain-fronting connections in censored/filtered network environments * Parrot a GlobalProtect server's software version, if present, as the client version (!333) * Fix NULL pointer dereference that has left Android builds broken since v8.20 (!389). * Fix Fortinet authentication bug where repeated SVPNCOOKIE causes segfaults (#514, !418). * Support F5 VPNs which encode authentication forms only in JSON, not in HTML. * Support simultaneous IPv6 and Legacy IP ("dual-stack") for Fortinet . * Support "FTM-push" token mode for Fortinet VPNs . * Send IPv6-compatible version string in Pulse IF/T session establishment * Add --no-external-auth option to not advertise external-browser authentication * Many small improvements in server response parsing, and better logging messages and documentation. * Thu Dec 15 2022 Andrea Manzini <andrea.manzini@suse.com> - Update to release 9.01: * Add support for AnyConnect "Session Token Re-use Anchor Protocol" (STRAP) * Add support for AnyConnect "external browser" SSO mode * Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20 * Support Cisco's multiple-certificate authentication * Revert GlobalProtect default route handling change from v8.20 * Suppo split-exclude routes for Fortinet * Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect * Mon Apr 18 2022 Jan Engelhardt <jengelh@inai.de> - Update to release 8.20: * Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. * Emulated a newer version of GlobalProtect official clients, 5.1.5-8; was 4.0.2-19 * Support Juniper login forms containing both password and 2FA token * Explicitly disable 3DES and RC4, unless enabled with - -allow-insecure-crypto * Allow protocols to delay tunnel setup and shutdown (!117) * Support for GlobalProtect IPv6 * SIGUSR1now causes OpenConnect to log detailed connection information and statistics * Allow --servercert to be specified multiple times in order to accept server certificates matching more than one possible fingerprint * Demangle default routes sent as split routes by GlobalProtect * Support more Juniper login forms, including some SSO forms * Restore compatibility with newer Cisco servers, by no longer sending them the X-AnyConnect-Platform header * Add support for PPP-based protocols, currently over TLS only. * Add support for two PPP-based protocols, F5 with - -protocol=f5 and Fortinet with --protocol=fortinet. * Add support for Array Networks SSL VPN. * Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm and hardware TPM. * Tue Nov 23 2021 Robert Munteanu <rombert@apache.org> - Import the latest version of the vpnc-script, revision 1d35a8527e5422967514dd1d47350ff2ede55903 (boo#1140772) * This brings a lot of improvements for non-trivial network setups, IPv6 etc * Fri Jan 08 2021 olaf@aepfle.de - Build with --without-gnutls-version-check * Fri May 15 2020 Martin Hauke <mardnh@gmx.de> - Update to version 8.10: * Install bash completion script to ${datadir}/bash-completion/completions/openconnect. * Improve compatibility of csd-post.sh trojan. * Fix potential buffer overflow with GnuTLS describing local certs (CVE-2020-12823, bsc#1171862, gl#openconnect/openconnect!108). * Fri May 01 2020 Martin Hauke <mardnh@gmx.de> - Fix CVE-2020-12105 (boo#1170452) - Introduce subpackage for bash-completion - Update to 8.09: * Add bash completion support. * Give more helpful error in case of Pulse servers asking for TNCC. * Sanitize non-canonical Legacy IP network addresses. * Fix OpenSSL validation for trusted but invalid certificates (CVE-2020-12105). * Convert tncc-wrapper.py to Python 3, and include modernized tncc-emulate.py as well. (!91) * Disable Nagle's algorithm for TLS sockets, to improve interactivity when tunnel runs over TCP rather than UDP. * GlobalProtect: more resilient handling of periodic HIP check and login arguments, and predictable naming of challenge forms. * Work around PKCS#11 tokens which forget to set CKF_LOGIN_REQUIRED. - Update to 8.0.8: * Fix check of pin-sha256: public key hashes to be case sensitive * Don't give non-functioning stderr to CSD trojan scripts. * Fix crash with uninitialised OIDC token. - Update to 8.0.7: * Don't abort Pulse connection when server-provided certificate MD5 doesn't match. * Fix off-by-one in check for bad GnuTLS versions, and add build and run time checks. * Don't abort connection if CSD wrapper script returns non-zero (for now). * Make --passtos work for protocols that use ESP, in addition to DTLS. * Convert tncc-wrapper.py to Python 3, and include modernized tncc-emulate.py as well. * Wed Jan 08 2020 Tomáš Chvátal <tchvatal@suse.com> - Remove tncc-wrapper.py script as it is python2 only bsc#1157446
/etc/openconnect /etc/openconnect/vpnc-script /usr/libexec/openconnect /usr/libexec/openconnect/csd-post.sh /usr/libexec/openconnect/csd-wrapper.sh /usr/libexec/openconnect/hipreport.sh /usr/libexec/openconnect/tncc-emulate.py /usr/sbin/openconnect /usr/share/man/man8/openconnect.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jan 7 23:49:12 2025