some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
Network Connect ssl-vpn protocol. ("we'll probably end up also implementing
Junos Pulse support which actually provides IPv6 rather than only Legacy IP.
But not this week!")
also fix for LZS compression on strict alignment arches and various other
changes.
message with no payload, just skip printing the disconnect reason."
Fixes printing junk and possibly crashing if the server goes away.
Tweak DESCR, mention the open-source server ocserv (port for this is
ready but holding in openbsd-wip until we're done with 5.7).
(Readers might be interested to note that 7.04 is probably the last
version of OpenConnect to only support Cisco's SSL-VPN protocol; the
next version will almost certainly add client support for Juniper's
protocol).
notable changes:
- workaround for XML POST issues with authgroups (full fix in a future
release, but this interim release has been made to avoid an ABI break)
- fix potential memory corruption which could be triggered by a malicious server
a fixed stack buffer when constructing HTTP requests. Prevents an overflow
if a malicious VPN gateway sends a very long hostname/path (for redirects)
or cookie list. (There is a newer release of OpenConnect which includes
this fix, but also some bigger code changes, so that will wait until we
are done with 5.3 release). ok aja@ jasper@
was already pulled in via libs, so no new deps), and avoid SEPARATE_BUILD
for now as the code to detect a version mismatch between binary and lib
in this version doesn't handle it.
OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, IOS 12.4(9)T or later on Cisco SR500,
870, 880, 1800, 2800, 3800, 7200 Series and 7301 Routers, and probably
others. Features include:
- Connection through HTTP/SOCKS5 proxy.
- Automatic detection of IPv4 and IPv6 address, routes.
- Authentication via HTTP forms.
- Authentication using SSL certificates.
- Data transport over TCP (HTTPS) or UDP (DTLS).
- Keepalive and Dead Peer Detection on both HTTPS and DTLS.
- Automatic update of VPN server list / configuration.
- Roaming support, allowing reconnection when the local
IP address changes.
ok/tweaks jasper@, and *big* thanks to upstream developer David Woodhouse
for letting me have access to his test server, noticing+tracking down
problems with vpnc-script when configuring v6 addresses on tun on OpenBSD,
and testing the fix for this on a range of OS.
