2 <VAR match="VAR_ORIGIN" replace="" />
3 <VAR match="VAR_CVSID" replace=""/>
4 <INCLUDE file="inc/header.tmpl" />
6 <VAR match="VAR_SEL_INDEX" replace="selected" />
7 <VAR match="VAR_SEL_CHANGELOG" replace="selected" />
8 <PARSE file="menu1.xml" />
9 <PARSE file="menu2.xml" />
11 <INCLUDE file="inc/content.tmpl" />
15 <p>For full changelog entries including the latest development, see
16 <a href="http://git.infradead.org/users/dwmw2/openconnect.git">gitweb</a>.</p>
18 <li><b>OpenConnect HEAD</b>
20 <li><i>No changelog entries yet</i></li>
23 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.04.tar.gz">OpenConnect v4.04</a></b>
24 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.04.tar.gz.asc">PGP signature</a>)</i> — 2012-07-05
26 <li>Fix GnuTLS password handling for PKCS#8 files.</li>
29 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.03.tar.gz">OpenConnect v4.03</a></b>
30 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.03.tar.gz.asc">PGP signature</a>)</i> — 2012-07-02
32 <li>Fix <tt>--no-proxy</tt> option.</li>
33 <li>Fix handling of requested vs. received MTU settings.</li>
34 <li>Fix DTLS MTU for GnuTLS 3.0.21 and newer.</li>
35 <li>Support more ciphers for OpenSSL encrypted PEM keys, with GnuTLS.</li>
36 <li>Fix GnuTLS compatibilty issue with servers that insist on TLSv1.0 or non-AES ciphers <a href="https://bugzilla.redhat.com/show_bug.cgi?id=836558"><i>(RH#836558)</i></a>.</li>
39 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.02.tar.gz">OpenConnect v4.02</a></b>
40 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.02.tar.gz.asc">PGP signature</a>)</i> — 2012-06-28
42 <li>Fix build failure due to unconditional inclusion of <tt>&lt;gnutls/dtls.h&gt;</tt>.</li>
45 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.01.tar.gz">OpenConnect v4.01</a></b>
46 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.01.tar.gz.asc">PGP signature</a>)</i> — 2012-06-28
48 <li>Fix DTLS MTU issue with GnuTLS.</li>
49 <li>Fix reconnect crash when compression is disabled.</li>
50 <li>Fix build on systems like FreeBSD 8 without <tt>O_CLOEXEC</tt>.</li>
51 <li>Add <tt>--dtls-local-port</tt> option.</li>
52 <li>Print correct error when <tt>/dev/net/tun</tt> cannot be opened.</li>
53 <li>Fix <tt>openconnect.pc</tt> pkg-config file not to require <tt>zlib.pc</tt> on systems which lack it (like RHEL5).</li>
56 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.00.tar.gz">OpenConnect v4.00</a></b>
57 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.00.tar.gz.asc">PGP signature</a>)</i> — 2012-06-20
59 <li>Add support for OpenSSL's odd encrypted PKCS#1 files, for GnuTLS.</li>
60 <li>Fix repeated passphrase retry for OpenSSL.</li>
61 <li>Add keystore support for Android.</li>
62 <li>Support TPM, and also additional checks on PKCS#11 certs, even with GnuTLS 2.12.</li>
63 <li>Fix library references to OpenSSL's <tt>ERR_print_errors_cb()</tt> when built against GnuTLS v2.12.</li>
66 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.99.tar.gz">OpenConnect v3.99</a></b>
67 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.99.tar.gz.asc">PGP signature</a>)</i> — 2012-06-13
69 <li>Enable native TPM support when built with GnuTLS.</li>
70 <li>Enable PKCS#11 token support when built with GnuTLS.</li>
71 <li>Eliminate all SSL library exposure through <tt>libopenconnect</tt>.</li>
72 <li>Parse split DNS information, provide <tt>$CISCO_SPLIT_DNS</tt> environment variable to <tt>vpnc-script</tt>.</li>
73 <li>Attempt to provide new-style MTU information to server <i>(on Linux only, unless specified on command line)</i>.</li>
74 <li>Allow building against GnuTLS, including DTLS support.</li>
75 <li>Add <tt>--with-pkgconfigdir=</tt> option to <tt>configure</tt> for FreeBSD's benefit <i>(<a href="https://bugs.freedesktop.org/show_bug.cgi?id=48743">fd#48743</a>)</i>.</li>
78 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.20.tar.gz">OpenConnect v3.20</a></b>
79 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.20.tar.gz.asc">PGP signature</a>)</i> — 2012-05-18
81 <li>Cope with non-keepalive HTTP response on authentication success.</li>
82 <li>Fix progress callback with incorrect <tt>cbdata</tt> which caused KDE crash.</li>
85 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.19.tar.gz">OpenConnect v3.19</a></b>
86 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.19.tar.gz.asc">PGP signature</a>)</i> — 2012-05-17
88 <li>Add <tt>--config</tt> option for reading options from file.</li>
89 <li>Improve OpenSSL DTLS compatibility to work on Ubuntu 10.04.</li>
90 <li>Flush progress logging output promptly after each message.</li>
91 <li>Add symbol versioning for shared library (on sane platforms).</li>
92 <li>Add <tt>openconnect_set_cancel_fd()</tt> function to allow clean cancellation.</li>
93 <li>Fix corruption of URL in <tt>openconnect_parse_url()</tt> if it specifies a port number.</li>
94 <li>Fix inappropriate <tt>exit()</tt> calls from library code.</li>
95 <li>Library namespace cleanup — all symbols now have the prefix <tt>openconnect_</tt> on platforms where symbol versioning works.</li>
96 <li>Fix <tt>--non-inter</tt> option so it still uses login information from command line.</li>
99 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.18.tar.gz">OpenConnect v3.18</a></b>
100 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.18.tar.gz.asc">PGP signature</a>)</i> — 2012-04-25
102 <li>Fix autohate breakage with <tt>--disable-nls</tt>... hopefully.</li>
103 <li>Fix buffer overflow in banner handling.</li>
106 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.17.tar.gz">OpenConnect v3.17</a></b>
107 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.17.tar.gz.asc">PGP signature</a>)</i> — 2012-04-20
109 <li>Work around <tt>time()</tt> brokenness on Solaris.</li>
110 <li>Fix interface plumbing on Solaris 10.</li>
111 <li>Provide <tt>asprintf()</tt> function for (unpatched) Solaris 10.</li>
112 <li>Make <tt>vpnc-script</tt> mandatory, like it is for <tt>vpnc</tt></li>
113 <li>Don't set Legacy IP address on tun device; let <tt>vpnc-script</tt> do it.</li>
114 <li>Detect OpenSSL even without pkg-config.</li>
115 <li>Stop building static library by default.</li>
116 <li>Invoke <tt>vpnc-script</tt> with "pre-init" reason to load tun module if necessary.</li>
119 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.16.tar.gz">OpenConnect v3.16</a></b>
120 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.16.tar.gz.asc">PGP signature</a>)</i> — 2012-04-08
122 <li>Fix build failure on Debian/kFreeBSD and Hurd.</li>
123 <li>Fix memory leak of deflated packets.</li>
124 <li>Fix memory leak of zlib state on CSTP reconnect.</li>
125 <li>Eliminate <tt>memcpy()</tt> calls on packets from DTLS and tunnel device.</li>
126 <li>Use <tt>I_LINK</tt> instead of <tt>I_PLINK</tt> on Solaris to plumb interface for Legacy IP.</li>
127 <li>Plumb interface for IPv6 on Solaris, instead of expecting <tt>vpnc-script</tt> to do it.</li>
128 <li>Refer to <a href="vpnc-script.html">vpnc-script</a> and <a href="mail.html">help</a> web pages in openconnect output.</li>
129 <li>Fix potential crash when processing libproxy results.</li>
130 <li>Be more conservative in detecting libproxy without pkg-config.</li>
133 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.15.tar.gz">OpenConnect v3.15</a></b>
134 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.15.tar.gz.asc">PGP signature</a>)</i> — 2011-11-25
136 <li>Fix for reading multiple packets from Solaris tun device.</li>
137 <li>Call <tt>bindtextdomain()</tt> to ensure that translations are found in install path.</li>
140 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.14.tar.gz">OpenConnect v3.14</a></b>
141 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.14.tar.gz.asc">PGP signature</a>)</i> — 2011-11-08
143 <li>Move executable to <tt>$prefix/sbin</tt>.</li>
144 <li>Fix build issues on OSX, OpenIndiana, DragonFlyBSD, OpenBSD, FreeBSD &amp; NetBSD.</li>
145 <li>Fix non-portable <tt>(void *)</tt> arithmetic.</li>
146 <li>Make more messages translatable.</li>
147 <li>Attempt to make NLS support more portable (with fewer dependencies).</li>
150 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.13.tar.gz">OpenConnect v3.13</a></b>
151 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.13.tar.gz.asc">PGP signature</a>)</i> — 2011-09-30
153 <li>Add <tt>--cert-expire-warning</tt> option.</li>
154 <li>Give visible warning when server dislikes client SSL certificate.</li>
155 <li>Add localisation support.</li>
156 <li>Fix build on Debian systems where <tt>dtls1_stop_timer()</tt> is not available.</li>
157 <li>Fix libproxy detection.</li>
158 <li>Enable a useful set of compiler warnings by default.</li>
159 <li>Fix various minor compiler warnings.</li>
162 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.12.tar.gz">OpenConnect v3.12</a></b> — 2011-09-12
164 <li>Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.</li>
165 <li>Fix build failures on GNU Hurd, on systems with ancient OpenSSL,
167 <li>Add <tt>--pid-file</tt> option.</li>
168 <li>Print SHA1 fingerprint with server certificate details.</li>
171 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.11.tar.gz">OpenConnect v3.11</a></b> — 2011-07-20
173 <li>Add <tt>Android.mk</tt> file for Android build support</li>
174 <li>Add logging support for Android, in place of standard <tt>syslog()</tt>.</li>
175 <li>Switch back to using TLSv1, but without extensions.</li>
176 <li>Make TPM support optional, dependent on OpenSSL ENGINE support.</li>
179 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.10.tar.gz">OpenConnect v3.10</a></b> — 2011-06-30
181 <li>Switch to using GNU autoconf/automake/libtool.</li>
182 <li>Produce shared library for authentication.</li>
183 <li>Improve library API to make life easier for C++ users.</li>
184 <li>Be more explicit about requiring <tt>pkg-config</tt>.</li>
185 <li>Invoke script with <tt>reason=reconnect</tt> on CSTP reconnect.</li>
186 <li>Add <tt>--non-inter</tt> option to avoid all user input.</li>
189 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.02.tar.gz">OpenConnect v3.02</a></b> — 2011-04-19
191 <li>Install man page in <tt>make install</tt> target.</li>
192 <li>Add <tt>openconnect_vpninfo_free()</tt> to libopenconnect.</li>
193 <li>Clear cached <tt>peer_addr</tt> to avoid reconnecting to wrong host.</li>
196 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.01.tar.gz">OpenConnect v3.01</a></b> — 2011-03-09
198 <li>Add libxml2 to pkg-config requirements.</li>
201 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.00.tar.gz">OpenConnect v3.00</a></b> — 2011-03-09
203 <li>Create libopenconnect.a for GUI authentication dialog to use.</li>
204 <li>Remove auth-dialog, which now lives in the <a href="http://git.gnome.org/browse/network-manager-openconnect/">network-manager-openconnect</a> package.</li>
205 <li>Cope with more entries in authentication forms.</li>
206 <li>Add <tt>--csd-wrapper</tt> option to wrap CSD trojan.</li>
207 <li>Report error and abort if CA file cannot be opened.</li>
210 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.26.tar.gz">OpenConnect v2.26</a></b> — 2010-09-22
212 <li>Fix potential crash on relative HTTP redirect.</li>
213 <li>Use correct TUN/TAP device node on Android.</li>
214 <li>Check client certificate expiry date.</li>
215 <li>Implement CSTP and DTLS rekeying <i>(both by reconnecting CSTP)</i>.</li>
216 <li>Add <tt>--force-dpd</tt> option to set minimum DPD interval.</li>
217 <li>Don't print <tt>webvpn</tt> cookie in debug output.</li>
218 <li>Fix host selection in NetworkManager auth dialog.</li>
219 <li>Use SSLv3 instead of TLSv1; some servers <i>(or their firewalls)</i>
220 don't accept any <tt>ClientHello</tt> options.</li>
221 <li>Never include address family prefix on <tt>script-tun</tt> connections.</li>
224 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.25.tar.gz">OpenConnect v2.25</a></b> — 2010-05-15
226 <li>Always validate server certificate, even when no extra <tt>--cafile</tt> is provided.</li>
227 <li>Add <tt>--no-cert-check</tt> option to avoid certificate validation.</li>
228 <li>Check server hostname against its certificate.</li>
229 <li>Provide text-mode function for reviewing and accepting "invalid" certificates.</li>
230 <li>Fix libproxy detection on NetBSD.</li>
233 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.24.tar.gz">OpenConnect v2.24</a></b> — 2010-05-07
235 <li>Forget preconfigured password after a single attempt; don't retry infinitely if it's failing.</li>
236 <li>Set <tt>$CISCO_BANNER</tt> environment variable when running script.</li>
237 <li>Better handling of passphrase failure on certificate files.</li>
238 <li>Fix NetBSD build (thanks to Pouya D. Tafti).</li>
239 <li>Fix DragonFly BSD build.</li>
242 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.23.tar.gz">OpenConnect v2.23</a></b> — 2010-04-09
244 <li>Support "Cisco Secure Desktop" trojan in NetworkManager auth-dialog.</li>
245 <li>Support proxy in NetworkManager auth-dialog.</li>
246 <li>Add <tt>--no-http-keepalive</tt> option to work around Cisco's incompetence.</li>
247 <li>Fix build on Debian/kFreeBSD.</li>
248 <li>Fix crash on receiving HTTP 404 error.</li>
249 <li>Improve workaround for server certificates lacking SSL_SERVER purpose, so that it also works with OpenSSL older than 0.9.8k.</li>
252 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.22.tar.gz">OpenConnect v2.22</a></b> — 2010-03-07
254 <li>Fix bug handling port numbers above 9999.</li>
255 <li>Ignore "<tt>Connection: Keep-Alive</tt>" in HTTP/1.0 to work around server bug with certificate authentication.</li>
256 <li>Handle non-standard port (and full URLs) when used with NetworkManager.</li>
257 <li>Cope with relative redirect and form URLs.</li>
258 <li>Allocate HTTP receive buffer dynamically, to cope with arbitrary size of content.</li>
259 <li>Fix server cert SHA1 comparison to be case-insensitive.</li>
260 <li>Fix build on Solaris and OSX <i>(<tt>strndup()</tt>, <tt>AI_NUMERICSERV</tt>).</i></li>
261 <li>Fix exit code with <tt>--background</tt> option.</li>
264 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.21.tar.gz">OpenConnect v2.21</a></b> — 2010-01-10
266 <li>Fix handling of HTTP 1.0 responses with keepalive <a href="https://bugzilla.redhat.com/show_bug.cgi?id=553817"><i>(RH#553817)</i></a>.</li>
267 <li>Fix case sensitivity in HTTP headers and hostname comparison on redirect.</li>
270 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.20.tar.gz">OpenConnect v2.20</a></b> — 2010-01-04
272 <li>Fix use-after-free bug in NetworkManager authentication dialog <a href="https://bugzilla.redhat.com/show_bug.cgi?id=551665"><i>(RH#551665)</i></a>.</li>
273 <li>Allow server to be specified with <tt>https://</tt> URL, including port and pathname (which Cisco calls 'UserGroup')</li>
274 <li>Support connection through HTTP and SOCKS proxies.</li>
275 <li>Handle HTTP redirection with port numbers.</li>
276 <li>Handle HTTP redirection with IPv6 literal addresses.</li>
279 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.12.tar.gz">OpenConnect v2.12</a></b> — 2009-12-07
281 <li>Fix buffer overflow when generating useragent string.</li>
282 <li>Cope with idiotic schizoDNS configurations by not repeating DNS lookup for VPN server on reconnects.</li>
283 <li>Support DragonFlyBSD. Probably.</li>
286 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.11.tar.gz">OpenConnect v2.11</a></b> — 2009-11-17
288 <li>Add IPv6 support for FreeBSD.</li>
289 <li>Support "split tunnel" mode for IPv6 routing.</li>
290 <li>Fix bug where client certificate's MD5 was only given to the
291 CSD trojan if a PKCS#12 certificate was used.</li>
294 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.10.tar.gz">OpenConnect v2.10</a></b> — 2009-11-04
296 <li>OpenSolaris support.</li>
297 <li>Preliminary support for IPv6 connectivity.</li>
298 <li>Fix session shutdown on exit.</li>
299 <li>Fix reconnection when TCP connection is closed.</li>
300 <li>Support for "Cisco Secure Desktop" idiocy.</li>
301 <li>Allow <tt>User-Agent:</tt> to be specified on command line.</li>
302 <li>Fix session termination on disconnect.</li>
303 <li>Fix recognition of certificates from OpenSSL 1.0.0.</li>
306 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.01.tar.gz">OpenConnect v2.01</a></b> — 2009-06-24
308 <li>Fix bug causing loss of DTLS (and lots of syslog spam about it)
309 after a CSTP reconnection.</li>
310 <li>Don't apply OpenSSL certificate chain workaround if we already
311 have "extra" certificates loaded (e.g. from a PKCS#12 file).</li>
312 <li>Load "extra" certificates from <tt>.pem</tt> files too.</li>
313 <li>Fix SEGV caused by freeing certificates after processing cert
317 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.00.tar.gz">OpenConnect v2.00</a></b> — 2009-06-03
319 <li>Add OpenBSD and FreeBSD support.</li>
320 <li>Build with OpenSSL-0.9.7 (Mac OS X, OpenBSD, etc.)</li>
321 <li>Support PKCS#12 certificates.</li>
322 <li>Automatic detection of certificate type (PKCS#12, PEM, TPM).</li>
323 <li>Work around OpenSSL trust chain issues (<a href="http://rt.openssl.org/Ticket/Display.html?id=1942&amp;user=guest&amp;pass=guest">RT#1942</a>).</li>
324 <li>Allow PEM passphrase to be specified on command line.</li>
325 <li>Allow PEM passphrase automatically generated from the <tt>fsid</tt> of the file system on which the certificate is stored.</li>
326 <li>Fix certificate comparisons (in NM auth-dialog and <tt>--servercert</tt> option) to use SHA1 fingerprint, not signature.</li>
327 <li>Fix segfault in NM auth-dialog when changing hosts.</li>
330 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.40.tar.gz">OpenConnect v1.40</a></b> — 2009-05-27
332 <li>Fix validation of server's SSL certificate when NetworkManager runs openconnect as an unprivileged user (which can't read the real user's trust chain file).</li>
333 <li>Fix double-free of DTLS Cipher option on reconnect.</li>
334 <li>Reconnect on SSL write errors</li>
335 <li>Fix reporting of SSL errors through syslog/UI.</li>
338 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.30.tar.gz">OpenConnect v1.30</a></b> — 2009-05-13
340 <li>NetworkManager auth-dialog will now cache authentication form options.</li>
343 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.20.tar.gz">OpenConnect v1.20</a></b> — 2009-05-08
345 <li>DTLS cipher choice fixes.</li>
346 <li>Improve handling of authentication group selection.</li>
347 <li>Export more information to connection script.</li>
348 <li>Add <tt>--background</tt> option to dæmonize after connection.</li>
349 <li>Detect TCP connection closure.</li>
352 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.10.tar.gz">OpenConnect v1.10</a></b> — 2009-04-01
354 <li>NetworkManager UI rewrite with many improvements.</li>
355 <li>Support for "UserGroups" where a single server offers multiple
356 configurations according to the URL used to connect.</li>
359 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.00.tar.gz">OpenConnect v1.00</a></b> — 2009-03-18
361 <li>First non-beta release.</li>
365 <INCLUDE file="inc/footer.tmpl" />