Package Release Info


Update Info: Base Release
Available in Package Hub : 15 SP4





Change Logs

* Wed Oct 13 2021 Johannes Segitz <>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_openfortivpn@.service.patch
* Thu Sep 09 2021 Martin Hauke <>
- Updat eto version 1.17.1
  * fix regression: enable OpenSSL engines by default
  * fix typos found by codespell
  * fix LGTM alerts
* Fri Jul 16 2021 Martin Hauke <>
- Update to version 1.17.0
  * make OpenSSL engines optional
  * document and favor --pinentry over plain text password in
    configuration file
  * fix buffer overflow and other errors in URI espcaping for
  - -pinentry
  * use different --pinentry hints for different hosts, usernames
    and realms
  * fix memory management errors related to --user-agent option
* Sun Feb 14 2021 Martin Hauke <>
- Update to version 1.16.0
  * support for user key pass phrase
  * add a space at the end of the OTP prompt
  * modify memory allocation in the tunnel configuration structure
  * openfortivpn returns the PPP exit status
  * print SSL socket options in log
* Wed Sep 09 2020 Martin Hauke <>
- Update to version 1.15.0
  * fix issue sending pin codes
  * add command line option to bind to specific interface
  * use different hints for OTP and 2FA
  * remove password from /proc/#/cmd
  * extend OTP to allow FTM push
  * add preliminary support for host checks
  * don't accept route to the vpn gateway
  * fix byte counter in pppd_write
* Sat May 23 2020 Martin Hauke <>
- Update to version 1.14.1
  * fix out of bounds array access
Version: 1.12.0-bp151.3.3.1
* Thu Feb 27 2020 Martin Hauke <>
- Update to version 1.12.0
  * fix CVE-2020-7043: TLS Certificate CommonName NULL Byte
  * fix CVE-2020-7042: use of uninitialized memory in
  * fix CVE-2020-7041: incorrect use of X509_check_host
    (regarding return value).
  * always hide cleartest password in -vv output
  * add a clear warning about sensitive information in the debug
  * add a hint in debug output when password is read from config
  * fix segfault when connecting with empty password
  * use resolvconf if available to update resolv.conf file
  * replace semicolon by space in dns-suffix string
Version: 1.14.0-bp152.1.1
* Tue May 12 2020 Martin Hauke <>
- Update to version 1.14.0
  * add git commit id in debug output
  * do not use interface ip for routing on linux
  * avoid extra hop on interface for default route
  * clean up, updates and improvments in the build system
  * increase the inbound HTTP buffer capacity when needed
  * print domain search list to output
  * add systemd service file
  * add systemd notification when stopping
  * allow logging with both smartcard and username
  * fix GCC 9 and clang warnings
  * bump default minimal TLS version from TLSv1.0 to TLSv1.2
  * fix a couple coverity warnings
- Package systemd service file
* Wed Apr 01 2020 Martin Hauke <>
- Update to version 1.13.3
  * fix a coverity warning
  * cross-compile: do not check resolvconf on the host system
* Wed Mar 25 2020 Martin Hauke <>
- Update to version 1.13.2
  * properly build on FreeBSD, even if ppp is not installed at
    configure time
  * build in the absence of resolvconf
* Tue Mar 24 2020 Martin Hauke <>
- Update to versin 1.13.0
  * avoid unsupported versions of resolvconf
  * add configure and command line option for resolvconf
  * increase BUFSIZ
  * reinitialize static variables with the --persistent option
  * fix a memory leak in ipv4_add_nameservers_to_resolv_conf
* Thu Nov 28 2019 Martin Hauke <>
- Update to version 1.11.0
  * allow to connect with empty password (and with smartcard
    instead of username)
  * properly handle manipulations of resolv.conf
  * support dns-suffix feature
  * several codacy fixes
  * Add smartcard support with openssl-engine
  * correctly shift masks for cidr notation on MAC
  * one-byte fix to build with lcc compiler
  * pass space character as %20 instead of encoding it as '+'
- Update to version 1.10.0
  * fix openssl 1.1.x compatibility issues
  * Connect to old TLSv1.0 software - override new openssl defaults.
  * suppress cleartext password in debug detail output / add new
    verbosity level
  * increase speed setting for pppd
  * rt_dst: don't run tests when option is passed
  * don't check file path if --with/--disable specified
  * userinput: pass a hint to the pinentry program
  * tunnel: make pppd default to logging to stderr
  * tunnel: pass our stderr to the pppd slave