| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_openfortivpn@.service.patch
- Updat eto version 1.17.1 * fix regression: enable OpenSSL engines by default * fix typos found by codespell * fix LGTM alerts
- Update to version 1.17.0
* make OpenSSL engines optional
* document and favor --pinentry over plain text password in
configuration file
* fix buffer overflow and other errors in URI espcaping for
- -pinentry
* use different --pinentry hints for different hosts, usernames
and realms
* fix memory management errors related to --user-agent option
- Update to version 1.16.0 * support for user key pass phrase * add a space at the end of the OTP prompt * modify memory allocation in the tunnel configuration structure * openfortivpn returns the PPP exit status * print SSL socket options in log
- Update to version 1.15.0 * fix issue sending pin codes * add command line option to bind to specific interface * use different hints for OTP and 2FA * remove password from /proc/#/cmd * extend OTP to allow FTM push * add preliminary support for host checks * don't accept route to the vpn gateway * fix byte counter in pppd_write
- Update to version 1.14.1 * fix out of bounds array access
- Update to version 1.14.0 * add git commit id in debug output * do not use interface ip for routing on linux * avoid extra hop on interface for default route * clean up, updates and improvments in the build system * increase the inbound HTTP buffer capacity when needed * print domain search list to output * add systemd service file * add systemd notification when stopping * allow logging with both smartcard and username * fix GCC 9 and clang warnings * bump default minimal TLS version from TLSv1.0 to TLSv1.2 * fix a couple coverity warnings - Package systemd service file
- Update to version 1.13.3 * fix a coverity warning * cross-compile: do not check resolvconf on the host system
- Update to version 1.13.2
* properly build on FreeBSD, even if ppp is not installed at
configure time
* build in the absence of resolvconf
- Update to versin 1.13.0 * avoid unsupported versions of resolvconf * add configure and command line option for resolvconf * increase BUFSIZ * reinitialize static variables with the --persistent option * fix a memory leak in ipv4_add_nameservers_to_resolv_conf
- Update to version 1.11.0
* allow to connect with empty password (and with smartcard
instead of username)
* properly handle manipulations of resolv.conf
* support dns-suffix feature
* several codacy fixes
* Add smartcard support with openssl-engine
* correctly shift masks for cidr notation on MAC
* one-byte fix to build with lcc compiler
* pass space character as %20 instead of encoding it as '+'
- Update to version 1.10.0
* fix openssl 1.1.x compatibility issues
* Connect to old TLSv1.0 software - override new openssl defaults.
* suppress cleartext password in debug detail output / add new
verbosity level
* increase speed setting for pppd
* configure.ac: rt_dst: don't run tests when option is passed
* configure.ac: don't check file path if --with/--disable specified
* userinput: pass a hint to the pinentry program
* tunnel: make pppd default to logging to stderr
* tunnel: pass our stderr to the pppd slave
- Update to version 1.12.0
* fix CVE-2020-7043: TLS Certificate CommonName NULL Byte
Vulnerability
* fix CVE-2020-7042: use of uninitialized memory in
X509_check_host
* fix CVE-2020-7041: incorrect use of X509_check_host
(regarding return value).
* always hide cleartest password in -vv output
* add a clear warning about sensitive information in the debug
output
* add a hint in debug output when password is read from config
file
* fix segfault when connecting with empty password
* use resolvconf if available to update resolv.conf file
* replace semicolon by space in dns-suffix string