Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
network:vpn
openfortivpn
openfortivpn.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openfortivpn.changes of Package openfortivpn
------------------------------------------------------------------- Fri Nov 29 22:16:30 UTC 2024 - Richard Rahl <rrahl0@opensuse.org> - fix an issue where an error happened with certificate logins for FortiOS 7.4.4 by adding fix-certificate-login-error.patch - fix SLE12 - use pkgconfig for devel packages ------------------------------------------------------------------- Thu Jun 20 03:48:56 UTC 2024 - ming li <mli@suse.com> - Update to version 1.22.1 * do not advertise we talk compressed HTTP - we don't ------------------------------------------------------------------- Thu Apr 18 17:18:21 UTC 2024 - Martin Hauke <mardnh@gmx.de> - Update to version 1.22.0 * do not print TLS socket options in log (revert change from 1.16.0). * add option to specify SNI. * change most occurrences of "SSL" to "TLS" in user-visible text. ------------------------------------------------------------------- Mon Feb 26 12:45:38 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org> - Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN. ------------------------------------------------------------------- Thu Dec 14 20:53:26 UTC 2023 - Martin Hauke <mardnh@gmx.de> - Update to version 1.21.0 * fix "Peer refused to agree to his IP address" message, again. * deprecate option --plugin. * better masking of password in logs. ------------------------------------------------------------------- Thu Dec 14 20:35:58 UTC 2023 - Nicolas FORMICHELLA <stigpro@outlook.fr> - Add openfortivpn-fix-usr-bin-env.patch to fix the shebang of files from env to bash. ------------------------------------------------------------------- Sun Aug 27 16:47:53 UTC 2023 - Martin Hauke <mardnh@gmx.de> - Compile with support for systemd (sd_notify) ------------------------------------------------------------------- Mon Jul 3 13:31:07 UTC 2023 - Martin Hauke <mardnh@gmx.de> - Update to version 1.20.5 * revert previous fix from 1.20.4, make it optional. - Update to version 1.20.4 * fix "Peer refused to agree to his IP address" message. - Update to version 1.20.3 * minor change in a warning message. * documentation improvement. * minor changes in build and test files. - Update to version 1.20.2 * fix regression: do attempt to apply duplicate routes, log INFO instead of WARN. * minor changes in log messages. - Update patch: * harden_openfortivpn@.service.patch ------------------------------------------------------------------- Mon Feb 27 13:39:27 UTC 2023 - Martin Hauke <mardnh@gmx.de> - Update to versoin 1.20.1 * Bugfix release. - Update to versoin 1.20.0 * Discard invalid empty HDLC frame at end of buffer. * Prepend "SVPNCOOKIE=" to the given cookie if missing. ------------------------------------------------------------------- Wed Oct 12 09:51:16 UTC 2022 - Martin Hauke <mardnh@gmx.de> - Update to version 1.19.0 * fix "Peer refused to agree to our IP address" message * avoid setting duplicate routes * remove obsolete code that reads non-XML config from FortiOS * improve warning message when reading options from config file - Update to version 1.18.0 * add new options to delegate the authentication to external programs * minor fixes in documentation ------------------------------------------------------------------- Sat May 7 14:00:06 UTC 2022 - Martin Hauke <mardnh@gmx.de> - Update to version 1.17.3 * fix regression: spurious warning message after reading config ------------------------------------------------------------------- Thu Mar 31 14:59:12 UTC 2022 - Martin Hauke <mardnh@gmx.de> - Update to version 1.17.2 * fix memory leak when reading user input * improve calls to getsockopt() and associated debug output * allow reading config from process substitution * work around CodeQL false positives, improving code at the same time * change type of systemd.service from simple to notify ------------------------------------------------------------------- Wed Oct 13 10:41:17 UTC 2021 - Johannes Segitz <jsegitz@suse.com> - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_openfortivpn@.service.patch ------------------------------------------------------------------- Thu Sep 9 12:51:01 UTC 2021 - Martin Hauke <mardnh@gmx.de> - Updat eto version 1.17.1 * fix regression: enable OpenSSL engines by default * fix typos found by codespell * fix LGTM alerts ------------------------------------------------------------------- Fri Jul 16 20:03:25 UTC 2021 - Martin Hauke <mardnh@gmx.de> - Update to version 1.17.0 * make OpenSSL engines optional * document and favor --pinentry over plain text password in configuration file * fix buffer overflow and other errors in URI espcaping for --pinentry * use different --pinentry hints for different hosts, usernames and realms * fix memory management errors related to --user-agent option ------------------------------------------------------------------- Sun Feb 14 15:40:03 UTC 2021 - Martin Hauke <mardnh@gmx.de> - Update to version 1.16.0 * support for user key pass phrase * add a space at the end of the OTP prompt * modify memory allocation in the tunnel configuration structure * openfortivpn returns the PPP exit status * print SSL socket options in log ------------------------------------------------------------------- Wed Sep 9 18:34:03 UTC 2020 - Martin Hauke <mardnh@gmx.de> - Update to version 1.15.0 * fix issue sending pin codes * add command line option to bind to specific interface * use different hints for OTP and 2FA * remove password from /proc/#/cmd * extend OTP to allow FTM push * add preliminary support for host checks * don't accept route to the vpn gateway * fix byte counter in pppd_write ------------------------------------------------------------------- Sat May 23 08:34:20 UTC 2020 - Martin Hauke <mardnh@gmx.de> - Update to version 1.14.1 * fix out of bounds array access ------------------------------------------------------------------- Tue May 12 18:46:49 UTC 2020 - Martin Hauke <mardnh@gmx.de> - Update to version 1.14.0 * add git commit id in debug output * do not use interface ip for routing on linux * avoid extra hop on interface for default route * clean up, updates and improvments in the build system * increase the inbound HTTP buffer capacity when needed * print domain search list to output * add systemd service file * add systemd notification when stopping * allow logging with both smartcard and username * fix GCC 9 and clang warnings * bump default minimal TLS version from TLSv1.0 to TLSv1.2 * fix a couple coverity warnings - Package systemd service file ------------------------------------------------------------------- Wed Apr 1 05:42:13 UTC 2020 - Martin Hauke <mardnh@gmx.de> - Update to version 1.13.3 * fix a coverity warning * cross-compile: do not check resolvconf on the host system ------------------------------------------------------------------- Wed Mar 25 18:09:34 UTC 2020 - Martin Hauke <mardnh@gmx.de> - Update to version 1.13.2 * properly build on FreeBSD, even if ppp is not installed at configure time * build in the absence of resolvconf ------------------------------------------------------------------- Tue Mar 24 20:21:17 UTC 2020 - Martin Hauke <mardnh@gmx.de> - Update to versin 1.13.0 * avoid unsupported versions of resolvconf * add configure and command line option for resolvconf * increase BUFSIZ * reinitialize static variables with the --persistent option * fix a memory leak in ipv4_add_nameservers_to_resolv_conf ------------------------------------------------------------------- Thu Feb 27 15:14:15 UTC 2020 - Martin Hauke <mardnh@gmx.de> - Update to version 1.12.0 * fix CVE-2020-7043: TLS Certificate CommonName NULL Byte Vulnerability * fix CVE-2020-7042: use of uninitialized memory in X509_check_host * fix CVE-2020-7041: incorrect use of X509_check_host (regarding return value). * always hide cleartest password in -vv output * add a clear warning about sensitive information in the debug output * add a hint in debug output when password is read from config file * fix segfault when connecting with empty password * use resolvconf if available to update resolv.conf file * replace semicolon by space in dns-suffix string ------------------------------------------------------------------- Thu Nov 28 19:20:07 UTC 2019 - Martin Hauke <mardnh@gmx.de> - Update to version 1.11.0 * allow to connect with empty password (and with smartcard instead of username) * properly handle manipulations of resolv.conf * support dns-suffix feature * several codacy fixes * Add smartcard support with openssl-engine * correctly shift masks for cidr notation on MAC * one-byte fix to build with lcc compiler * pass space character as %20 instead of encoding it as '+' - Update to version 1.10.0 * fix openssl 1.1.x compatibility issues * Connect to old TLSv1.0 software - override new openssl defaults. * suppress cleartext password in debug detail output / add new verbosity level * increase speed setting for pppd * configure.ac: rt_dst: don't run tests when option is passed * configure.ac: don't check file path if --with/--disable specified * userinput: pass a hint to the pinentry program * tunnel: make pppd default to logging to stderr * tunnel: pass our stderr to the pppd slave ------------------------------------------------------------------- Sun Mar 17 11:52:47 UTC 2019 - Martin Hauke <mardnh@gmx.de> - Update to version 1.9.0 * Update of the man page, especially about the dns settings * improved configure output: show detected paths for use at runtime * Make search string for the otp-prompt configurable * Add an option to specify a configurable delay during otp authentication * Make the options that control usepeerdns more consistent ------------------------------------------------------------------- Mon Jan 7 08:05:03 UTC 2019 - mardnh@gmx.de - Update to version 1.8.1 Bug fix * With version 1.8.0 /etc/resolv.conf was not updated anymore in some situations. To avoid this regression the change "Rationalize DNS options" has been reverted again to restore the behavior of versions up to 1.7.1. * Correctly use realm together with two factor authentication * If no port is specified use standard https port similar as vendor client * Fix value of Accept-Encoding request header * Bugfix in url_encode for non alphanumerical characters * HTML URL Encoding with uppercase characters * Honor Cipher-list option Change in behavior * Support longer passowrds by allocation of a larger buffer * Improved detection of pppd/ppp client during configure stage - Update to version 1.8.0 Bug fix * Prioritize command line arguments over config file parameters Change in behavior * When logging traffic also show http traffic (not only tunneled traffic) * Improve error message in case of login failure * Require root privileges for running. They are needed at various places. Previously, just a warning was issued, but in later stage things have failed. * Dynamically allocate routing buffer and therefore allow larger routing table. * Support systemd notification upon tunnel up * Change the way to read passwords such that backspace etc. should work as usual * Rationalize DNS options: pppd and openfortivpn were updating /etc/resolv.conf. Check man page and help output for the documentation of the current behavior. ------------------------------------------------------------------- Mon Jun 18 06:24:41 UTC 2018 - mardnh@gmx.de - Update to version 1.7.1 * openfortivpn version 1.7.1 * remove iswhitespace_like in favorite of isspace * treat carriage returns as white space (might solve #129) (#334) * update README.md for MacOS X (#333) * Ooops... Fix --help output. * Revert 6772c53 * Let pppd handle DNS servers * Manual page fixes * Documentation: we -> openfortivpn * Ooops... Partial revert of 30a4e0b * Temporarily change recipient of Coverity reports * Simplify ofv_append_varr() * Use the ARRAY_SIZE macro * Automated Coverity analysis with Travis CI * Fix pylint warnings * Restore configure options removed in ac5c083 * Shell indentation: avoid mixing tabs and spaces * Use PKG_CHECK_MODULES compiler/linker flags * Quote shell variables * bash -> sh * Balance directory tree * Build openfortivpn against OpenSSL 1.0.2 * Refactor Travis CI integration * Revert 79f52ef * Rework OpenSSL library detection * Reworked array of pppd args (#295) * Build with missing pthread_mutexattr_setrobust() (#298) ------------------------------------------------------------------- Mon Apr 23 08:15:04 UTC 2018 - mardnh@gmx.de - Update to version 1.7.0 * correctly set up route to vpn gateway (#285) * Properly check vsnprintf() return value * const correctness for strings * socket() requires <sys/socket.h> (#290) * HTTP end-of-line marker is CR LF * malloc(), realloc() and free() require <stdlib.h> * vsnprintf() is defined in <stdio.h> * va_start() and va_end() require <stdarg.h> (#287) * Improve script to find line length errors * If the OTP is specified in the configuration, use it for 2FA * fix formatting of man page * replace hard-coded virtual ip address in pppd call parameters by a rfc3330 test-net address * Print proper pppd status messages * Linux kernel coding style * Ignore strings when calculating line lengths * Make sure the Coverity defect is a false positive (#264) * Linux kernel coding style * Rephrase --half-internet-routes documentation * Limit string length to C99 standard * Add info about Debian (testing) package to readme * Add --pppd-call option. (#270) * Explain why Coverity defect is a false positive * Linux kernel coding style * Use X509_check_host instead of explicit CN match. (#242) * Fix usage string for half-internet-routes * UINT_MAX is defined in <limits.h> * avoid confusion of code branches for different platforms * added --persistent option for automatic reconnects (#190) * update README.md * Bourne shell * call aclocal from autogen.sh only if it exists * improve autoconf * Standard error message for malloc()/realloc() * Avoid Valgrind warning * C99 initialization instead of memset() * Documentation ------------------------------------------------------------------- Fri Nov 17 21:30:57 UTC 2017 - mardnh@gmx.de - Update to version 1.6.0 * Linux kernel coding style * Does /usr/sbin/pppd exist? * Update README.md (#196) * Print message associated to pppd exit status code (#189) * preserve existing config during install, this solves #130 (#193) * Fix Codacy code style issues * Increase max cookie size to 4096 * Fix Coverity defect * Avoid multiple occurrences of a magic number * Fix warning from static analysis tool scan-build * Update Linux installation instructions * dynamic allocation of memory for split route array (#163) ------------------------------------------------------------------- Wed Oct 18 19:28:19 UTC 2017 - mardnh@gmx.de - Update to version 1.5.0 * Add error reporting after execvp in pppd_run * Move error reporting from ppd_run to ppd_terminate * Fix bug in pppd_run forking code * clean up config initialization and error messages during parsing options (#167) * Merge pull request #162 from mrbaseman/readme * update README.md and mention PKG_CONFIG_PATH * Merge pull request #158 from mrbaseman/routes * Merge branch 'master' into routes * Merge pull request #161 from bartlx/realm-in-configfile * Added the option of setting authentication realm in the configfile * add --half-internet-routes option, update man page * ipv4 routes: set default route as 0.0.0.0/1 and 128.0.0.0/1 * Merge pull request #149 from martinetd/routes * Merge branch 'master' into routes * build: drop -Werror by default * config: allow passing the otp via the config file * http: fix possibly returning uninitialized memory to the server * build: avoid evaluating $sysconfidir on configure time * io: port to OpenSSL 1.1.0 * build: use pkg-config for detecting and configuring OpenSSL * main: use strdup on pppd command line args * option parsing: add --set-routes and --set-dns options * help message: split define into multiple strings - Changes from 1.3.1 * Emit an error if configured against OpenSSL 1.1.0 * Support multiarch libraries * Update install documentation to describe the `--with-openssl` option * Instruct travis CI to use autogen.sh * Add openssl locations to configure options * Fix a few minor typos * Fix buffer overrun * Merge pull request #136 from Mabin-J/fix-#87 * ipv4.h: increase 'MAX_SPLIT_ROUTES' 64 to 128 (Issue #87) * Merge pull request #135 from Mabin-J/fix-lock-status-in-macos * io.c: fix core cause of openfortivpn is locked when spawning pppd has failed. * Merge pull request #134 from DimitriPapadopoulos/master * Ignore SIGHUP * Handle SIGTERM as SIGINT * io.c: fix lock status when fail to spawn pppd in macOS. - Changes from 1.3.0 * implement ipparam to be passed to pppd * Merge pull request #125 from mrbaseman/command-line-arguments * minor fixes to documentation, command line argument handling (-o was not recognized before), and free all pointers in destroy_vpn_config * Merge pull request #122 from mrbaseman/get_route_fallback * MacOSX version of ipv4_get_route * Merge pull request #121 from Mabin-J/fix-readme-macosx-install * README.md: modify 'macOS' part in 'Installing' Section * fix segment error when adding route for vpn has failed show warning message when adding route table is incomplete keep routing entries strictly separate and do not reuse rt_dev * Fix buffer overrun * ipv4.h: increase 'MAX_SPLIT_ROUTES' (32 -> 64) * Merge pull request #97 from Mabin-J/fix-to-remain-exist-route * ipv4: Refactor ipv4_add_*_vpn_route() * Load OS trusted certificate stores * Merge pull request #95 from mrbaseman/ppp-routes * This is a larger rework of the routing code ------------------------------------------------------------------- Wed Mar 15 20:01:56 UTC 2017 - mardnh@gmx.de - Update to version 1.3.0 - Fix RPM group - Remove _service file ------------------------------------------------------------------- Thu Nov 10 00:00:00 UTC 2016 - singer@nefkom.net - Initial packaging, branched from Fedora Package ------------------------------------------------------------------- Mon May 30 00:00:00 UTC 2016 - singer@nefkom.net - Initial packaging, branched from Fedora Package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor