Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openconnect-9.12-3.5 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

Name: openconnect Distribution: openSUSE Tumbleweed
Version: 9.12 Vendor: openSUSE
Release: 3.5 Build date: Thu Mar 21 15:48:59 2024
Group: Productivity/Networking/Security Build host: reproducible
Size: 164815 Source RPM: openconnect-9.12-3.5.src.rpm
Packager: http://bugs.opensuse.org
Url: http://www.infradead.org/openconnect.html
Summary: Client for Cisco AnyConnect VPN
This package provides a multi-protocol client for a number of SSL
VPNs, such as:

* Cisco's "AnyConnect" VPN (HTTPS/DTLS) supported by the ASA5500 Series,
  by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800, 3800,
  7200 Series and Cisco 7301 Routers, and probably others.
* Array Networks AG SSL VPN
* Juniper SSL VPN
* Pulse Connect Secure
* Palo Alto Networks GlobalProtect SSL VPN
* F5 Big-IP SSL VPN
* Fortinet Fortigate SSL VPN

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Thu Mar 21 2024 pgajdos@suse.com
  - remove dependency on /usr/bin/python3 using
    %python3_fix_shebang_path macro, [bsc#1212476]
* Sat May 20 2023 Andrea Manzini <andrea.manzini@suse.com>
  - Update to release 9.12:
    * Explicitly reject overly long tun device names.
    * Increase maximum input size from stdin (#579).
    * Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58).
    * Fix stray (null) in URL path after Pulse authentication (4023bd95).
    * Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475).
    * Fix case sensitivity in GPST header matching (!474).
* Mon May 08 2023 Andrea Manzini <andrea.manzini@suse.com>
  - Update to release 9.10:
    * Fix external browser authentication with KDE plasma-nm < 5.26.
    * Always redirect stdout to stderr when spawning external browser.
    * Increase default queue length to 32 packets.
    * Fix receiving multiple packets in one TLS frame, and single packets split across multiple TLS frames, for Array.
    * Handle idiosyncratic variation in search domain separators for all protocols
    * Support region selection field for Pulse authentication
    * Support modified configuration packet from Pulse 9.1R16 servers
    * Allow hidden form fields to be populated or converted to text fields on the command line
    * Support yet another strange way of encoding challenge-based 2FA for GlobalProtect
    * Add --sni option (and corresponding C and Java API functions) to allow domain-fronting connections in censored/filtered network environments
    * Parrot a GlobalProtect server's software version, if present, as the client version (!333)
    * Fix NULL pointer dereference that has left Android builds broken since v8.20 (!389).
    * Fix Fortinet authentication bug where repeated SVPNCOOKIE causes segfaults (#514, !418).
    * Support F5 VPNs which encode authentication forms only in JSON, not in HTML.
    * Support simultaneous IPv6 and Legacy IP ("dual-stack") for Fortinet .
    * Support "FTM-push" token mode for Fortinet VPNs .
    * Send IPv6-compatible version string in Pulse IF/T session establishment
    * Add --no-external-auth option to not advertise external-browser authentication
    * Many small improvements in server response parsing, and better logging messages and documentation.
* Thu Dec 15 2022 Andrea Manzini <andrea.manzini@suse.com>
  - Update to release 9.01:
    * Add support for AnyConnect "Session Token Re-use Anchor Protocol" (STRAP)
    * Add support for AnyConnect "external browser" SSO mode
    * Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20
    * Support Cisco's multiple-certificate authentication
    * Revert GlobalProtect default route handling change from v8.20
    * Suppo split-exclude routes for Fortinet
    * Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect
* Mon Apr 18 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 8.20:
    * Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect.
    * Emulated a newer version of GlobalProtect official clients,
      5.1.5-8; was 4.0.2-19
    * Support Juniper login forms containing both password and 2FA
      token
    * Explicitly disable 3DES and RC4, unless enabled with
    - -allow-insecure-crypto
    * Allow protocols to delay tunnel setup and shutdown (!117)
    * Support for GlobalProtect IPv6
    * SIGUSR1now causes OpenConnect to log detailed connection
      information and statistics
    * Allow --servercert to be specified multiple times in order to
      accept server certificates matching more than one possible
      fingerprint
    * Demangle default routes sent as split routes by GlobalProtect
    * Support more Juniper login forms, including some SSO forms
    * Restore compatibility with newer Cisco servers, by no longer
      sending them the X-AnyConnect-Platform header
    * Add support for PPP-based protocols, currently over TLS only.
    * Add support for two PPP-based protocols, F5 with
    - -protocol=f5 and Fortinet with --protocol=fortinet.
    * Add support for Array Networks SSL VPN.
    * Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases
      for swtpm and hardware TPM.
* Tue Nov 23 2021 Robert Munteanu <rombert@apache.org>
  - Import the latest version of the vpnc-script, revision
    1d35a8527e5422967514dd1d47350ff2ede55903 (boo#1140772)
    * This brings a lot of improvements for non-trivial network setups, IPv6 etc
* Fri Jan 08 2021 olaf@aepfle.de
  - Build with --without-gnutls-version-check
* Fri May 15 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 8.10:
    * Install bash completion script to
      ${datadir}/bash-completion/completions/openconnect.
    * Improve compatibility of csd-post.sh trojan.
    * Fix potential buffer overflow with GnuTLS describing local
      certs (CVE-2020-12823, bsc#1171862,
      gl#openconnect/openconnect!108).
* Fri May 01 2020 Martin Hauke <mardnh@gmx.de>
  - Fix CVE-2020-12105 (boo#1170452)
  - Introduce subpackage for bash-completion
  - Update to 8.09:
    * Add bash completion support.
    * Give more helpful error in case of Pulse servers asking for
      TNCC.
    * Sanitize non-canonical Legacy IP network addresses.
    * Fix OpenSSL validation for trusted but invalid certificates
      (CVE-2020-12105).
    * Convert tncc-wrapper.py to Python 3, and include modernized
      tncc-emulate.py as well. (!91)
    * Disable Nagle's algorithm for TLS sockets, to improve
      interactivity when tunnel runs over TCP rather than UDP.
    * GlobalProtect: more resilient handling of periodic HIP check
      and login arguments, and predictable naming of challenge forms.
    * Work around PKCS#11 tokens which forget to set
      CKF_LOGIN_REQUIRED.
  - Update to 8.0.8:
    * Fix check of pin-sha256: public key hashes to be case sensitive
    * Don't give non-functioning stderr to CSD trojan scripts.
    * Fix crash with uninitialised OIDC token.
  - Update to 8.0.7:
    * Don't abort Pulse connection when server-provided certificate
      MD5 doesn't match.
    * Fix off-by-one in check for bad GnuTLS versions, and add build
      and run time checks.
    * Don't abort connection if CSD wrapper script returns non-zero
      (for now).
    * Make --passtos work for protocols that use ESP, in addition
      to DTLS.
    * Convert tncc-wrapper.py to Python 3, and include modernized
      tncc-emulate.py as well.
* Wed Jan 08 2020 Tomáš Chvátal <tchvatal@suse.com>
  - Remove tncc-wrapper.py script as it is python2 only bsc#1157446

Files

/etc/openconnect
/etc/openconnect/vpnc-script
/usr/libexec/openconnect
/usr/libexec/openconnect/csd-post.sh
/usr/libexec/openconnect/csd-wrapper.sh
/usr/libexec/openconnect/hipreport.sh
/usr/libexec/openconnect/tncc-emulate.py
/usr/sbin/openconnect
/usr/share/man/man8/openconnect.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 23 23:06:42 2025