From 9697bea0e50952cab57063238b43a7099e498cbb Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Tue, 13 Dec 2016 12:31:37 +0000
Subject: [PATCH] Tag version 7.08

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 configure.ac      |  2 +-
 openconnect.h     |  2 +-
 version.sh        |  2 +-
 www/changelog.xml |  6 ++++++
 www/download.xml  | 51 +++++++++++++++++++++++++++++++----------------
 5 files changed, 43 insertions(+), 20 deletions(-)
diff --git a/configure.ac b/configure.ac
index 5bdbe479..5c50cf62 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT(openconnect, 7.07)
+AC_INIT(openconnect, 7.08)
 AC_CONFIG_HEADERS([config.h])
 
 PKG_PROG_PKG_CONFIG
diff --git a/openconnect.h b/openconnect.h
index c6217657..fc23c3ca 100644
--- a/openconnect.h
+++ b/openconnect.h
@@ -36,7 +36,7 @@ extern "C" {
 #define OPENCONNECT_API_VERSION_MINOR 4
 
 /*
- * API version 5.4:
+ * API version 5.4 (v7.08; 2016-12-13):
  *  - Add openconnect_set_pass_tos()
  *
  * API version 5.3 (v7.07; 2016-07-11):
diff --git a/version.sh b/version.sh
index 957d31dc..0197279d 100755
--- a/version.sh
+++ b/version.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-v="v7.07"
+v="v7.08"
 
 if [ -d ${GIT_DIR:-.git} ] && tag=`git describe --tags`; then
 	v="$tag"
diff --git a/www/changelog.xml b/www/changelog.xml
index 19a311f2..93920b69 100644
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -14,6 +14,12 @@
 <a href="http://git.infradead.org/users/dwmw2/openconnect.git">gitweb</a>.</p>
 <ul>
    <li><b>OpenConnect HEAD</b>
+     <ul>
+       <li><i>No changelog entries yet</i></li>
+     </ul><br/>
+  </li>
+  <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz">OpenConnect v7.08</a></b>
+     <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz.asc">PGP signature</a>)</i> &#8212; 2016-12-13
      <ul>
        <li>Add SHA256 support for server cert hashes.</li>
        <li>Enable DHE ciphers for Cisco DTLS.</li>
diff --git a/www/download.xml b/www/download.xml
index 1f5134d9..edec58d9 100644
--- a/www/download.xml
+++ b/www/download.xml
@@ -17,23 +17,40 @@
 
 <p>
 <!-- latest-release-start -->
-The latest release is <a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.07.tar.gz">OpenConnect v7.07</a>
-<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.07.tar.gz.asc">PGP signature</a>)</i>,
-released on 2016-07-11 with the following changelog:</p>
-   <ul>
-       <li>More fixes for OpenSSL 1.1 build.</li>
-       <li>Support Juniper "Post Sign-in Message".</li>
-       <li>Add <tt>--protocol</tt> option.</li>
-       <li>Fix ChaCha20-Poly1305 cipher suite to reflect final standard.</li>
-       <li>Add ability to disable IPv6 support via library API.</li>
-       <li>Set groups appropriately when using <tt>setuid()</tt>.</li>
-       <li>Automatic DTLS MTU detection.</li>
-       <li>Support SSL client certificate authentication with Juniper servers.</li>
-       <li>Revamp SSL certificate validation for OpenSSL and stop supporting OpenSSL older than 0.9.8.</li>
-       <li>Fix handling of multiple DNS search domains with Network Connect.</li>
-       <li>Fix handling of large configuration packets for Network Connect.</li>
-       <li>Enable SNI when built with OpenSSL <i>(1.0.1g or later)</i>.</li>
-       <li>Add <tt>--resolve</tt> and <tt>--local-hostname</tt> options to command line.</li>
+The latest release is <a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz">OpenConnect v7.08</a>
+<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz.asc">PGP signature</a>)</i>,
+released on 2016-12-13 with the following changelog:</p>
+     <ul>
+       <li>Add SHA256 support for server cert hashes.</li>
+       <li>Enable DHE ciphers for Cisco DTLS.</li>
+       <li>Increase initial oNCP configuration buffer size.</li>
+       <li>Reopen <tt>CONIN$</tt> when stdin is redirected on Windows.</li>
+       <li>Improve support for point-to-point routing on Windows.</li>
+       <li>Check for non-resumed DTLS sessions which may indicate a MiTM attack.</li>
+       <li>Add <tt>TUNIDX</tt> environment variable on Windows.</li>
+       <li>Fix compatibility with Pulse Secure 8.2R5.</li>
+       <li>Fix IPv6 support in Solaris.</li>
+       <li>Support DTLS automatic negotiation.</li>
+       <li>Support <tt>--key-password</tt> for GnuTLS PKCS#11 PIN.</li>
+       <li>Support automatic DTLS MTU detection with OpenSSL.</li>
+       <li>Drop support for combined GnuTLS/OpenSSL build.</li>
+       <li>Update OpenSSL to allow TLSv1.2, improve compatibility options.</li>
+       <li>Remove <tt>--no-cert-check</tt> option. It was being (mis)used.</li>
+       <li>Fix OpenSSL support for PKCS#11 EC keys without public key.</li>
+       <li>Support for final OpenSSL 1.1 release.</li>
+       <li>Fix polling/retry on "tun" socket when buffers full.</li>
+       <li>Fix AnyConnect server-side MTU setting.</li>
+       <li>Fix ESP replay detection.</li>
+       <li>Allow build with LibreSSL <i>(for fetishists only; do not use this as DTLS is broken)</i>.</li>
+       <li>Add certificate torture test suite.</li>
+       <li>Support PKCS#11 PIN via <tt>pin-value=</tt> and <tt>--key-password</tt> for OpenSSL.</li>
+       <li>Fix integer overflow issues with ESP packet replay detection.</li>
+       <li>Add <tt>--pass-tos</tt> option as in OpenVPN.</li>
+       <li>Support rÃ´le selection form in Juniper VPN.</li>
+       <li>Support DER-format certificates, add certificate format torture tests.</li>
+       <li>For OpenSSL >= 1.0.2, fix certificate validation when only an
+          intermediate CA is specified with the <tt>--cafile</tt> option.</li>
+       <li>Support Juniper "Pre Sign-in Message".</li>
      </ul>
 <!-- latest-release-end -->
 
-- 
2.49.0

