Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1666055890234040"
MIME-Version: 1.0
Date: Tue, 18 Oct 2022 01:18:10 +0000
From: "Amitai Schleier" <schmonz@netbsd.org>
Subject: CVS commit: pkgsrc/net/openconnect
To: pkgsrc-changes@NetBSD.org
Reply-To: schmonz@netbsd.org
Message-Id: <20221018011810.8941BFA90@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1666055890234040
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	schmonz
Date:		Tue Oct 18 01:18:10 UTC 2022

Modified Files:
	pkgsrc/net/openconnect: Makefile distinfo
Removed Files:
	pkgsrc/net/openconnect/patches: patch-configure

Log Message:
Update to 9.01. From the changelog:

9.01:
- Fix library minor version (missing bump to 5.8).

9.00:
- Add support for AnyConnect "Session Token Re-use Anchor Protocol"
  (STRAP) (#410).
- Add support for AnyConnect "external browser" SSO mode (!354).
- On Windows, fix crash on tunnel setup. (#370, 6a2ffbb)
- Bugfix RSA SecurID token decryption and PIN entry forms, broken in
  v8.20. (#388, !344)
- Support Cisco's multiple-certificate authentication (!194).
- Append internal=no to GlobalProtect authentication/configuration
  forms, for compatibility with servers which apparently require this to
  function properly. (#246, !337)
- Revert GlobalProtect default route handling change from v8.20. (!367)
- Support split-exclude routes for Fortinet. (#394, !345)
- Add openconnect_set_useragent() function.
- Add webview callback and SAML/SSO support for AnyConnect,
  GlobalProtect. (!126).

8.20:
- When the queue length (-Q option) is 16 or more, try using vhost-net
  to accelerate tun device access.
- Use epoll() where available.
- Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. (#249)
- Make tncc-emulate.py work with Python 3.7+. (#152, !120)
- Emulated a newer version of GlobalProtect official clients, 5.1.5-8;
  was 4.0.2-19 (!131)
- Support Juniper login forms containing both password and 2FA
  token (!121)
- Explicitly disable 3DES and RC4, unless enabled with
  --allow-insecure-crypto (!114)
- Add obsolete-server-crypto test (!114)
- Allow protocols to delay tunnel setup and shutdown (!117)
- Support for GlobalProtect IPv6 (!155 and !188; previous work in
  d6db0ec)
- SIGUSR1 causes OpenConnect to log detailed connection information and
  statistics (!154)
- Allow --servercert to be specified multiple times in order to accept
  server certificates matching more than one possible fingerprint
  (!162, #25)
- Add insecure debugging build mode for developers (!112)
- Demangle default routes sent as split routes by GlobalProtect (!118)
- Improve GlobalProtect login argument decoding (!143)
- Add detection of authentication expiration date, intended to allow
  front-ends to cache and reuse authentication cookies/sessions (!156)
- Small bug fixes and clarification of many logging messages.
- Support more Juniper login forms, including some SSO forms (!171)
- Automatically build Windows installers for OpenConnect command-line
  interface (!176)
- Restore compatibility with newer Cisco servers, by no longer sending
  them the X-AnyConnect-Platform header (#101, !175)
- Add support for PPP-based protocols, currently over TLS only (!165).
- Add support for two PPP-based protocols, F5 with --protocol=f5 and
  Fortinet with --protocol=fortinet (!169).
- Add experimental support for Wintun Layer 3 TUN driver under Windows
  (#231, !178).
- Clean up and improve Windows routing/DNS configuration script
  (vpnc-scripts!26, vpnc-scripts!41, vpnc-scripts!44).
- On Windows, reclaim needed IP addresses from down network interfaces
  so that configuration script can succeed (!178).
- Fix output redirection under Windows (#229)
- More gracefully handle idle timeouts and other fatal errors for
  Juniper and Pulse (!187)
- Ignore failures to fetch the Juniper/oNCP landing page if the
  authentication was successful (3e779436).
- Add support for Array Networks SSL VPN (#102)
- Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm
  and hardware TPM. (ed80bfac...ee1cd782)
- Add openconnect_get_connect_url() to simplify passing correct server
  information to the connecting openconnect process.
  (NetworkManager-openconnect #46, #53)
- Disable brittle "system policy" enforcement where it cannot be
  gracefully overridden at user request. (RH#1960763).
- Pass "portal cookie" fields from GlobalProtect portal to gateway to
  avoid repetition of password- or SAML-based login (!199)
- With --user, enter username supplied via command-line into all
  authentication forms, not just the first. (#267, !220).
- Fix a subtle bug which has prevented ESP rekey and ESP-to-TLS fallback
  from working reliably with the Juniper/oNCP protocol since v8.04.
  (#322, !293).
- Fix a bug in csd-wrapper.sh which has prevented it from correctly
  downloading compressed Trojan binaries since at least v8.00. (!305)
- Make Windows socketpair emulation more robust in the face of Windows's
  ability to break its localhost routes. (#228, #361, !320)
- Perform proper disconnect and routes cleanup on Windows when receiving
  Ctrl+C or Ctrl+Break. (#362, !323)
- Improve logging in routing/DNS configuration scripts. (!328,
  vpnc-scripts!45)
- Support modified configuration packet from Pulse 9.1R14 servers
  (#379, !331)


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 pkgsrc/net/openconnect/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/openconnect/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/net/openconnect/patches/patch-configure

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1666055890234040
Content-Disposition: inline
Content-Length: 2137
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/openconnect/Makefile
diff -u pkgsrc/net/openconnect/Makefile:1.22 pkgsrc/net/openconnect/Makefile:1.23
--- pkgsrc/net/openconnect/Makefile:1.22	Thu Jun 30 11:18:43 2022
+++ pkgsrc/net/openconnect/Makefile	Tue Oct 18 01:18:10 2022
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.22 2022/06/30 11:18:43 nia Exp $
+# $NetBSD: Makefile,v 1.23 2022/10/18 01:18:10 schmonz Exp $
 
-DISTNAME=	openconnect-8.10
-PKGREVISION=	6
+DISTNAME=	openconnect-9.01
 CATEGORIES=	net security
-MASTER_SITES=	ftp://ftp.infradead.org/pub/openconnect/
+MASTER_SITES=	https://www.infradead.org/openconnect/download/ \
+		ftp://ftp.infradead.org/pub/openconnect/
 
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.infradead.org/openconnect/
@@ -19,6 +19,7 @@ DEPENDS+=	vpnc-script-[0-9]*:../../net/v
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
 CONFIGURE_ARGS+=	--with-vpnc-script=${PKG_SYSCONFDIR}/vpnc-script
 CONFIGURE_ARGS+=	--disable-nls
+CONFIGURE_ARGS+=	--disable-docs
 
 REPLACE_PYTHON=		trojans/*.py
 REPLACE_BASH=		trojans/*.sh

Index: pkgsrc/net/openconnect/distinfo
diff -u pkgsrc/net/openconnect/distinfo:1.13 pkgsrc/net/openconnect/distinfo:1.14
--- pkgsrc/net/openconnect/distinfo:1.13	Tue Oct 26 11:06:11 2021
+++ pkgsrc/net/openconnect/distinfo	Tue Oct 18 01:18:10 2022
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.13 2021/10/26 11:06:11 nia Exp $
+$NetBSD: distinfo,v 1.14 2022/10/18 01:18:10 schmonz Exp $
 
-BLAKE2s (openconnect-8.10.tar.gz) = 66f456ad82bf911e6aa63b460f486906066cd148756f3e02f97701e32500acd5
-SHA512 (openconnect-8.10.tar.gz) = a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356
-Size (openconnect-8.10.tar.gz) = 2084534 bytes
-SHA1 (patch-configure) = d9ecd9e7f726dc6982f401871f5c67ffc0ca7a15
+BLAKE2s (openconnect-9.01.tar.gz) = a56f3914b696aa3a11ea5a1732dec1b77c2aa8d6de72c3fb8f8abb3f9078ccfd
+SHA512 (openconnect-9.01.tar.gz) = b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34
+Size (openconnect-9.01.tar.gz) = 2718526 bytes


--_----------=_1666055890234040--