openconnect-7.06-4.1

- Update to version 7.0.6
  * Fix openconnect.pc breakage after liboath removal.
  * Refactor Juniper Network Connect receive loop.
  * Fix some memory leaks.
  * Add Bosnian translation.

- Update to version 7.0.5
  * Fix alignment issue which broke LZS compression on ARM etc.
  * Support HTTP authentication to servers, not just proxies.
  * Add SHA256/SHA512 support for OATH.
  * Remove liboath dependency.
  * Support DTLS v1.2 and AES-GCM with OpenSSL 1.0.2.
  * Add OpenSSL 1.0.2 to known-broken releases (RT#3703, RT#3711).
  * Fix build with OpenSSL HEAD (OpenSSL 1.1.x).
  * Preliminary support for Juniper SSL VPN.

- Update to Version 7.04
  * Change default behaviour to enable only stateless compression.
  * Add --compression argument and openconnect_set_compression_mode().
  * Add support for LZS compression
  * Add support for LZ4 compression
- Add liblz4-devel dependency for LZ4 compression support.

- Update to Version 7.03
  * Clean up handling of incoming packets.
  * Fix issue with two-stage (i.e. NetworkManager) connection to
    servers with trick DNS (rh#1179681).
  * Stop using static variables for received packets.

- Update to Version 7.02
  * Add PKCS#11 support for OpenSSL.
  * Fix handling of select options in openconnect_set_option_value().

- Update to Version 7.01
  * Try harder to find a PKCS#11 key to match a given certificate.
  * Handle 'Connection: close' from proxies correctly.
  * Warn when MTU is set too low (<1280) to permit IPv6 connectivity.
  * Add support for X-CSTP-DynDNS, to trigger DNS lookup on each reconnec

- Update to Version 7.00
  * Add support for GnuTLS 3.4 system: keys including Windows certificate store.
  * Add support for HOTP/TOTP keys from Yubikey NEO devices.
  * Add ---no-system-trust option to disable default certificate authorities.
  * Improve libiconv and libintl detection.
  * Stop calling setenv() from library functions.
  * Support utun driver on OS X.
  * Change library API so string ownership is never transferred.
  * Support new NDIS6 TAP-Windows driver shipped with OpenVPN 2.3.4.
  * Support using PSKC (RFC6030) token files for HOTP/TOTP tokens.
  * Support for updating HOTP token storage when token is used.
  * Support for reading OTP token data from a file.
  * Add full character set handling for legacy non-UTF8 systems (including Windows).
  * Fix legacy (i.e. not XML POST) submission of non-ASCII form entries (even in UTF-8 locales).
  * Avoid retrying without XML POST, when we failed to even reach the server.
  * Fix off-by-one in parameter substitution in error messages.
  * Improve reporting when GSSAPI auth requested but not compiled in.
  * Fix parsing of split include routes on Windows.
  * Fix crash on invocation with --token-mode but no --token-secret.

- Add token support via stoken

- Update to Version 6.00
  * Support SOCKS proxy authentication (password, GSSAPI).
  * Support HTTP proxy authentication (Basic, Digest, NTLM and GSSAPI).
  * Download XML profile in XML POST mode.
  * Fix a couple of bugs involving DTLS rekeying.
  * Fix problems seen when building or connecting without DTLS enabled.
  * Fix tun error handling on Windows hosts.
  * Skip password prompts when using PKCS#8 and PKCS#12 certificates with
  empty passwords.
  * Fix several minor memory leaks and error paths.
  * Update several Android dependencies, and make the download process more
  robust.

- Update to Version 5.99
  * Add RFC4226 HOTP token support.
  * Tolerate servers closing connection uncleanly after HTTP/1.0 response
  (Ubuntu #1225276).
  * Add support for IPv6 split tunnel configuration.
  * Add Windows support with MinGW (tested with both IPv6 and Legacy IP with
  latest vpnc-script-win.js)
  * Change library API to support updating the auth form when the authgroup
  is changed (Ubuntu #1229195).
  * Change --os mac to --os mac-intel, to match the identifier used by Cisco
  clients.
  * Add new API functions to support invoking the VPN mainloop directly from
  an application.
  * Add JNI interface and sample Java application.
  * Fix junk in --cookieonly output when CSD is enabled.
  * Enable TOTP, stoken, and JNI support in the Android builds.
  * Add --pfs option to enforce perfect forward secrecy.
  * Enable elliptic curves with GnuTLS 3.2.9+, where there is a workaround for
  certain firewalls that fail with client hellos between 256 and 512 bytes.
  * Add padding when sending password, to avoid leakage of password and
  username length.
  * Add support for DTLS 1.2 and AES-GCM when connecting to ocserv.
  * Add support for server name indication when compiled with GnuTLS 3.2.9+.

- Update to version 5.03
  * Fix crash on --authenticate due to freeing --cafile option in argv.
- Update to version 5.02
  * Fix XML POST issues with authgroups by falling back to old style login.
  * Fix --cookie-on-stdin with cookies from ocserv.
  * Fix reconnection to wrong host after redirect.
  * Reduce limit of queued packets on DTLS socket, to fix VoIP latency.
  * Fix Solaris build breakage due to missing <string.h> includes.
  * Include path in <group-access> node.
  * Include supporting CA certificates from PKCS#11 tokens (with GnuTLS 3.2.7+).
  * Fix possible heap overflow if MTU is increased on reconnection (CVE-2013-7098).
- Update to version 5.01
  * Attempt to handle <client-cert-request> in aggregate auth mode.
  * Don't include X-Aggregate-Auth: header in fallback mode.
  * Enable AES256 mode for DTLS with GnuTLS (RH#955710).
  * Add --dump-http-traffic option for debugging.
  * Be more permissive in parsing XML forms.
  * Use original URL when falling back to non-XML POST mode.
  * Add --no-xmlpost option to revert to older, compatible behaviour.
  * Close connection before falling back to non-xmlpost mode (RH#964650).
  * Improve error handling when server closes connection (Debian #708928).
- Update to version 5.00
  * Use GnuTLS by default instead of OpenSSL.
  * Avoid using deprecated gnutls_pubkey_verify_data() function.
  * Fix compatibility issues with XML POST authentication.
  * Fix memory leaks on realloc() failure.
  * Fix certificate validation problem caused by hostname canonicalisation.
  * Add RFC6238 TOTP token support using liboath.
  * Replace --stoken option with more generic --token-mode and --token-secret options.
- Update to version 4.99
  * Add --os switch to report a different OS type to the gateway.
  * Support new XML POST format.
  * Add SecurID token support using libstoken.

- Fix bnc#817152
- Update to version 4.09
  * Fix overflow on HTTP request buffers (CVE-2012-6128)
  * Fix connection to servers with round-robin DNS with two-stage
    auth/connect.
  * Impose minimum MTU of 1280 bytes.
  * Fix some harmless issues reported by Coverity.
  * Improve "Attempting to connect..." message to be explicit
    when it's connecting to a proxy.
- Update to version 4.07
  * Fix segmentation fault when invoked with -p argument.
  * Fix handling of write stalls on CSTP (TCP) socket.
- Update to version 4.06
  * Fix default CA location for non-Fedora systems with old GnuTLS.
  * Improve error handing when vpnc-script exits with error.
  * Handle PKCS#11 tokens which won't list keys without login.
- Update to version 4.05
  * Use correct CSD script for Mac OS X.
  * Fix endless loop in PIN cache handling with multiple PKCS#11
    tokens.
  * Fix PKCS#11 URI handling to preserve all attributes.
  * Don't forget key password on GUI reconnect.
  * Fix GnuTLS v3 build on OpenBSD.
- Update to version 4.04
  * Fix GnuTLS password handling for PKCS#8 files.
- Update to version 4.03
  * Fix --no-proxy option.
  * Fix handling of requested vs. received MTU settings.
  * Fix DTLS MTU for GnuTLS 3.0.21 and newer.
  * Support more ciphers for OpenSSL encrypted PEM keys, with
    GnuTLS.
  * Fix GnuTLS compatibilty issue with servers that insist on
    TLSv1.0 or non-AES ciphers (RH#836558).
- Update to version 4.02
  * Fix build failure due to unconditional inclusion of
    <gnutls/dtls.h>.
- Update to version 4.01
  * Add support for OpenSSL's odd encrypted PKCS#1 files, for
    GnuTLS.
  * Fix repeated passphrase retry for OpenSSL.
  * Add keystore support for Android.
  * Support TPM, and also additional checks on PKCS#11 certs,
    even with GnuTLS 2.12.
  * Fix library references to OpenSSL's ERR_print_errors_cb() when built against GnuTLS v2.12.
- Update to version 4.00
  * Add support for OpenSSL's odd encrypted PKCS#1 files, for GnuTLS.
  * Fix repeated passphrase retry for OpenSSL.
  * Add keystore support for Android.
  * Support TPM, and also additional checks on PKCS#11 certs, even with GnuTLS 2.12.
  * Fix library references to OpenSSL's ERR_print_errors_cb() when built against GnuTLS v2.12.

- license update: LGPL-2.1+
  No LGPL-2.1 "only" licenses found. Fedora also uses LGPL-2.1 "or later"
  as license

- Fixes buffer overflow security vulnerability.  See:
  * CVE-2012-3291
  * BNC#767616
- Update to version 3.99
  * Enable native TPM support when built with GnuTLS.
  * Enable PKCS#11 token support when built with GnuTLS.
  * Eliminate all SSL library exposure through libopenconnect.
  * Parse split DNS information, provide $CISCO_SPLIT_DNS
    environment variable to vpnc-script.
  * Attempt to provide new-style MTU information to server (on
    Linux only, unless specified on command line).
  * Allow building against GnuTLS, including DTLS support.
  * Add --with-pkgconfigdir= option to configure for FreeBSD's
    benefit (fd#48743).
- Update to version 3.20
  * Cope with non-keepalive HTTP response on authentication success
  * Fix progress callback with incorrect cbdata which caused KDE
    crash.
- Update to version 3.19
  * Add --config option for reading options from file.
  * Improve OpenSSL DTLS compatibility to work on Ubuntu 10.04.
  * Flush progress logging output promptly after each message.
  * Add symbol versioning for shared library (on sane platforms).
  * Add openconnect_set_cancel_fd() function to allow clean
    cancellation.
  * Fix corruption of URL in openconnect_parse_url() if it
    specifies a port number.
  * Fix inappropriate exit() calls from library code.
  * Library namespace cleanup ? all symbols now have the prefix
    openconnect_ on platforms where symbol versioning works.
  * Fix --non-inter option so it still uses login information from
    command line.
- Update to version 3.18
  * Fix autohate breakage with --disable-nls... hopefully.
  * Fix buffer overflow in banner handling.
- Update to version 3.17
  * Work around time() brokenness on Solaris.
  * Fix interface plumbing on Solaris 10.
  * Provide asprintf() function for (unpatched) Solaris 10.
  * Make vpnc-script mandatory, like it is for vpnc
  * Don't set Legacy IP address on tun device; let vpnc-script do
    it.
  * Detect OpenSSL even without pkg-config.
  * Stop building static library by default.
  * Invoke vpnc-script with "pre-init" reason to load tun module if
    necessary.
- Update to version 3.16
  * Fix build failure on Debian/kFreeBSD and Hurd.
  * Fix memory leak of deflated packets.
  * Fix memory leak of zlib state on CSTP reconnect.
  * Eliminate memcpy() calls on packets from DTLS and tunnel device
  * Use I_LINK instead of I_PLINK on Solaris to plumb interface for
    Legacy IP.
  * Plumb interface for IPv6 on Solaris, instead of expecting
    vpnc-script to do it.
  * Refer to vpnc-script and help web pages in openconnect output.
  * Fix potential crash when processing libproxy results.
  * Be more conservative in detecting libproxy without pkg-config.
- Add optional libproxy-devel buildrequires
- Add new mandatory vpnc buildrequires
- Package new documentation in doc package
- Remove static devel libraries since this is the new upstream
  default

- Update to version 3.15
  * Fix for reading multiple packets from Solaris tun device.
  * Call bindtextdomain() to ensure that translations are found in install path.
- Update to version 3.14
  * Move executable to $prefix/sbin.
  * Fix build issues on OSX, OpenIndiana, DragonFlyBSD, OpenBSD, FreeBSD & NetBSD.
  * Fix non-portable (void *) arithmetic.
  * Make more messages translatable.
  * Attempt to make NLS support more portable (with fewer dependencies).
- Update to version 3.13
  * Add --cert-expire-warning option.
  * Give visible warning when server dislikes client SSL certificate.
  * Add localisation support.
  * Fix build on Debian systems where dtls1_stop_timer() is not available.
  * Fix libproxy detection.
  * Enable a useful set of compiler warnings by default.
  * Fix various minor compiler warnings.
- Update to version 3.12
  * Fix DTLS compatibility with ASA firmware 8.4.1(11) and above.
  * Fix build failures on GNU Hurd, on systems with ancient OpenSSL, and on Debian.
  * Add --pid-file option.
  * Print SHA1 fingerprint with server certificate details.
- spec file changes
  * Package language files in a lang package
  * Since the binary is in /usr/sbin, keep the manual as man8
  * Package .a file in -devel package and have -devel package provide -devel-static

- Simplified man file installation
- Cleaned up spec file formatting

- Changed manuals to man1

- Removed %{?_smp_mflags}

- Removed unneeded libopenconnect.la file.
- Minor formatting changes to several spec file macros

- Added upstream url to Source0: tag
- Switched back to original tar.gz file