head 1.18; access; symbols pkgsrc-2023Q4:1.18.0.6 pkgsrc-2023Q4-base:1.18 pkgsrc-2023Q3:1.18.0.4 pkgsrc-2023Q3-base:1.18 pkgsrc-2023Q2:1.18.0.2 pkgsrc-2023Q2-base:1.18 pkgsrc-2023Q1:1.15.0.4 pkgsrc-2023Q1-base:1.15 pkgsrc-2022Q4:1.15.0.2 pkgsrc-2022Q4-base:1.15 pkgsrc-2022Q3:1.13.0.8 pkgsrc-2022Q3-base:1.13 pkgsrc-2022Q2:1.13.0.6 pkgsrc-2022Q2-base:1.13 pkgsrc-2022Q1:1.13.0.4 pkgsrc-2022Q1-base:1.13 pkgsrc-2021Q4:1.13.0.2 pkgsrc-2021Q4-base:1.13 pkgsrc-2021Q3:1.11.0.12 pkgsrc-2021Q3-base:1.11 pkgsrc-2021Q2:1.11.0.10 pkgsrc-2021Q2-base:1.11 pkgsrc-2021Q1:1.11.0.8 pkgsrc-2021Q1-base:1.11 pkgsrc-2020Q4:1.11.0.6 pkgsrc-2020Q4-base:1.11 pkgsrc-2020Q3:1.11.0.4 pkgsrc-2020Q3-base:1.11 pkgsrc-2020Q2:1.11.0.2 pkgsrc-2020Q2-base:1.11 pkgsrc-2020Q1:1.10.0.4 pkgsrc-2020Q1-base:1.10 pkgsrc-2019Q4:1.10.0.6 pkgsrc-2019Q4-base:1.10 pkgsrc-2019Q3:1.10.0.2 pkgsrc-2019Q3-base:1.10 pkgsrc-2019Q2:1.8.0.2 pkgsrc-2019Q2-base:1.8 pkgsrc-2019Q1:1.7.0.2 pkgsrc-2019Q1-base:1.7 pkgsrc-2018Q4:1.5.0.18 pkgsrc-2018Q4-base:1.5 pkgsrc-2018Q3:1.5.0.16 pkgsrc-2018Q3-base:1.5 pkgsrc-2018Q2:1.5.0.14 pkgsrc-2018Q2-base:1.5 pkgsrc-2018Q1:1.5.0.12 pkgsrc-2018Q1-base:1.5 pkgsrc-2017Q4:1.5.0.10 pkgsrc-2017Q4-base:1.5 pkgsrc-2017Q3:1.5.0.8 pkgsrc-2017Q3-base:1.5 pkgsrc-2017Q2:1.5.0.4 pkgsrc-2017Q2-base:1.5 pkgsrc-2017Q1:1.5.0.2 pkgsrc-2017Q1-base:1.5 pkgsrc-2016Q4:1.4.0.2 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.3.0.8 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.6 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.4 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.2 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.1.0.6 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.4 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.2 pkgsrc-2015Q1-base:1.1; locks; strict; comment @# @; 1.18 date 2023.05.20.15.41.19; author schmonz; state Exp; branches; next 1.17; commitid QS5AKlG0sZrmvIpE; 1.17 date 2023.05.18.13.55.54; author schmonz; state Exp; branches; next 1.16; commitid 3puWNIorAWBbZrpE; 1.16 date 2023.05.05.13.21.22; author schmonz; state Exp; branches; next 1.15; commitid HXz4AwJIZNdfdMnE; 1.15 date 2022.10.20.19.12.57; author schmonz; state Exp; branches; next 1.14; commitid 2JqCBgyuGvnguuYD; 1.14 date 2022.10.18.01.18.10; author schmonz; state Exp; branches; next 1.13; commitid I4lNY093LBnJB8YD; 1.13 date 2021.10.26.11.06.11; author nia; state Exp; branches; next 1.12; commitid G83yJyZF8er6kjeD; 1.12 date 2021.10.07.14.42.02; author nia; state Exp; branches; next 1.11; commitid EMvsIaZgYm1t8TbD; 1.11 date 2020.06.05.15.50.31; author bacon; state Exp; branches; next 1.10; commitid 9ELPivbTFIxId3bC; 1.10 date 2019.09.12.19.23.13; author schmonz; state Exp; branches; next 1.9; commitid 1A8pZLARH5RVZKCB; 1.9 date 2019.09.07.19.30.21; author schmonz; state Exp; branches; next 1.8; commitid CS7gBM7A7Pqlc7CB; 1.8 date 2019.05.20.14.16.21; author schmonz; state Exp; branches; next 1.7; commitid wPmSXH40RP4QZWnB; 1.7 date 2019.01.22.18.28.40; author schmonz; state Exp; branches; next 1.6; commitid sTa0bxoj9TSybO8B; 1.6 date 2019.01.07.22.23.52; author schmonz; state Exp; branches; next 1.5; commitid QeykFfVrSUT8YT6B; 1.5 date 2017.01.03.00.02.03; author khorben; state Exp; branches; next 1.4; commitid 76G1ChmIuAFh8sAz; 1.4 date 2016.10.28.10.02.38; author wiz; state Exp; branches; next 1.3; commitid mY9BwOcCkn97CTrz; 1.3 date 2015.11.04.00.35.17; author agc; state Exp; branches; next 1.2; commitid K5R8pkzReRJy0IHy; 1.2 date 2015.10.14.13.13.44; author wiz; state Exp; branches; next 1.1; commitid jbHJbDtjZBhVS4Fy; 1.1 date 2015.03.02.15.27.58; author wiz; state Exp; branches; next ; commitid T1WmIJgKC4ItT2cy; desc @@ 1.18 log @Update to 9.12. From the changelog: - Fix FreeBSD build and tests. - Explicitly reject overly long tun device names. - Work around ambiguity between from json-parser vs json-c (!476). - Fix symbol versioning for openconnect_set_sni(). - Increase maximum input size from stdin (#579). - Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58). - Fix Mac OS build of os-tcp-mtu tool (#612). @ text @$NetBSD: distinfo,v 1.17 2023/05/18 13:55:54 schmonz Exp $ BLAKE2s (openconnect-9.12.tar.gz) = 9d74bf941856fc06d61cb82c39b7464050df2693d1ee02389edfefc16c2605d2 SHA512 (openconnect-9.12.tar.gz) = 5c622e8bdfac3d21b5881660444e5d2b84e9463a99493d42cbfb480c3aa3972076bdeeb618aca02abed68e31dbeadcb66fb1c370e62a20f20cd544753c7ac48e Size (openconnect-9.12.tar.gz) = 2843115 bytes SHA1 (patch-hpke.c) = 294dd4e691bf9f20d0b7a41329b6912d6fca4284 @ 1.17 log @Update to 9.11. From the changelog: - Rebuild test suite certificate chains (which had expired: #609) - Fix stray (null) in URL path after Pulse authentication. - Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475). - Fix case sensitivity in GPST header matching (!474). - Add external browser support for Windows (#553). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2023/05/05 13:21:22 schmonz Exp $ d3 3 a5 3 BLAKE2s (openconnect-9.11.tar.gz) = 587988518f349fbd1251b15e74d80eedd390af88dd237f22d0adabada1cfa172 SHA512 (openconnect-9.11.tar.gz) = fd1aa12597467102e7c94de9549f02f714736f997b050473d1e0f1a1abd9dc85186436209be9a8b24cafa9dc349329be7d583eb438ce06f14077a7c12598e55e Size (openconnect-9.11.tar.gz) = 2844135 bytes @ 1.16 log @Update to 9.10. From the changelog: - Fix external browser authentication with KDE plasma-nm < 5.26. - Always redirect stdout to stderr when spawning external browser. - Increase default queue length to 32 packets (#582). - Make the Wintun Layer 3 TUN driver the default on Windows (!427). - Add support for and bundle Wintun 0.14.1 (!294). - Fix receiving multiple packets in one TLS frame, and single packets split across multiple TLS frames, for Array (#435). - Fix ESP failures under Windows (#427). - Add list-system-keys tool to assist Windows/MacOS users in setup. - Handle idiosyncratic variation in search domain separators for all protocols (#433, #443, !388). - Support region selection field for Pulse authentication (!399). - Support modified configuration packet from Pulse 9.1R16 servers (#472, !401) - Allow hidden form fields to be populated or converted to text fields on the command line (#493, #489, !409) - Support yet another strange way of encoding challenge-based 2FA for GlobalProtect (#495, !411) - Add --sni option (and corresponding C and Java API functions) to allow domain-fronting connections in censored/filtered network environments (!297, !451). - Parrot a GlobalProtect server's software version, if present, as the client version (!333) - Fix NULL pointer dereference that has left Android builds broken since v8.20 (!389). - Fix Fortinet authentication bug where repeated SVPNCOOKIE causes segfaults (#514, !418). - Support F5 VPNs which encode authentication forms only in JSON, not in HTML (#512, !431). - Persist Windows installers for tagged builds (#463, !391). - Support simultaneous IPv6 and Legacy IP ("dual-stack") for Fortinet (#568, !456). - Support "FTM-push" token mode for Fortinet VPNs (#555, !450). - Send IPv6-compatible version string in Pulse IF/T session establishment, and avoid its ESP/IP version layering idiocy on newer servers (#506, !414) - Add --no-external-auth option to not advertise external-browser authentication, as a workaround for servers which behave differently when it is advertised (#470, !398) - Emulate MacOS-specific contents in the HIP report for GlobalProtect (!471). - Many small improvements in server response parsing, and better logging messages and documentation. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/10/20 19:12:57 schmonz Exp $ d3 4 a6 4 BLAKE2s (openconnect-9.10.tar.gz) = 25758264e1a11c1dee7da7130675b090f03f1de6eba8463164dc277ec9c6a899 SHA512 (openconnect-9.10.tar.gz) = 64d10ad67fccd11d1aaae23a77c6cfd8200bbba0eae21a7d01c604688ec9c35b5f19eeb9a47de14d383780eba64a2f6c06daccd4c1fae6289efdb0dc2fb7c536 Size (openconnect-9.10.tar.gz) = 2843858 bytes SHA1 (patch-main.c) = 040fb724052c5bf2e007b322f103d37f06a2bfb2 @ 1.15 log @Define environ before it's used, to fix build on at least NetBSD. Take MAINTAINER. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2022/10/18 01:18:10 schmonz Exp $ d3 3 a5 3 BLAKE2s (openconnect-9.01.tar.gz) = a56f3914b696aa3a11ea5a1732dec1b77c2aa8d6de72c3fb8f8abb3f9078ccfd SHA512 (openconnect-9.01.tar.gz) = b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34 Size (openconnect-9.01.tar.gz) = 2718526 bytes @ 1.14 log @Update to 9.01. From the changelog: 9.01: - Fix library minor version (missing bump to 5.8). 9.00: - Add support for AnyConnect "Session Token Re-use Anchor Protocol" (STRAP) (#410). - Add support for AnyConnect "external browser" SSO mode (!354). - On Windows, fix crash on tunnel setup. (#370, 6a2ffbb) - Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20. (#388, !344) - Support Cisco's multiple-certificate authentication (!194). - Append internal=no to GlobalProtect authentication/configuration forms, for compatibility with servers which apparently require this to function properly. (#246, !337) - Revert GlobalProtect default route handling change from v8.20. (!367) - Support split-exclude routes for Fortinet. (#394, !345) - Add openconnect_set_useragent() function. - Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect. (!126). 8.20: - When the queue length (-Q option) is 16 or more, try using vhost-net to accelerate tun device access. - Use epoll() where available. - Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. (#249) - Make tncc-emulate.py work with Python 3.7+. (#152, !120) - Emulated a newer version of GlobalProtect official clients, 5.1.5-8; was 4.0.2-19 (!131) - Support Juniper login forms containing both password and 2FA token (!121) - Explicitly disable 3DES and RC4, unless enabled with --allow-insecure-crypto (!114) - Add obsolete-server-crypto test (!114) - Allow protocols to delay tunnel setup and shutdown (!117) - Support for GlobalProtect IPv6 (!155 and !188; previous work in d6db0ec) - SIGUSR1 causes OpenConnect to log detailed connection information and statistics (!154) - Allow --servercert to be specified multiple times in order to accept server certificates matching more than one possible fingerprint (!162, #25) - Add insecure debugging build mode for developers (!112) - Demangle default routes sent as split routes by GlobalProtect (!118) - Improve GlobalProtect login argument decoding (!143) - Add detection of authentication expiration date, intended to allow front-ends to cache and reuse authentication cookies/sessions (!156) - Small bug fixes and clarification of many logging messages. - Support more Juniper login forms, including some SSO forms (!171) - Automatically build Windows installers for OpenConnect command-line interface (!176) - Restore compatibility with newer Cisco servers, by no longer sending them the X-AnyConnect-Platform header (#101, !175) - Add support for PPP-based protocols, currently over TLS only (!165). - Add support for two PPP-based protocols, F5 with --protocol=f5 and Fortinet with --protocol=fortinet (!169). - Add experimental support for Wintun Layer 3 TUN driver under Windows (#231, !178). - Clean up and improve Windows routing/DNS configuration script (vpnc-scripts!26, vpnc-scripts!41, vpnc-scripts!44). - On Windows, reclaim needed IP addresses from down network interfaces so that configuration script can succeed (!178). - Fix output redirection under Windows (#229) - More gracefully handle idle timeouts and other fatal errors for Juniper and Pulse (!187) - Ignore failures to fetch the Juniper/oNCP landing page if the authentication was successful (3e779436). - Add support for Array Networks SSL VPN (#102) - Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm and hardware TPM. (ed80bfac...ee1cd782) - Add openconnect_get_connect_url() to simplify passing correct server information to the connecting openconnect process. (NetworkManager-openconnect #46, #53) - Disable brittle "system policy" enforcement where it cannot be gracefully overridden at user request. (RH#1960763). - Pass "portal cookie" fields from GlobalProtect portal to gateway to avoid repetition of password- or SAML-based login (!199) - With --user, enter username supplied via command-line into all authentication forms, not just the first. (#267, !220). - Fix a subtle bug which has prevented ESP rekey and ESP-to-TLS fallback from working reliably with the Juniper/oNCP protocol since v8.04. (#322, !293). - Fix a bug in csd-wrapper.sh which has prevented it from correctly downloading compressed Trojan binaries since at least v8.00. (!305) - Make Windows socketpair emulation more robust in the face of Windows's ability to break its localhost routes. (#228, #361, !320) - Perform proper disconnect and routes cleanup on Windows when receiving Ctrl+C or Ctrl+Break. (#362, !323) - Improve logging in routing/DNS configuration scripts. (!328, vpnc-scripts!45) - Support modified configuration packet from Pulse 9.1R14 servers (#379, !331) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2021/10/26 11:06:11 nia Exp $ d6 1 @ 1.13 log @ net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2021/10/07 14:42:02 nia Exp $ d3 3 a5 4 BLAKE2s (openconnect-8.10.tar.gz) = 66f456ad82bf911e6aa63b460f486906066cd148756f3e02f97701e32500acd5 SHA512 (openconnect-8.10.tar.gz) = a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356 Size (openconnect-8.10.tar.gz) = 2084534 bytes SHA1 (patch-configure) = d9ecd9e7f726dc6982f401871f5c67ffc0ca7a15 @ 1.12 log @net: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2020/06/05 15:50:31 bacon Exp $ d3 1 a3 1 RMD160 (openconnect-8.10.tar.gz) = 775b1d6e16605c5437d5d52db08720f6634704f5 @ 1.11 log @net/openconnect: Upgrade to 8.10 Fixes build for Darwin Based on wip/openconnect with help from Louis Guillaume @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2019/09/12 19:23:13 schmonz Exp $ a2 1 SHA1 (openconnect-8.10.tar.gz) = 2829320cfd7801baf4ceccc8d4f650a10994cd51 @ 1.10 log @Update to 8.05. From the changelog: - Fix GlobalProtect ESP stall (#55). - Fix HTTP chunked encoding buffer overflow (CVE-2019-16239). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2019/09/07 19:30:21 schmonz Exp $ d3 5 a7 4 SHA1 (openconnect-8.05.tar.gz) = 7fc0ed9cb34b401740100f36695036d3333256c0 RMD160 (openconnect-8.05.tar.gz) = 68aec09309f9988da227d82d844c39a620cce13c SHA512 (openconnect-8.05.tar.gz) = 3ac9f1fa5a87b06d45c316897c69470264f2fde7525b5b3ef1352041dd0c8ae5eaf5dd325de1bdcf1e5b82e688fec9c36d531da1b75ac3f49896d4186d83aa15 Size (openconnect-8.05.tar.gz) = 1922100 bytes @ 1.9 log @Update to 8.04. From the changelog: - Rework DTLS MTU detection. (#10) - Add Pulse Connect Secure support. - OpenSSL build fixes (#51). - Add HMAC-SHA256-128 (RFC4868) support for ESP. - Support IPv6 in ESP. - Translate user-visible strings from openconnect_get_supported_protocols(). - Fix proxy username/password handling to allow special characters and escaping. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2019/05/20 14:16:21 schmonz Exp $ d3 4 a6 4 SHA1 (openconnect-8.04.tar.gz) = f643b782aaa2a66540517743898ba50e063cf9ce RMD160 (openconnect-8.04.tar.gz) = 1a30e71264cf1f8870df391ef9b3bc62cdde166d SHA512 (openconnect-8.04.tar.gz) = 3d1f335c5ac62cdcf874b0371e9ed939e5e44060d422b35120d0a6bb87f1a7cc4ffc783e6c65d11a9d5ef974c99e56107da837ee61a03f70d9397e077185050a Size (openconnect-8.04.tar.gz) = 1914479 bytes @ 1.8 log @Update to 8.03. From the changelog: _ Fix detection of utun support on OS X (#18). _ Fix Cisco DTLSv1.2 support for AES256-GCM-SHA384. _ Fix Solaris 11.4 build by properly detecting memset_s(). _ Fix recognition of OTP password fields (#24). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2019/01/22 18:28:40 schmonz Exp $ d3 4 a6 4 SHA1 (openconnect-8.03.tar.gz) = 9808b2bc25ceee69d853c8b14f72e7139d4d8843 RMD160 (openconnect-8.03.tar.gz) = f6d41626b5f0687dc1345a9c8c8b03a740850764 SHA512 (openconnect-8.03.tar.gz) = e5cae7aacc5684c585992c8199d47c1318a710d2f3638e0b71f5ab3ee7f35406306462e19ba55b32351a3894c83c256569e2e096da0bc8f6404f2740168e73da Size (openconnect-8.03.tar.gz) = 1885587 bytes @ 1.7 log @Update to 8.02. From the changelog: - Fix GNU/Hurd build. - Discover vpnc-script in default packaged location on FreeBSD/OpenBSD. - Support split-exclude routes for GlobalProtect. - Fix GnuTLS builds without libtasn1. - Fix DTLS support with OpenSSL 1.1.1+. - Add Cisco-compatible DTLSv1.2 support. - Invoke script with reason=attempt-reconnect before doing so. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2019/01/07 22:23:52 schmonz Exp $ d3 4 a6 4 SHA1 (openconnect-8.02.tar.gz) = e36c8551a75cfef2721a2f432d1b69f1a83722bc RMD160 (openconnect-8.02.tar.gz) = 558b95eae763773aec8c2517027d9680d47ed7e1 SHA512 (openconnect-8.02.tar.gz) = 690a51198aeaf4bb1cd0901b0799ac991712a29aa899fe735a7b5201683cd627556eebeefba01d0c752ba44ba0a6c5ee1c3647d692383f3f4b335e79c5337cbc Size (openconnect-8.02.tar.gz) = 1876135 bytes @ 1.6 log @Update to 8.01. From the changelog: - Fix memset_s() arguments. - Fix OpenBSD build. - Clear form submissions (which may include passwords) before freeing (CVE-2018-20319). - Allow form responses to be provided on command line. - Add support for SSL keys stored in TPM2. - Fix ESP rekey when replay protection is disabled. - Drop support for GnuTLS older than 3.2.10. - Fix --passwd-on-stdin for Windows to not forcibly open console. - Fix portability of shell scripts in test suite. - Add Google Authenticator TOTP support for Juniper. - Add RFC7469 key PIN support for cert hashes. - Add protocol method to securely log out the Juniper session. - Relax requirements for Juniper hostname packet response to support old gateways. - Add API functions to query the supported protocols. - Verify ESP sequence numbers and warn even if replay protection is disabled. - Add support for PAN GlobalProtect VPN protocol (--protocol=gp). - Reorganize listing of command-line options, and include information on supported protocols. - SIGTERM cleans up the session similarly to SIGINT. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2017/01/03 00:02:03 khorben Exp $ d3 4 a6 4 SHA1 (openconnect-8.01.tar.gz) = 0a3a58c559956b7a5e5e8eec6699f8b709cc726e RMD160 (openconnect-8.01.tar.gz) = 0ffdc4530425443aa5f86694f2d5b3d64ddab1e6 SHA512 (openconnect-8.01.tar.gz) = df88bcae590ecea910e85c068ac15b4f8de9a90dc968ddda0b34bd772949cba0382484f80f6d796da43cc2673daa44a094228c5cd35f1de92d6157bc94b2162e Size (openconnect-8.01.tar.gz) = 1870269 bytes @ 1.5 log @Update openconnect to version 7.08 Changelog: Add SHA256 support for server cert hashes. Enable DHE ciphers for Cisco DTLS. Increase initial oNCP configuration buffer size. Reopen CONIN$ when stdin is redirected on Windows. Improve support for point-to-point routing on Windows. Check for non-resumed DTLS sessions which may indicate a MiTM attack. Add TUNIDX environment variable on Windows. Fix compatibility with Pulse Secure 8.2R5. Fix IPv6 support in Solaris. Support DTLS automatic negotiation. Support --key-password for GnuTLS PKCS#11 PIN. Support automatic DTLS MTU detection with OpenSSL. Drop support for combined GnuTLS/OpenSSL build. Update OpenSSL to allow TLSv1.2, improve compatibility options. Remove --no-cert-check option. It was being (mis)used. Fix OpenSSL support for PKCS#11 EC keys without public key. Support for final OpenSSL 1.1 release. Fix polling/retry on "tun" socket when buffers full. Fix AnyConnect server-side MTU setting. Fix ESP replay detection. Allow build with LibreSSL (for fetishists only; do not use this as DTLS is broken). Add certificate torture test suite. Support PKCS#11 PIN via pin-value= and --key-password for OpenSSL. Fix integer overflow issues with ESP packet replay detection. Add --pass-tos option as in OpenVPN. Support rôle selection form in Juniper VPN. Support DER-format certificates, add certificate format torture tests. For OpenSSL >= 1.0.2, fix certificate validation when only an intermediate CA is specified with the --cafile option. Support Juniper "Pre Sign-in Message". @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (openconnect-7.08.tar.gz) = ac106457c6a94808096552b6dc2037ad4cce7858 RMD160 (openconnect-7.08.tar.gz) = b5f8e916d081011d469f3b180b195113687cdd2b SHA512 (openconnect-7.08.tar.gz) = 22f9b0bd4bd17e2ab91ff42b2464c89abba035fe705c037ba4d1042ace460c8738e20481783a1edc3b7dd6503fe9fcc7fdd188552811fb1525310e25a4c2f400 Size (openconnect-7.08.tar.gz) = 1686133 bytes @ 1.4 log @Updated openconnect to 7.07. From Kai-Uwe Eckhardt in PR 51576. OpenConnect v7.07 (PGP signature) — 2016-07-11 More fixes for OpenSSL 1.1 build. Support Juniper "Post Sign-in Message". Add --protocol option. Fix ChaCha20-Poly1305 cipher suite to reflect final standard. Add ability to disable IPv6 support via library API. Set groups appropriately when using setuid(). Automatic DTLS MTU detection. Support SSL client certificate authentication with Juniper servers. Revamp SSL certificate validation for OpenSSL and stop supporting OpenSSL older than 0.9.8. Fix handling of multiple DNS search domains with Network Connect. Fix handling of large configuration packets for Network Connect. Enable SNI when built with OpenSSL (1.0.1g or later). Add --resolve and --local-hostname options to command line. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2015/11/04 00:35:17 agc Exp $ d3 4 a6 4 SHA1 (openconnect-7.07.tar.gz) = 6ed96962b49a59ba94307d3383d729564777fa35 RMD160 (openconnect-7.07.tar.gz) = c62e4e50a76fb6cb0797ad8b066d8bef4b738bb9 SHA512 (openconnect-7.07.tar.gz) = fcce82419a058f5210f8b6167a10e52eb572c93cda3ec941bf11e5bfcf8395ce2f816cba4f5f9a02920eb023fe7dfbd8192d5664ce5bab29bf88506b67ec34e3 Size (openconnect-7.07.tar.gz) = 1557283 bytes @ 1.3 log @Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2015/10/14 13:13:44 wiz Exp $ d3 4 a6 4 SHA1 (openconnect-7.06.tar.gz) = 2351408693aab0c6bc97d37e68b4a869fbb217ed RMD160 (openconnect-7.06.tar.gz) = fb9f55e413bd3eb065521332d8632001fb14b12f SHA512 (openconnect-7.06.tar.gz) = d1af9efe4ac1f6671dc6b92db0df981e8cae3f2f50b8b4c35a112b42a76517b7c8ea9fd5da93352445dd61da3012bf34fdbcc3add9d8727cbaad7d311e516108 Size (openconnect-7.06.tar.gz) = 1343870 bytes @ 1.2 log @Update to 7.06, based on PR 50336 by Kai-Uwe Eckhardt: OpenConnect v7.06 (PGP signature) — 2015-03-17 Fix openconnect.pc breakage after liboath removal. Refactor Juniper Network Connect receive loop. Fix some memory leaks. Add Bosnian translation. OpenConnect v7.05 (PGP signature) — 2015-03-10 Fix alignment issue which broke LZS compression on ARM etc. Support HTTP authentication to servers, not just proxies. Work around Yubikey issue with non-ASCII passphrase set on pre-KitKat Android. Add SHA256/SHA512 support for OATH. Remove liboath dependency. Support DTLS v1.2 and AES-GCM with OpenSSL 1.0.2. Add OpenSSL 1.0.2 to known-broken releases (RT#3703, RT#3711). Fix build with OpenSSL HEAD (OpenSSL 1.1.x). Preliminary support for Juniper SSL VPN. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2015/03/02 15:27:58 wiz Exp $ d5 1 @ 1.1 log @Import openconnect-7.04 as net/openconnect, packaged for wip by pdtafti, hfath, asau, kristerw, jakllsch, and keckhardt. OpenConnect is a client for Cisco's AnyConnect SSL VPN released under LGPL v2.1. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 SHA1 (openconnect-7.04.tar.gz) = 1a87bebcc615fd96146a8afd05491883ef2b4daf RMD160 (openconnect-7.04.tar.gz) = 4af556b0b64d21d4b84c193bccc979c29693ba75 Size (openconnect-7.04.tar.gz) = 1205264 bytes @