Commit 9697bea0 authored by David Woodhouse's avatar David Woodhouse

Tag version 7.08

Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 25be1c49
AC_INIT(openconnect, 7.07)
AC_INIT(openconnect, 7.08)
AC_CONFIG_HEADERS([config.h])
PKG_PROG_PKG_CONFIG
......
......@@ -36,7 +36,7 @@ extern "C" {
#define OPENCONNECT_API_VERSION_MINOR 4
/*
* API version 5.4:
* API version 5.4 (v7.08; 2016-12-13):
* - Add openconnect_set_pass_tos()
*
* API version 5.3 (v7.07; 2016-07-11):
......
#!/bin/sh
v="v7.07"
v="v7.08"
if [ -d ${GIT_DIR:-.git} ] && tag=`git describe --tags`; then
v="$tag"
......
......@@ -14,6 +14,12 @@
<a href="http://git.infradead.org/users/dwmw2/openconnect.git">gitweb</a>.</p>
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
<li><i>No changelog entries yet</i></li>
</ul><br/>
</li>
<li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz">OpenConnect v7.08</a></b>
<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz.asc">PGP signature</a>)</i> &#8212; 2016-12-13
<ul>
<li>Add SHA256 support for server cert hashes.</li>
<li>Enable DHE ciphers for Cisco DTLS.</li>
......
......@@ -17,23 +17,40 @@
<p>
<!-- latest-release-start -->
The latest release is <a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.07.tar.gz">OpenConnect v7.07</a>
<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.07.tar.gz.asc">PGP signature</a>)</i>,
released on 2016-07-11 with the following changelog:</p>
<ul>
<li>More fixes for OpenSSL 1.1 build.</li>
<li>Support Juniper "Post Sign-in Message".</li>
<li>Add <tt>--protocol</tt> option.</li>
<li>Fix ChaCha20-Poly1305 cipher suite to reflect final standard.</li>
<li>Add ability to disable IPv6 support via library API.</li>
<li>Set groups appropriately when using <tt>setuid()</tt>.</li>
<li>Automatic DTLS MTU detection.</li>
<li>Support SSL client certificate authentication with Juniper servers.</li>
<li>Revamp SSL certificate validation for OpenSSL and stop supporting OpenSSL older than 0.9.8.</li>
<li>Fix handling of multiple DNS search domains with Network Connect.</li>
<li>Fix handling of large configuration packets for Network Connect.</li>
<li>Enable SNI when built with OpenSSL <i>(1.0.1g or later)</i>.</li>
<li>Add <tt>--resolve</tt> and <tt>--local-hostname</tt> options to command line.</li>
The latest release is <a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz">OpenConnect v7.08</a>
<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz.asc">PGP signature</a>)</i>,
released on 2016-12-13 with the following changelog:</p>
<ul>
<li>Add SHA256 support for server cert hashes.</li>
<li>Enable DHE ciphers for Cisco DTLS.</li>
<li>Increase initial oNCP configuration buffer size.</li>
<li>Reopen <tt>CONIN$</tt> when stdin is redirected on Windows.</li>
<li>Improve support for point-to-point routing on Windows.</li>
<li>Check for non-resumed DTLS sessions which may indicate a MiTM attack.</li>
<li>Add <tt>TUNIDX</tt> environment variable on Windows.</li>
<li>Fix compatibility with Pulse Secure 8.2R5.</li>
<li>Fix IPv6 support in Solaris.</li>
<li>Support DTLS automatic negotiation.</li>
<li>Support <tt>--key-password</tt> for GnuTLS PKCS#11 PIN.</li>
<li>Support automatic DTLS MTU detection with OpenSSL.</li>
<li>Drop support for combined GnuTLS/OpenSSL build.</li>
<li>Update OpenSSL to allow TLSv1.2, improve compatibility options.</li>
<li>Remove <tt>--no-cert-check</tt> option. It was being (mis)used.</li>
<li>Fix OpenSSL support for PKCS#11 EC keys without public key.</li>
<li>Support for final OpenSSL 1.1 release.</li>
<li>Fix polling/retry on "tun" socket when buffers full.</li>
<li>Fix AnyConnect server-side MTU setting.</li>
<li>Fix ESP replay detection.</li>
<li>Allow build with LibreSSL <i>(for fetishists only; do not use this as DTLS is broken)</i>.</li>
<li>Add certificate torture test suite.</li>
<li>Support PKCS#11 PIN via <tt>pin-value=</tt> and <tt>--key-password</tt> for OpenSSL.</li>
<li>Fix integer overflow issues with ESP packet replay detection.</li>
<li>Add <tt>--pass-tos</tt> option as in OpenVPN.</li>
<li>Support rôle selection form in Juniper VPN.</li>
<li>Support DER-format certificates, add certificate format torture tests.</li>
<li>For OpenSSL >= 1.0.2, fix certificate validation when only an
intermediate CA is specified with the <tt>--cafile</tt> option.</li>
<li>Support Juniper "Pre Sign-in Message".</li>
</ul>
<!-- latest-release-end -->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment