~mamarley/openconnect/+git/gitlab-main:test-remove-Fedora38-CI

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

ae21be8... by Dan Lenski on 2024-02-20

Try removing Fedora 38 CI image

See discussion at https://gitlab.com/openconnect/openconnect/-/merge_requests/504#note_1781288802

Signed-off-by: Daniel Lenski <email address hidden>

ea7c528... by Dan Lenski on 2024-02-20

Merge branch 'fix_gp_IPv6_split_include' into 'master'

beef5d9... by Dan Lenski on 2024-02-20

Update changelog

This bug in GlobalProtect IPv6 split-include handling was introduced in
https://gitlab.com/openconnect/openconnect/-/commit/a2b8134edf8e5f8e942dedf105e2813a0824b919;
see also
https://gitlab.com/openconnect/openconnect/-/merge_requests/367#note_1780223796.

Signed-off-by: Daniel Lenski <email address hidden>

64f0c03... by Daniel L on 2024-02-20

Fix GlobalProtect config-parsing bug that misidentified IPv6 split-include routes as split-exclude

As reported on the mailing list at
https://lists.infradead.org/pipermail/openconnect-devel/2024-January/005386.html,
the relevant code wasn't handling the IPv6 case correctly.

Signed-off-by: Daniel Lenski <email address hidden>

026cd2d... by Dan Lenski on 2023-09-25

Send 'cas-support=yes' in GlobalProtect prelogin request

Per https://gitlab.com/openconnect/openconnect/-/issues/651, some newer GP
servers are responding to prelogin.esp requests with an error:

    CAS is not supported by the client. Minimum client version is 6.0

It appears that CAS ("Central Authentication Server";
https://apereo.github.io/cas/index.html) is a standardized single-sign-on
protocol requiring an external browser.

Per https://gitlab.com/openconnect/openconnect/-/issues/651#note_1576596243,
the field 'cas-support=yes' needs to be sent in the POST *body* of the
prelogin request, in order to avoid this error message; the error message's
claim that a specific client software version is necessary isn't very
helpful.

Signed-off-by: Daniel Lenski <email address hidden>

1e02c77... by Dan Lenski on 2023-09-26

Real GlobalProtect SAML authentication forms won't work without JavaScript

This adds a 'saml_needs_js' option to fake-gp-server.py. If set, the fake
SAML login form that it generates won't work correctly without JavaScript
execution, just like a "real" GlobalProtect SAML server.

See 64a0ba69e53d065f4d2ba4e89e6ff10926d6c895 for the use case for this fake
SAML authentication endpoint.

Signed-off-by: Daniel Lenski <email address hidden>

a79bba7... by Dimitri Papadopoulos Orfanos <email address hidden> on 2024-02-10

Merge branch 'JScript' into 'master'

Force the Windows script host to use the JScript engine

Closes #703

See merge request openconnect/openconnect!534

a13c2b5... by Dimitri Papadopoulos Orfanos <email address hidden> on 2024-02-05

Merge branch 'xmlstarlet' into 'master'

Force final newline in xmlstarlet

See merge request openconnect/openconnect!535

df51074... by Jon DeVree <email address hidden> on 2024-02-03

Force final newline in xmlstarlet

By default xmlstarlet does not include a final newline on the output.
Because POSIX says that all lines must end in a newline, this causes the
final line of output to be skipped by the 'while read ...' loop in bash.
Adding a '-n' after the '-v ...' causes xmlstarlet to include a final
newline at the end of its output.

Signed-off-by: Jon DeVree <email address hidden>

3c34c4a... by Dimitri Papadopoulos Orfanos <email address hidden> on 2024-02-02

Force the Windows script host to use the JScript engine

This bypasses rogue programs that register as handlers
for the ".js" file extension but fail to run the script.

Signed-off-by: Dimitri Papadopoulos Orfanos <email address hidden>