Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openfortivpn-1.22.1-lp160.1.1 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: openfortivpn Distribution: openSUSE Leap 16.0
Version: 1.22.1 Vendor: openSUSE
Release: lp160.1.1 Build date: Thu Jun 20 05:48:56 2024
Group: Productivity/Networking/Security Build host: reproducible
Size: 168278 Source RPM: openfortivpn-1.22.1-lp160.1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/adrienverge/openfortivpn
Summary: Client for PPP+SSL VPN tunnel services
openfortivpn is a client for PPP+SSL VPN tunnel services. It spawns a pppd
process and operates the communication between the gateway and this process.

It is compatible with Fortinet VPNs.

Provides

Requires

License

GPL-3.0-or-later

Changelog

* Thu Jun 20 2024 ming li <mli@suse.com>
  - Update to version 1.22.1
    * do not advertise we talk compressed HTTP - we don't
* Thu Apr 18 2024 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.22.0
    * do not print TLS socket options in log (revert change from
      1.16.0).
    * add option to specify SNI.
    * change most occurrences of "SSL" to "TLS" in user-visible text.
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %autosetup macro. Allows to eliminate the usage of deprecated
    PatchN.
* Thu Dec 14 2023 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.21.0
    * fix "Peer refused to agree to his IP address" message, again.
    * deprecate option --plugin.
    * better masking of password in logs.
* Thu Dec 14 2023 Nicolas FORMICHELLA <stigpro@outlook.fr>
  - Add openfortivpn-fix-usr-bin-env.patch to fix the shebang of files
    from env to bash.
* Sun Aug 27 2023 Martin Hauke <mardnh@gmx.de>
  - Compile with support for systemd (sd_notify)
* Mon Jul 03 2023 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.20.5
    * revert previous fix from 1.20.4, make it optional.
  - Update to version 1.20.4
    * fix "Peer refused to agree to his IP address" message.
  - Update to version 1.20.3
    * minor change in a warning message.
    * documentation improvement.
    * minor changes in build and test files.
  - Update to version 1.20.2
    * fix regression: do attempt to apply duplicate routes, log
      INFO instead of WARN.
    * minor changes in log messages.
  - Update patch:
    * harden_openfortivpn@.service.patch
* Mon Feb 27 2023 Martin Hauke <mardnh@gmx.de>
  - Update to versoin 1.20.1
    * Bugfix release.
  - Update to versoin 1.20.0
    * Discard invalid empty HDLC frame at end of buffer.
    * Prepend "SVPNCOOKIE=" to the given cookie if missing.
* Wed Oct 12 2022 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.19.0
    * fix "Peer refused to agree to our IP address" message
    * avoid setting duplicate routes
    * remove obsolete code that reads non-XML config from FortiOS
    * improve warning message when reading options from config file
  - Update to version 1.18.0
    * add new options to delegate the authentication to external
      programs
    * minor fixes in documentation
* Sat May 07 2022 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.17.3
    * fix regression: spurious warning message after reading config
* Thu Mar 31 2022 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.17.2
    * fix memory leak when reading user input
    * improve calls to getsockopt() and associated debug output
    * allow reading config from process substitution
    * work around CodeQL false positives, improving code at the same
      time
    * change type of systemd.service from simple to notify
* Wed Oct 13 2021 Johannes Segitz <jsegitz@suse.com>
  - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
    * harden_openfortivpn@.service.patch
* Thu Sep 09 2021 Martin Hauke <mardnh@gmx.de>
  - Updat eto version 1.17.1
    * fix regression: enable OpenSSL engines by default
    * fix typos found by codespell
    * fix LGTM alerts
* Fri Jul 16 2021 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.17.0
    * make OpenSSL engines optional
    * document and favor --pinentry over plain text password in
      configuration file
    * fix buffer overflow and other errors in URI espcaping for
    - -pinentry
    * use different --pinentry hints for different hosts, usernames
      and realms
    * fix memory management errors related to --user-agent option
* Sun Feb 14 2021 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.16.0
    * support for user key pass phrase
    * add a space at the end of the OTP prompt
    * modify memory allocation in the tunnel configuration structure
    * openfortivpn returns the PPP exit status
    * print SSL socket options in log
* Wed Sep 09 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.15.0
    * fix issue sending pin codes
    * add command line option to bind to specific interface
    * use different hints for OTP and 2FA
    * remove password from /proc/#/cmd
    * extend OTP to allow FTM push
    * add preliminary support for host checks
    * don't accept route to the vpn gateway
    * fix byte counter in pppd_write
* Sat May 23 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.14.1
    * fix out of bounds array access
* Tue May 12 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.14.0
    * add git commit id in debug output
    * do not use interface ip for routing on linux
    * avoid extra hop on interface for default route
    * clean up, updates and improvments in the build system
    * increase the inbound HTTP buffer capacity when needed
    * print domain search list to output
    * add systemd service file
    * add systemd notification when stopping
    * allow logging with both smartcard and username
    * fix GCC 9 and clang warnings
    * bump default minimal TLS version from TLSv1.0 to TLSv1.2
    * fix a couple coverity warnings
  - Package systemd service file
* Wed Apr 01 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.13.3
    * fix a coverity warning
    * cross-compile: do not check resolvconf on the host system
* Wed Mar 25 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.13.2
    * properly build on FreeBSD, even if ppp is not installed at
      configure time
    * build in the absence of resolvconf
* Tue Mar 24 2020 Martin Hauke <mardnh@gmx.de>
  - Update to versin 1.13.0
    * avoid unsupported versions of resolvconf
    * add configure and command line option for resolvconf
    * increase BUFSIZ
    * reinitialize static variables with the --persistent option
    * fix a memory leak in ipv4_add_nameservers_to_resolv_conf
* Thu Feb 27 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.12.0
    * fix CVE-2020-7043: TLS Certificate CommonName NULL Byte
      Vulnerability
    * fix CVE-2020-7042: use of uninitialized memory in
      X509_check_host
    * fix CVE-2020-7041: incorrect use of X509_check_host
      (regarding return value).
    * always hide cleartest password in -vv output
    * add a clear warning about sensitive information in the debug
      output
    * add a hint in debug output when password is read from config
      file
    * fix segfault when connecting with empty password
    * use resolvconf if available to update resolv.conf file
    * replace semicolon by space in dns-suffix string
* Thu Nov 28 2019 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.11.0
    * allow to connect with empty password (and with smartcard
      instead of username)
    * properly handle manipulations of resolv.conf
    * support dns-suffix feature
    * several codacy fixes
    * Add smartcard support with openssl-engine
    * correctly shift masks for cidr notation on MAC
    * one-byte fix to build with lcc compiler
    * pass space character as %20 instead of encoding it as '+'
  - Update to version 1.10.0
    * fix openssl 1.1.x compatibility issues
    * Connect to old TLSv1.0 software - override new openssl defaults.
    * suppress cleartext password in debug detail output / add new
      verbosity level
    * increase speed setting for pppd
    * configure.ac: rt_dst: don't run tests when option is passed
    * configure.ac: don't check file path if --with/--disable specified
    * userinput: pass a hint to the pinentry program
    * tunnel: make pppd default to logging to stderr
    * tunnel: pass our stderr to the pppd slave
* Sun Mar 17 2019 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.9.0
    * Update of the man page, especially about the dns settings
    * improved configure output: show detected paths for use at runtime
    * Make search string for the otp-prompt configurable
    * Add an option to specify a configurable delay during otp
      authentication
    * Make the options that control usepeerdns more consistent
* Mon Jan 07 2019 mardnh@gmx.de
  - Update to version 1.8.1
    Bug fix
    * With version 1.8.0 /etc/resolv.conf was not updated anymore in
      some situations. To avoid this regression the change
      "Rationalize DNS options" has been reverted again to restore the
      behavior of versions up to 1.7.1.
    * Correctly use realm together with two factor authentication
    * If no port is specified use standard https port similar as vendor
      client
    * Fix value of Accept-Encoding request header
    * Bugfix in url_encode for non alphanumerical characters
    * HTML URL Encoding with uppercase characters
    * Honor Cipher-list option
    Change in behavior
    * Support longer passowrds by allocation of a larger buffer
    * Improved detection of pppd/ppp client during configure stage
  - Update to version 1.8.0
    Bug fix
    * Prioritize command line arguments over config file parameters
    Change in behavior
    * When logging traffic also show http traffic (not only tunneled
      traffic)
    * Improve error message in case of login failure
    * Require root privileges for running. They are needed at various
      places. Previously, just a warning was issued, but in later stage
      things have failed.
    * Dynamically allocate routing buffer and therefore allow larger
      routing table.
    * Support systemd notification upon tunnel up
    * Change the way to read passwords such that backspace etc. should
      work as usual
    * Rationalize DNS options: pppd and openfortivpn were updating
      /etc/resolv.conf. Check man page and help output for the
      documentation of the current behavior.
* Mon Jun 18 2018 mardnh@gmx.de
  - Update to version 1.7.1
    * openfortivpn version 1.7.1
    * remove iswhitespace_like in favorite of isspace
    * treat carriage returns as white space (might solve #129) (#334)
    * update README.md for MacOS X (#333)
    * Ooops... Fix --help output.
    * Revert 6772c53
    * Let pppd handle DNS servers
    * Manual page fixes
    * Documentation: we -> openfortivpn
    * Ooops... Partial revert of 30a4e0b
    * Temporarily change recipient of Coverity reports
    * Simplify ofv_append_varr()
    * Use the ARRAY_SIZE macro
    * Automated Coverity analysis with Travis CI
    * Fix pylint warnings
    * Restore configure options removed in ac5c083
    * Shell indentation: avoid mixing tabs and spaces
    * Use PKG_CHECK_MODULES compiler/linker flags
    * Quote shell variables
    * bash -> sh
    * Balance directory tree
    * Build openfortivpn against OpenSSL 1.0.2
    * Refactor Travis CI integration
    * Revert 79f52ef
    * Rework OpenSSL library detection
    * Reworked array of pppd args (#295)
    * Build with missing pthread_mutexattr_setrobust() (#298)
* Mon Apr 23 2018 mardnh@gmx.de
  - Update to version 1.7.0
    * correctly set up route to vpn gateway (#285)
    * Properly check vsnprintf() return value
    * const correctness for strings
    * socket() requires <sys/socket.h> (#290)
    * HTTP end-of-line marker is CR LF
    * malloc(), realloc() and free() require <stdlib.h>
    * vsnprintf() is defined in <stdio.h>
    * va_start() and va_end() require <stdarg.h> (#287)
    * Improve script to find line length errors
    * If the OTP is specified in the configuration, use it for 2FA
    * fix formatting of man page
    * replace hard-coded virtual ip address in pppd call parameters
      by a rfc3330 test-net address
    * Print proper pppd status messages
    * Linux kernel coding style
    * Ignore strings when calculating line lengths
    * Make sure the Coverity defect is a false positive (#264)
    * Linux kernel coding style
    * Rephrase --half-internet-routes documentation
    * Limit string length to C99 standard
    * Add info about Debian (testing) package to readme
    * Add --pppd-call option. (#270)
    * Explain why Coverity defect is a false positive
    * Linux kernel coding style
    * Use X509_check_host instead of explicit CN match. (#242)
    * Fix usage string for half-internet-routes
    * UINT_MAX is defined in <limits.h>
    * avoid confusion of code branches for different platforms
    * added --persistent option for automatic reconnects (#190)
    * update README.md
    * Bourne shell
    * call aclocal from autogen.sh only if it exists
    * improve autoconf
    * Standard error message for malloc()/realloc()
    * Avoid Valgrind warning
    * C99 initialization instead of memset()
    * Documentation
* Fri Nov 17 2017 mardnh@gmx.de
  - Update to version 1.6.0
    * Linux kernel coding style
    * Does /usr/sbin/pppd exist?
    * Update README.md (#196)
    * Print message associated to pppd exit status code (#189)
    * preserve existing config during install, this solves #130 (#193)
    * Fix Codacy code style issues
    * Increase max cookie size to 4096
    * Fix Coverity defect
    * Avoid multiple occurrences of a magic number
    * Fix warning from static analysis tool scan-build
    * Update Linux installation instructions
    * dynamic allocation of memory for split route array (#163)
* Wed Oct 18 2017 mardnh@gmx.de
  - Update to version 1.5.0
    * Add error reporting after execvp in pppd_run
    * Move error reporting from ppd_run to ppd_terminate
    * Fix bug in pppd_run forking code
    * clean up config initialization and error messages during
      parsing options (#167)
    * Merge pull request #162 from mrbaseman/readme
    * update README.md and mention PKG_CONFIG_PATH
    * Merge pull request #158 from mrbaseman/routes
    * Merge branch 'master' into routes
    * Merge pull request #161 from bartlx/realm-in-configfile
    * Added the option of setting authentication realm in the configfile
    * add --half-internet-routes option, update man page
    * ipv4 routes: set default route as 0.0.0.0/1 and 128.0.0.0/1
    * Merge pull request #149 from martinetd/routes
    * Merge branch 'master' into routes
    * build: drop -Werror by default
    * config: allow passing the otp via the config file
    * http: fix possibly returning uninitialized memory to the server
    * build: avoid evaluating $sysconfidir on configure time
    * io: port to OpenSSL 1.1.0
    * build: use pkg-config for detecting and configuring OpenSSL
    * main: use strdup on pppd command line args
    * option parsing: add --set-routes and --set-dns options
    * help message: split define into multiple strings
  - Changes from 1.3.1
    * Emit an error if configured against OpenSSL 1.1.0
    * Support multiarch libraries
    * Update install documentation to describe the `--with-openssl` option
    * Instruct travis CI to use autogen.sh
    * Add openssl locations to configure options
    * Fix a few minor typos
    * Fix buffer overrun
    * Merge pull request #136 from Mabin-J/fix-#87
    * ipv4.h: increase 'MAX_SPLIT_ROUTES' 64 to 128 (Issue #87)
    * Merge pull request #135 from Mabin-J/fix-lock-status-in-macos
    * io.c: fix core cause of openfortivpn is locked when spawning pppd has failed.
    * Merge pull request #134 from DimitriPapadopoulos/master
    * Ignore SIGHUP
    * Handle SIGTERM as SIGINT
    * io.c: fix lock status when fail to spawn pppd in macOS.
  - Changes from 1.3.0
    * implement ipparam to be passed to pppd
    * Merge pull request #125 from mrbaseman/command-line-arguments
    * minor fixes to documentation, command line argument handling
      (-o was not recognized before), and free all pointers in
      destroy_vpn_config
    * Merge pull request #122 from mrbaseman/get_route_fallback
    * MacOSX version of ipv4_get_route
    * Merge pull request #121 from Mabin-J/fix-readme-macosx-install
    * README.md: modify 'macOS' part in 'Installing' Section
    * fix segment error when adding route for vpn has failed show
      warning message when adding route table is incomplete keep
      routing entries strictly separate and do not reuse rt_dev
    * Fix buffer overrun
    * ipv4.h: increase 'MAX_SPLIT_ROUTES' (32 -> 64)
    * Merge pull request #97 from Mabin-J/fix-to-remain-exist-route
    * ipv4: Refactor ipv4_add_*_vpn_route()
    * Load OS trusted certificate stores
    * Merge pull request #95 from mrbaseman/ppp-routes
    * This is a larger rework of the routing code
* Wed Mar 15 2017 mardnh@gmx.de
  - Update to version 1.3.0
  - Fix RPM group
  - Remove _service file
* Thu Nov 10 2016 singer@nefkom.net
  - Initial packaging, branched from Fedora Package
* Mon May 30 2016 singer@nefkom.net
  - Initial packaging, branched from Fedora Package

Files

/etc/openfortivpn
/etc/openfortivpn/config
/usr/bin/openfortivpn
/usr/lib/systemd/system/openfortivpn@.service
/usr/share/doc/packages/openfortivpn
/usr/share/doc/packages/openfortivpn/README.md
/usr/share/licenses/openfortivpn
/usr/share/licenses/openfortivpn/LICENSE
/usr/share/licenses/openfortivpn/LICENSE.OpenSSL
/usr/share/man/man1/openfortivpn.1.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Jan 24 23:31:26 2025