2 <VAR match="VAR_ORIGIN" replace="" />
3 <VAR match="VAR_CVSID" replace=""/>
4 <INCLUDE file="inc/header.tmpl" />
6 <VAR match="VAR_SEL_INDEX" replace="selected" />
7 <VAR match="VAR_SEL_CHANGELOG" replace="selected" />
8 <PARSE file="menu1.xml" />
9 <PARSE file="menu2.xml" />
11 <INCLUDE file="inc/content.tmpl" />
15 <p>For full changelog entries including the latest development, see
16 <a href="http://git.infradead.org/users/dwmw2/openconnect.git">gitweb</a>.</p>
18 <li><b>OpenConnect HEAD</b>
20 <li>Fix PKCS#11 URI handling to preserve all attributes.</li>
21 <li>Don't forget key password on GUI reconnect.</li>
22 <li>Fix GnuTLS v3 build on OpenBSD.</li>
25 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.04.tar.gz">OpenConnect v4.04</a></b>
26 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.04.tar.gz.asc">PGP signature</a>)</i> — 2012-07-05
28 <li>Fix GnuTLS password handling for PKCS#8 files.</li>
31 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.03.tar.gz">OpenConnect v4.03</a></b>
32 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.03.tar.gz.asc">PGP signature</a>)</i> — 2012-07-02
34 <li>Fix <tt>--no-proxy</tt> option.</li>
35 <li>Fix handling of requested vs. received MTU settings.</li>
36 <li>Fix DTLS MTU for GnuTLS 3.0.21 and newer.</li>
37 <li>Support more ciphers for OpenSSL encrypted PEM keys, with GnuTLS.</li>
38 <li>Fix GnuTLS compatibilty issue with servers that insist on TLSv1.0 or non-AES ciphers <a href="https://bugzilla.redhat.com/show_bug.cgi?id=836558"><i>(RH#836558)</i></a>.</li>
41 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.02.tar.gz">OpenConnect v4.02</a></b>
42 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.02.tar.gz.asc">PGP signature</a>)</i> — 2012-06-28
44 <li>Fix build failure due to unconditional inclusion of <tt>&lt;gnutls/dtls.h&gt;</tt>.</li>
47 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.01.tar.gz">OpenConnect v4.01</a></b>
48 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.01.tar.gz.asc">PGP signature</a>)</i> — 2012-06-28
50 <li>Fix DTLS MTU issue with GnuTLS.</li>
51 <li>Fix reconnect crash when compression is disabled.</li>
52 <li>Fix build on systems like FreeBSD 8 without <tt>O_CLOEXEC</tt>.</li>
53 <li>Add <tt>--dtls-local-port</tt> option.</li>
54 <li>Print correct error when <tt>/dev/net/tun</tt> cannot be opened.</li>
55 <li>Fix <tt>openconnect.pc</tt> pkg-config file not to require <tt>zlib.pc</tt> on systems which lack it (like RHEL5).</li>
58 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.00.tar.gz">OpenConnect v4.00</a></b>
59 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-4.00.tar.gz.asc">PGP signature</a>)</i> — 2012-06-20
61 <li>Add support for OpenSSL's odd encrypted PKCS#1 files, for GnuTLS.</li>
62 <li>Fix repeated passphrase retry for OpenSSL.</li>
63 <li>Add keystore support for Android.</li>
64 <li>Support TPM, and also additional checks on PKCS#11 certs, even with GnuTLS 2.12.</li>
65 <li>Fix library references to OpenSSL's <tt>ERR_print_errors_cb()</tt> when built against GnuTLS v2.12.</li>
68 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.99.tar.gz">OpenConnect v3.99</a></b>
69 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.99.tar.gz.asc">PGP signature</a>)</i> — 2012-06-13
71 <li>Enable native TPM support when built with GnuTLS.</li>
72 <li>Enable PKCS#11 token support when built with GnuTLS.</li>
73 <li>Eliminate all SSL library exposure through <tt>libopenconnect</tt>.</li>
74 <li>Parse split DNS information, provide <tt>$CISCO_SPLIT_DNS</tt> environment variable to <tt>vpnc-script</tt>.</li>
75 <li>Attempt to provide new-style MTU information to server <i>(on Linux only, unless specified on command line)</i>.</li>
76 <li>Allow building against GnuTLS, including DTLS support.</li>
77 <li>Add <tt>--with-pkgconfigdir=</tt> option to <tt>configure</tt> for FreeBSD's benefit <i>(<a href="https://bugs.freedesktop.org/show_bug.cgi?id=48743">fd#48743</a>)</i>.</li>
80 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.20.tar.gz">OpenConnect v3.20</a></b>
81 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.20.tar.gz.asc">PGP signature</a>)</i> — 2012-05-18
83 <li>Cope with non-keepalive HTTP response on authentication success.</li>
84 <li>Fix progress callback with incorrect <tt>cbdata</tt> which caused KDE crash.</li>
87 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.19.tar.gz">OpenConnect v3.19</a></b>
88 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.19.tar.gz.asc">PGP signature</a>)</i> — 2012-05-17
90 <li>Add <tt>--config</tt> option for reading options from file.</li>
91 <li>Improve OpenSSL DTLS compatibility to work on Ubuntu 10.04.</li>
92 <li>Flush progress logging output promptly after each message.</li>
93 <li>Add symbol versioning for shared library (on sane platforms).</li>
94 <li>Add <tt>openconnect_set_cancel_fd()</tt> function to allow clean cancellation.</li>
95 <li>Fix corruption of URL in <tt>openconnect_parse_url()</tt> if it specifies a port number.</li>
96 <li>Fix inappropriate <tt>exit()</tt> calls from library code.</li>
97 <li>Library namespace cleanup — all symbols now have the prefix <tt>openconnect_</tt> on platforms where symbol versioning works.</li>
98 <li>Fix <tt>--non-inter</tt> option so it still uses login information from command line.</li>
101 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.18.tar.gz">OpenConnect v3.18</a></b>
102 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.18.tar.gz.asc">PGP signature</a>)</i> — 2012-04-25
104 <li>Fix autohate breakage with <tt>--disable-nls</tt>... hopefully.</li>
105 <li>Fix buffer overflow in banner handling.</li>
108 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.17.tar.gz">OpenConnect v3.17</a></b>
109 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.17.tar.gz.asc">PGP signature</a>)</i> — 2012-04-20
111 <li>Work around <tt>time()</tt> brokenness on Solaris.</li>
112 <li>Fix interface plumbing on Solaris 10.</li>
113 <li>Provide <tt>asprintf()</tt> function for (unpatched) Solaris 10.</li>
114 <li>Make <tt>vpnc-script</tt> mandatory, like it is for <tt>vpnc</tt></li>
115 <li>Don't set Legacy IP address on tun device; let <tt>vpnc-script</tt> do it.</li>
116 <li>Detect OpenSSL even without pkg-config.</li>
117 <li>Stop building static library by default.</li>
118 <li>Invoke <tt>vpnc-script</tt> with "pre-init" reason to load tun module if necessary.</li>
121 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.16.tar.gz">OpenConnect v3.16</a></b>
122 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.16.tar.gz.asc">PGP signature</a>)</i> — 2012-04-08
124 <li>Fix build failure on Debian/kFreeBSD and Hurd.</li>
125 <li>Fix memory leak of deflated packets.</li>
126 <li>Fix memory leak of zlib state on CSTP reconnect.</li>
127 <li>Eliminate <tt>memcpy()</tt> calls on packets from DTLS and tunnel device.</li>
128 <li>Use <tt>I_LINK</tt> instead of <tt>I_PLINK</tt> on Solaris to plumb interface for Legacy IP.</li>
129 <li>Plumb interface for IPv6 on Solaris, instead of expecting <tt>vpnc-script</tt> to do it.</li>
130 <li>Refer to <a href="vpnc-script.html">vpnc-script</a> and <a href="mail.html">help</a> web pages in openconnect output.</li>
131 <li>Fix potential crash when processing libproxy results.</li>
132 <li>Be more conservative in detecting libproxy without pkg-config.</li>
135 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.15.tar.gz">OpenConnect v3.15</a></b>
136 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.15.tar.gz.asc">PGP signature</a>)</i> — 2011-11-25
138 <li>Fix for reading multiple packets from Solaris tun device.</li>
139 <li>Call <tt>bindtextdomain()</tt> to ensure that translations are found in install path.</li>
142 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.14.tar.gz">OpenConnect v3.14</a></b>
143 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.14.tar.gz.asc">PGP signature</a>)</i> — 2011-11-08
145 <li>Move executable to <tt>$prefix/sbin</tt>.</li>
146 <li>Fix build issues on OSX, OpenIndiana, DragonFlyBSD, OpenBSD, FreeBSD &amp; NetBSD.</li>
147 <li>Fix non-portable <tt>(void *)</tt> arithmetic.</li>
148 <li>Make more messages translatable.</li>
149 <li>Attempt to make NLS support more portable (with fewer dependencies).</li>
152 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.13.tar.gz">OpenConnect v3.13</a></b>
153 <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.13.tar.gz.asc">PGP signature</a>)</i> — 2011-09-30
155 <li>Add <tt>--cert-expire-warning</tt> option.</li>
156 <li>Give visible warning when server dislikes client SSL certificate.</li>
157 <li>Add localisation support.</li>
158 <li>Fix build on Debian systems where <tt>dtls1_stop_timer()</tt> is not available.</li>
159 <li>Fix libproxy detection.</li>
160 <li>Enable a useful set of compiler warnings by default.</li>
161 <li>Fix various minor compiler warnings.</li>
164 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.12.tar.gz">OpenConnect v3.12</a></b> — 2011-09-12
166 <li>Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.</li>
167 <li>Fix build failures on GNU Hurd, on systems with ancient OpenSSL,
169 <li>Add <tt>--pid-file</tt> option.</li>
170 <li>Print SHA1 fingerprint with server certificate details.</li>
173 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.11.tar.gz">OpenConnect v3.11</a></b> — 2011-07-20
175 <li>Add <tt>Android.mk</tt> file for Android build support</li>
176 <li>Add logging support for Android, in place of standard <tt>syslog()</tt>.</li>
177 <li>Switch back to using TLSv1, but without extensions.</li>
178 <li>Make TPM support optional, dependent on OpenSSL ENGINE support.</li>
181 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.10.tar.gz">OpenConnect v3.10</a></b> — 2011-06-30
183 <li>Switch to using GNU autoconf/automake/libtool.</li>
184 <li>Produce shared library for authentication.</li>
185 <li>Improve library API to make life easier for C++ users.</li>
186 <li>Be more explicit about requiring <tt>pkg-config</tt>.</li>
187 <li>Invoke script with <tt>reason=reconnect</tt> on CSTP reconnect.</li>
188 <li>Add <tt>--non-inter</tt> option to avoid all user input.</li>
191 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.02.tar.gz">OpenConnect v3.02</a></b> — 2011-04-19
193 <li>Install man page in <tt>make install</tt> target.</li>
194 <li>Add <tt>openconnect_vpninfo_free()</tt> to libopenconnect.</li>
195 <li>Clear cached <tt>peer_addr</tt> to avoid reconnecting to wrong host.</li>
198 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.01.tar.gz">OpenConnect v3.01</a></b> — 2011-03-09
200 <li>Add libxml2 to pkg-config requirements.</li>
203 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.00.tar.gz">OpenConnect v3.00</a></b> — 2011-03-09
205 <li>Create libopenconnect.a for GUI authentication dialog to use.</li>
206 <li>Remove auth-dialog, which now lives in the <a href="http://git.gnome.org/browse/network-manager-openconnect/">network-manager-openconnect</a> package.</li>
207 <li>Cope with more entries in authentication forms.</li>
208 <li>Add <tt>--csd-wrapper</tt> option to wrap CSD trojan.</li>
209 <li>Report error and abort if CA file cannot be opened.</li>
212 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.26.tar.gz">OpenConnect v2.26</a></b> — 2010-09-22
214 <li>Fix potential crash on relative HTTP redirect.</li>
215 <li>Use correct TUN/TAP device node on Android.</li>
216 <li>Check client certificate expiry date.</li>
217 <li>Implement CSTP and DTLS rekeying <i>(both by reconnecting CSTP)</i>.</li>
218 <li>Add <tt>--force-dpd</tt> option to set minimum DPD interval.</li>
219 <li>Don't print <tt>webvpn</tt> cookie in debug output.</li>
220 <li>Fix host selection in NetworkManager auth dialog.</li>
221 <li>Use SSLv3 instead of TLSv1; some servers <i>(or their firewalls)</i>
222 don't accept any <tt>ClientHello</tt> options.</li>
223 <li>Never include address family prefix on <tt>script-tun</tt> connections.</li>
226 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.25.tar.gz">OpenConnect v2.25</a></b> — 2010-05-15
228 <li>Always validate server certificate, even when no extra <tt>--cafile</tt> is provided.</li>
229 <li>Add <tt>--no-cert-check</tt> option to avoid certificate validation.</li>
230 <li>Check server hostname against its certificate.</li>
231 <li>Provide text-mode function for reviewing and accepting "invalid" certificates.</li>
232 <li>Fix libproxy detection on NetBSD.</li>
235 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.24.tar.gz">OpenConnect v2.24</a></b> — 2010-05-07
237 <li>Forget preconfigured password after a single attempt; don't retry infinitely if it's failing.</li>
238 <li>Set <tt>$CISCO_BANNER</tt> environment variable when running script.</li>
239 <li>Better handling of passphrase failure on certificate files.</li>
240 <li>Fix NetBSD build (thanks to Pouya D. Tafti).</li>
241 <li>Fix DragonFly BSD build.</li>
244 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.23.tar.gz">OpenConnect v2.23</a></b> — 2010-04-09
246 <li>Support "Cisco Secure Desktop" trojan in NetworkManager auth-dialog.</li>
247 <li>Support proxy in NetworkManager auth-dialog.</li>
248 <li>Add <tt>--no-http-keepalive</tt> option to work around Cisco's incompetence.</li>
249 <li>Fix build on Debian/kFreeBSD.</li>
250 <li>Fix crash on receiving HTTP 404 error.</li>
251 <li>Improve workaround for server certificates lacking SSL_SERVER purpose, so that it also works with OpenSSL older than 0.9.8k.</li>
254 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.22.tar.gz">OpenConnect v2.22</a></b> — 2010-03-07
256 <li>Fix bug handling port numbers above 9999.</li>
257 <li>Ignore "<tt>Connection: Keep-Alive</tt>" in HTTP/1.0 to work around server bug with certificate authentication.</li>
258 <li>Handle non-standard port (and full URLs) when used with NetworkManager.</li>
259 <li>Cope with relative redirect and form URLs.</li>
260 <li>Allocate HTTP receive buffer dynamically, to cope with arbitrary size of content.</li>
261 <li>Fix server cert SHA1 comparison to be case-insensitive.</li>
262 <li>Fix build on Solaris and OSX <i>(<tt>strndup()</tt>, <tt>AI_NUMERICSERV</tt>).</i></li>
263 <li>Fix exit code with <tt>--background</tt> option.</li>
266 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.21.tar.gz">OpenConnect v2.21</a></b> — 2010-01-10
268 <li>Fix handling of HTTP 1.0 responses with keepalive <a href="https://bugzilla.redhat.com/show_bug.cgi?id=553817"><i>(RH#553817)</i></a>.</li>
269 <li>Fix case sensitivity in HTTP headers and hostname comparison on redirect.</li>
272 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.20.tar.gz">OpenConnect v2.20</a></b> — 2010-01-04
274 <li>Fix use-after-free bug in NetworkManager authentication dialog <a href="https://bugzilla.redhat.com/show_bug.cgi?id=551665"><i>(RH#551665)</i></a>.</li>
275 <li>Allow server to be specified with <tt>https://</tt> URL, including port and pathname (which Cisco calls 'UserGroup')</li>
276 <li>Support connection through HTTP and SOCKS proxies.</li>
277 <li>Handle HTTP redirection with port numbers.</li>
278 <li>Handle HTTP redirection with IPv6 literal addresses.</li>
281 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.12.tar.gz">OpenConnect v2.12</a></b> — 2009-12-07
283 <li>Fix buffer overflow when generating useragent string.</li>
284 <li>Cope with idiotic schizoDNS configurations by not repeating DNS lookup for VPN server on reconnects.</li>
285 <li>Support DragonFlyBSD. Probably.</li>
288 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.11.tar.gz">OpenConnect v2.11</a></b> — 2009-11-17
290 <li>Add IPv6 support for FreeBSD.</li>
291 <li>Support "split tunnel" mode for IPv6 routing.</li>
292 <li>Fix bug where client certificate's MD5 was only given to the
293 CSD trojan if a PKCS#12 certificate was used.</li>
296 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.10.tar.gz">OpenConnect v2.10</a></b> — 2009-11-04
298 <li>OpenSolaris support.</li>
299 <li>Preliminary support for IPv6 connectivity.</li>
300 <li>Fix session shutdown on exit.</li>
301 <li>Fix reconnection when TCP connection is closed.</li>
302 <li>Support for "Cisco Secure Desktop" idiocy.</li>
303 <li>Allow <tt>User-Agent:</tt> to be specified on command line.</li>
304 <li>Fix session termination on disconnect.</li>
305 <li>Fix recognition of certificates from OpenSSL 1.0.0.</li>
308 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.01.tar.gz">OpenConnect v2.01</a></b> — 2009-06-24
310 <li>Fix bug causing loss of DTLS (and lots of syslog spam about it)
311 after a CSTP reconnection.</li>
312 <li>Don't apply OpenSSL certificate chain workaround if we already
313 have "extra" certificates loaded (e.g. from a PKCS#12 file).</li>
314 <li>Load "extra" certificates from <tt>.pem</tt> files too.</li>
315 <li>Fix SEGV caused by freeing certificates after processing cert
319 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-2.00.tar.gz">OpenConnect v2.00</a></b> — 2009-06-03
321 <li>Add OpenBSD and FreeBSD support.</li>
322 <li>Build with OpenSSL-0.9.7 (Mac OS X, OpenBSD, etc.)</li>
323 <li>Support PKCS#12 certificates.</li>
324 <li>Automatic detection of certificate type (PKCS#12, PEM, TPM).</li>
325 <li>Work around OpenSSL trust chain issues (<a href="http://rt.openssl.org/Ticket/Display.html?id=1942&amp;user=guest&amp;pass=guest">RT#1942</a>).</li>
326 <li>Allow PEM passphrase to be specified on command line.</li>
327 <li>Allow PEM passphrase automatically generated from the <tt>fsid</tt> of the file system on which the certificate is stored.</li>
328 <li>Fix certificate comparisons (in NM auth-dialog and <tt>--servercert</tt> option) to use SHA1 fingerprint, not signature.</li>
329 <li>Fix segfault in NM auth-dialog when changing hosts.</li>
332 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.40.tar.gz">OpenConnect v1.40</a></b> — 2009-05-27
334 <li>Fix validation of server's SSL certificate when NetworkManager runs openconnect as an unprivileged user (which can't read the real user's trust chain file).</li>
335 <li>Fix double-free of DTLS Cipher option on reconnect.</li>
336 <li>Reconnect on SSL write errors</li>
337 <li>Fix reporting of SSL errors through syslog/UI.</li>
340 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.30.tar.gz">OpenConnect v1.30</a></b> — 2009-05-13
342 <li>NetworkManager auth-dialog will now cache authentication form options.</li>
345 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.20.tar.gz">OpenConnect v1.20</a></b> — 2009-05-08
347 <li>DTLS cipher choice fixes.</li>
348 <li>Improve handling of authentication group selection.</li>
349 <li>Export more information to connection script.</li>
350 <li>Add <tt>--background</tt> option to dæmonize after connection.</li>
351 <li>Detect TCP connection closure.</li>
354 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.10.tar.gz">OpenConnect v1.10</a></b> — 2009-04-01
356 <li>NetworkManager UI rewrite with many improvements.</li>
357 <li>Support for "UserGroups" where a single server offers multiple
358 configurations according to the URL used to connect.</li>
361 <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-1.00.tar.gz">OpenConnect v1.00</a></b> — 2009-03-18
363 <li>First non-beta release.</li>
367 <INCLUDE file="inc/footer.tmpl" />
projects / platform / upstream / openconnect.git / blob