Update changelog

This also addresses the closely-related issue described in
https://gitlab.com/openconnect/openconnect/-/merge_requests/500, where
OpenConnect would prefer a GP server's IPv6 magic ping adress over its
Legacy IP magic ping address, even if `--disable-ipv6` is specified:
> Previous logic always preferred the ipv6 gateway address and magic for ESP
> even if ipv6 was explicitly disabled.  A VPN I use currently will only
> negotiate an ESP connection over ipv4 despite advertising a v6 gateway.

This similarly results in non-functional ESP:

> The result was that with ipv6 enabled, ESP pings were sent but would not
> renegotiate, with it disabled openconnect would erroneously report that
> the response did not contain a matching gateway and keys.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/www/changelog.xml b/www/changelog.xml
index ffc192e19259bf19fa52fbe87b9d50bd4cd49068..04b088f262c292d9910ba691b5a51e87ef37afb7 100644 (file)
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -32,7 +32,8 @@
        <li>Sort GlobalProtect gateways according to portal's regionalized priority list (<a href="https://gitlab.com/openconnect/openconnect/-/issues/663">#663</a>, <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/498">!495</a>).</li>
        <li>openconnect_disable_dtls() allows to disable DTLS unless it is already connected (<a href="https://gitlab.com/openconnect/openconnect/-/issues/697">#697</a>)</li>
        <li>Enable DTLSv1.0 to continue working with OpenSSL v3.1.0 and newer (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/504">!504</a>, <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/536">!536</a>).</li>
-       <li>Fix bug that caused OpenConnect to incorrectly log the remaining time until a re-key or periodic Trojan incorrect (<a href="https://gitlab.com/openconnect/openconnect/-/issues/677">#677</a>, <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/539">!539</a>)</li>
+       <li>Fix bug that caused OpenConnect to incorrectly log the remaining time until a re-key or periodic Trojan (<a href="https://gitlab.com/openconnect/openconnect/-/issues/677">#677</a>, <a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/539">!539</a>)</li>
+       <li>Fix bug that prevented GlobalProtect ESP from working correctly when the server sends both Legacy IP and IPv6 versions of the ESP "magic ping" address, but no IPv6 client address (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/565">!565</a>)</li>
      </ul><br/>
   </li>
   <li><b><a href="https://www.infradead.org/openconnect/download/openconnect-9.12.tar.gz">OpenConnect v9.12</a></b>