AArch64 | |
ppc64le | |
s390x | |
x86-64 |
- Update to version 1.7.0 * correctly set up route to vpn gateway (#285) * Properly check vsnprintf() return value * const correctness for strings * socket() requires <sys/socket.h> (#290) * HTTP end-of-line marker is CR LF * malloc(), realloc() and free() require <stdlib.h> * vsnprintf() is defined in <stdio.h> * va_start() and va_end() require <stdarg.h> (#287) * Improve script to find line length errors * If the OTP is specified in the configuration, use it for 2FA * fix formatting of man page * replace hard-coded virtual ip address in pppd call parameters by a rfc3330 test-net address * Print proper pppd status messages * Linux kernel coding style * Ignore strings when calculating line lengths * Make sure the Coverity defect is a false positive (#264) * Linux kernel coding style * Rephrase --half-internet-routes documentation * Limit string length to C99 standard * Add info about Debian (testing) package to readme * Add --pppd-call option. (#270) * Explain why Coverity defect is a false positive * Linux kernel coding style * Use X509_check_host instead of explicit CN match. (#242) * Fix usage string for half-internet-routes * UINT_MAX is defined in <limits.h> * avoid confusion of code branches for different platforms * added --persistent option for automatic reconnects (#190) * update README.md * Bourne shell * call aclocal from autogen.sh only if it exists * improve autoconf * Standard error message for malloc()/realloc() * Avoid Valgrind warning * C99 initialization instead of memset() * Documentation
- Update to version 1.6.0 * Linux kernel coding style * Does /usr/sbin/pppd exist? * Update README.md (#196) * Print message associated to pppd exit status code (#189) * preserve existing config during install, this solves #130 (#193) * Fix Codacy code style issues * Increase max cookie size to 4096 * Fix Coverity defect * Avoid multiple occurrences of a magic number * Fix warning from static analysis tool scan-build * Update Linux installation instructions * dynamic allocation of memory for split route array (#163)
- Update to version 1.5.0 * Add error reporting after execvp in pppd_run * Move error reporting from ppd_run to ppd_terminate * Fix bug in pppd_run forking code * clean up config initialization and error messages during parsing options (#167) * Merge pull request #162 from mrbaseman/readme * update README.md and mention PKG_CONFIG_PATH * Merge pull request #158 from mrbaseman/routes * Merge branch 'master' into routes * Merge pull request #161 from bartlx/realm-in-configfile * Added the option of setting authentication realm in the configfile * add --half-internet-routes option, update man page * ipv4 routes: set default route as 0.0.0.0/1 and 128.0.0.0/1 * Merge pull request #149 from martinetd/routes * Merge branch 'master' into routes * build: drop -Werror by default * config: allow passing the otp via the config file * http: fix possibly returning uninitialized memory to the server * build: avoid evaluating $sysconfidir on configure time * io: port to OpenSSL 1.1.0 * build: use pkg-config for detecting and configuring OpenSSL * main: use strdup on pppd command line args * option parsing: add --set-routes and --set-dns options * help message: split define into multiple strings - Changes from 1.3.1 * Emit an error if configured against OpenSSL 1.1.0 * Support multiarch libraries * Update install documentation to describe the `--with-openssl` option * Instruct travis CI to use autogen.sh * Add openssl locations to configure options * Fix a few minor typos * Fix buffer overrun * Merge pull request #136 from Mabin-J/fix-#87 * ipv4.h: increase 'MAX_SPLIT_ROUTES' 64 to 128 (Issue #87) * Merge pull request #135 from Mabin-J/fix-lock-status-in-macos * io.c: fix core cause of openfortivpn is locked when spawning pppd has failed. * Merge pull request #134 from DimitriPapadopoulos/master * Ignore SIGHUP * Handle SIGTERM as SIGINT * io.c: fix lock status when fail to spawn pppd in macOS. - Changes from 1.3.0 * implement ipparam to be passed to pppd * Merge pull request #125 from mrbaseman/command-line-arguments * minor fixes to documentation, command line argument handling (-o was not recognized before), and free all pointers in destroy_vpn_config * Merge pull request #122 from mrbaseman/get_route_fallback * MacOSX version of ipv4_get_route * Merge pull request #121 from Mabin-J/fix-readme-macosx-install * README.md: modify 'macOS' part in 'Installing' Section * fix segment error when adding route for vpn has failed show warning message when adding route table is incomplete keep routing entries strictly separate and do not reuse rt_dev * Fix buffer overrun * ipv4.h: increase 'MAX_SPLIT_ROUTES' (32 -> 64) * Merge pull request #97 from Mabin-J/fix-to-remain-exist-route * ipv4: Refactor ipv4_add_*_vpn_route() * Load OS trusted certificate stores * Merge pull request #95 from mrbaseman/ppp-routes * This is a larger rework of the routing code
- Update to version 1.3.0 - Fix RPM group - Remove _service file
- Initial packaging, branched from Fedora Package
- Initial packaging, branched from Fedora Package
- Compile with support for systemd (sd_notify)
- Update to version 1.20.5 * revert previous fix from 1.20.4, make it optional. - Update to version 1.20.4 * fix "Peer refused to agree to his IP address" message. - Update to version 1.20.3 * minor change in a warning message. * documentation improvement. * minor changes in build and test files. - Update to version 1.20.2 * fix regression: do attempt to apply duplicate routes, log INFO instead of WARN. * minor changes in log messages. - Update patch: * harden_openfortivpn@.service.patch
- Update to versoin 1.20.1 * Bugfix release. - Update to versoin 1.20.0 * Discard invalid empty HDLC frame at end of buffer. * Prepend "SVPNCOOKIE=" to the given cookie if missing.
- Update to version 1.19.0 * fix "Peer refused to agree to our IP address" message * avoid setting duplicate routes * remove obsolete code that reads non-XML config from FortiOS * improve warning message when reading options from config file - Update to version 1.18.0 * add new options to delegate the authentication to external programs * minor fixes in documentation
- Update to version 1.17.3 * fix regression: spurious warning message after reading config
- Update to version 1.17.2 * fix memory leak when reading user input * improve calls to getsockopt() and associated debug output * allow reading config from process substitution * work around CodeQL false positives, improving code at the same time * change type of systemd.service from simple to notify
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_openfortivpn@.service.patch
- Updat eto version 1.17.1 * fix regression: enable OpenSSL engines by default * fix typos found by codespell * fix LGTM alerts
- Update to version 1.17.0 * make OpenSSL engines optional * document and favor --pinentry over plain text password in configuration file * fix buffer overflow and other errors in URI espcaping for - -pinentry * use different --pinentry hints for different hosts, usernames and realms * fix memory management errors related to --user-agent option
- Update to version 1.16.0 * support for user key pass phrase * add a space at the end of the OTP prompt * modify memory allocation in the tunnel configuration structure * openfortivpn returns the PPP exit status * print SSL socket options in log
- Update to version 1.15.0 * fix issue sending pin codes * add command line option to bind to specific interface * use different hints for OTP and 2FA * remove password from /proc/#/cmd * extend OTP to allow FTM push * add preliminary support for host checks * don't accept route to the vpn gateway * fix byte counter in pppd_write
- Update to version 1.14.1 * fix out of bounds array access
- Update to version 1.14.0 * add git commit id in debug output * do not use interface ip for routing on linux * avoid extra hop on interface for default route * clean up, updates and improvments in the build system * increase the inbound HTTP buffer capacity when needed * print domain search list to output * add systemd service file * add systemd notification when stopping * allow logging with both smartcard and username * fix GCC 9 and clang warnings * bump default minimal TLS version from TLSv1.0 to TLSv1.2 * fix a couple coverity warnings - Package systemd service file
- Update to version 1.13.3 * fix a coverity warning * cross-compile: do not check resolvconf on the host system
- Update to version 1.13.2 * properly build on FreeBSD, even if ppp is not installed at configure time * build in the absence of resolvconf
- Update to versin 1.13.0 * avoid unsupported versions of resolvconf * add configure and command line option for resolvconf * increase BUFSIZ * reinitialize static variables with the --persistent option * fix a memory leak in ipv4_add_nameservers_to_resolv_conf
- Update to version 1.11.0 * allow to connect with empty password (and with smartcard instead of username) * properly handle manipulations of resolv.conf * support dns-suffix feature * several codacy fixes * Add smartcard support with openssl-engine * correctly shift masks for cidr notation on MAC * one-byte fix to build with lcc compiler * pass space character as %20 instead of encoding it as '+' - Update to version 1.10.0 * fix openssl 1.1.x compatibility issues * Connect to old TLSv1.0 software - override new openssl defaults. * suppress cleartext password in debug detail output / add new verbosity level * increase speed setting for pppd * configure.ac: rt_dst: don't run tests when option is passed * configure.ac: don't check file path if --with/--disable specified * userinput: pass a hint to the pinentry program * tunnel: make pppd default to logging to stderr * tunnel: pass our stderr to the pppd slave
- Update to version 1.12.0 * fix CVE-2020-7043: TLS Certificate CommonName NULL Byte Vulnerability * fix CVE-2020-7042: use of uninitialized memory in X509_check_host * fix CVE-2020-7041: incorrect use of X509_check_host (regarding return value). * always hide cleartest password in -vv output * add a clear warning about sensitive information in the debug output * add a hint in debug output when password is read from config file * fix segfault when connecting with empty password * use resolvconf if available to update resolv.conf file * replace semicolon by space in dns-suffix string