Package Release Info


Update Info: Base Release
Available in Package Hub : 15 SP1





Change Logs

* Sun Mar 17 2019 Martin Hauke <>
- Update to version 1.9.0
  * Update of the man page, especially about the dns settings
  * improved configure output: show detected paths for use at runtime
  * Make search string for the otp-prompt configurable
  * Add an option to specify a configurable delay during otp
  * Make the options that control usepeerdns more consistent
* Mon Jan 07 2019
- Update to version 1.8.1
  Bug fix
  * With version 1.8.0 /etc/resolv.conf was not updated anymore in
    some situations. To avoid this regression the change
    "Rationalize DNS options" has been reverted again to restore the
    behavior of versions up to 1.7.1.
  * Correctly use realm together with two factor authentication
  * If no port is specified use standard https port similar as vendor
  * Fix value of Accept-Encoding request header
  * Bugfix in url_encode for non alphanumerical characters
  * HTML URL Encoding with uppercase characters
  * Honor Cipher-list option
  Change in behavior
  * Support longer passowrds by allocation of a larger buffer
  * Improved detection of pppd/ppp client during configure stage
- Update to version 1.8.0
  Bug fix
  * Prioritize command line arguments over config file parameters
  Change in behavior
  * When logging traffic also show http traffic (not only tunneled
  * Improve error message in case of login failure
  * Require root privileges for running. They are needed at various
    places. Previously, just a warning was issued, but in later stage
    things have failed.
  * Dynamically allocate routing buffer and therefore allow larger
    routing table.
  * Support systemd notification upon tunnel up
  * Change the way to read passwords such that backspace etc. should
    work as usual
  * Rationalize DNS options: pppd and openfortivpn were updating
    /etc/resolv.conf. Check man page and help output for the
    documentation of the current behavior.
* Mon Jun 18 2018
- Update to version 1.7.1
  * openfortivpn version 1.7.1
  * remove iswhitespace_like in favorite of isspace
  * treat carriage returns as white space (might solve #129) (#334)
  * update for MacOS X (#333)
  * Ooops... Fix --help output.
  * Revert 6772c53
  * Let pppd handle DNS servers
  * Manual page fixes
  * Documentation: we -> openfortivpn
  * Ooops... Partial revert of 30a4e0b
  * Temporarily change recipient of Coverity reports
  * Simplify ofv_append_varr()
  * Use the ARRAY_SIZE macro
  * Automated Coverity analysis with Travis CI
  * Fix pylint warnings
  * Restore configure options removed in ac5c083
  * Shell indentation: avoid mixing tabs and spaces
  * Use PKG_CHECK_MODULES compiler/linker flags
  * Quote shell variables
  * bash -> sh
  * Balance directory tree
  * Build openfortivpn against OpenSSL 1.0.2
  * Refactor Travis CI integration
  * Revert 79f52ef
  * Rework OpenSSL library detection
  * Reworked array of pppd args (#295)
  * Build with missing pthread_mutexattr_setrobust() (#298)
Version: 1.19.0-bp155.1.7
* Wed Oct 12 2022 Martin Hauke <>
- Update to version 1.19.0
  * fix "Peer refused to agree to our IP address" message
  * avoid setting duplicate routes
  * remove obsolete code that reads non-XML config from FortiOS
  * improve warning message when reading options from config file
- Update to version 1.18.0
  * add new options to delegate the authentication to external
  * minor fixes in documentation
* Sat May 07 2022 Martin Hauke <>
- Update to version 1.17.3
  * fix regression: spurious warning message after reading config
* Thu Mar 31 2022 Martin Hauke <>
- Update to version 1.17.2
  * fix memory leak when reading user input
  * improve calls to getsockopt() and associated debug output
  * allow reading config from process substitution
  * work around CodeQL false positives, improving code at the same
  * change type of systemd.service from simple to notify
Version: 1.7.0-bp150.2.4
* Mon Apr 23 2018
- Update to version 1.7.0
  * correctly set up route to vpn gateway (#285)
  * Properly check vsnprintf() return value
  * const correctness for strings
  * socket() requires <sys/socket.h> (#290)
  * HTTP end-of-line marker is CR LF
  * malloc(), realloc() and free() require <stdlib.h>
  * vsnprintf() is defined in <stdio.h>
  * va_start() and va_end() require <stdarg.h> (#287)
  * Improve script to find line length errors
  * If the OTP is specified in the configuration, use it for 2FA
  * fix formatting of man page
  * replace hard-coded virtual ip address in pppd call parameters
    by a rfc3330 test-net address
  * Print proper pppd status messages
  * Linux kernel coding style
  * Ignore strings when calculating line lengths
  * Make sure the Coverity defect is a false positive (#264)
  * Linux kernel coding style
  * Rephrase --half-internet-routes documentation
  * Limit string length to C99 standard
  * Add info about Debian (testing) package to readme
  * Add --pppd-call option. (#270)
  * Explain why Coverity defect is a false positive
  * Linux kernel coding style
  * Use X509_check_host instead of explicit CN match. (#242)
  * Fix usage string for half-internet-routes
  * UINT_MAX is defined in <limits.h>
  * avoid confusion of code branches for different platforms
  * added --persistent option for automatic reconnects (#190)
  * update
  * Bourne shell
  * call aclocal from only if it exists
  * improve autoconf
  * Standard error message for malloc()/realloc()
  * Avoid Valgrind warning
  * C99 initialization instead of memset()
  * Documentation
* Fri Nov 17 2017
- Update to version 1.6.0
  * Linux kernel coding style
  * Does /usr/sbin/pppd exist?
  * Update (#196)
  * Print message associated to pppd exit status code (#189)
  * preserve existing config during install, this solves #130 (#193)
  * Fix Codacy code style issues
  * Increase max cookie size to 4096
  * Fix Coverity defect
  * Avoid multiple occurrences of a magic number
  * Fix warning from static analysis tool scan-build
  * Update Linux installation instructions
  * dynamic allocation of memory for split route array (#163)
* Wed Oct 18 2017
- Update to version 1.5.0
  * Add error reporting after execvp in pppd_run
  * Move error reporting from ppd_run to ppd_terminate
  * Fix bug in pppd_run forking code
  * clean up config initialization and error messages during
    parsing options (#167)
  * Merge pull request #162 from mrbaseman/readme
  * update and mention PKG_CONFIG_PATH
  * Merge pull request #158 from mrbaseman/routes
  * Merge branch 'master' into routes
  * Merge pull request #161 from bartlx/realm-in-configfile
  * Added the option of setting authentication realm in the configfile
  * add --half-internet-routes option, update man page
  * ipv4 routes: set default route as and
  * Merge pull request #149 from martinetd/routes
  * Merge branch 'master' into routes
  * build: drop -Werror by default
  * config: allow passing the otp via the config file
  * http: fix possibly returning uninitialized memory to the server
  * build: avoid evaluating $sysconfidir on configure time
  * io: port to OpenSSL 1.1.0
  * build: use pkg-config for detecting and configuring OpenSSL
  * main: use strdup on pppd command line args
  * option parsing: add --set-routes and --set-dns options
  * help message: split define into multiple strings
- Changes from 1.3.1
  * Emit an error if configured against OpenSSL 1.1.0
  * Support multiarch libraries
  * Update install documentation to describe the `--with-openssl` option
  * Instruct travis CI to use
  * Add openssl locations to configure options
  * Fix a few minor typos
  * Fix buffer overrun
  * Merge pull request #136 from Mabin-J/fix-#87
  * ipv4.h: increase 'MAX_SPLIT_ROUTES' 64 to 128 (Issue #87)
  * Merge pull request #135 from Mabin-J/fix-lock-status-in-macos
  * io.c: fix core cause of openfortivpn is locked when spawning pppd has failed.
  * Merge pull request #134 from DimitriPapadopoulos/master
  * Ignore SIGHUP
  * Handle SIGTERM as SIGINT
  * io.c: fix lock status when fail to spawn pppd in macOS.
- Changes from 1.3.0
  * implement ipparam to be passed to pppd
  * Merge pull request #125 from mrbaseman/command-line-arguments
  * minor fixes to documentation, command line argument handling
    (-o was not recognized before), and free all pointers in
  * Merge pull request #122 from mrbaseman/get_route_fallback
  * MacOSX version of ipv4_get_route
  * Merge pull request #121 from Mabin-J/fix-readme-macosx-install
  * modify 'macOS' part in 'Installing' Section
  * fix segment error when adding route for vpn has failed show
    warning message when adding route table is incomplete keep
    routing entries strictly separate and do not reuse rt_dev
  * Fix buffer overrun
  * ipv4.h: increase 'MAX_SPLIT_ROUTES' (32 -> 64)
  * Merge pull request #97 from Mabin-J/fix-to-remain-exist-route
  * ipv4: Refactor ipv4_add_*_vpn_route()
  * Load OS trusted certificate stores
  * Merge pull request #95 from mrbaseman/ppp-routes
  * This is a larger rework of the routing code
* Wed Mar 15 2017
- Update to version 1.3.0
- Fix RPM group
- Remove _service file
* Thu Nov 10 2016
- Initial packaging, branched from Fedora Package
* Mon May 30 2016
- Initial packaging, branched from Fedora Package
Version: 1.17.1-bp154.1.20
* Wed Oct 13 2021 Johannes Segitz <>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_openfortivpn@.service.patch
* Thu Sep 09 2021 Martin Hauke <>
- Updat eto version 1.17.1
  * fix regression: enable OpenSSL engines by default
  * fix typos found by codespell
  * fix LGTM alerts
* Fri Jul 16 2021 Martin Hauke <>
- Update to version 1.17.0
  * make OpenSSL engines optional
  * document and favor --pinentry over plain text password in
    configuration file
  * fix buffer overflow and other errors in URI espcaping for
  - -pinentry
  * use different --pinentry hints for different hosts, usernames
    and realms
  * fix memory management errors related to --user-agent option
* Sun Feb 14 2021 Martin Hauke <>
- Update to version 1.16.0
  * support for user key pass phrase
  * add a space at the end of the OTP prompt
  * modify memory allocation in the tunnel configuration structure
  * openfortivpn returns the PPP exit status
  * print SSL socket options in log
* Wed Sep 09 2020 Martin Hauke <>
- Update to version 1.15.0
  * fix issue sending pin codes
  * add command line option to bind to specific interface
  * use different hints for OTP and 2FA
  * remove password from /proc/#/cmd
  * extend OTP to allow FTM push
  * add preliminary support for host checks
  * don't accept route to the vpn gateway
  * fix byte counter in pppd_write
* Sat May 23 2020 Martin Hauke <>
- Update to version 1.14.1
  * fix out of bounds array access
Version: 1.14.0-bp152.1.1
* Tue May 12 2020 Martin Hauke <>
- Update to version 1.14.0
  * add git commit id in debug output
  * do not use interface ip for routing on linux
  * avoid extra hop on interface for default route
  * clean up, updates and improvments in the build system
  * increase the inbound HTTP buffer capacity when needed
  * print domain search list to output
  * add systemd service file
  * add systemd notification when stopping
  * allow logging with both smartcard and username
  * fix GCC 9 and clang warnings
  * bump default minimal TLS version from TLSv1.0 to TLSv1.2
  * fix a couple coverity warnings
- Package systemd service file
* Wed Apr 01 2020 Martin Hauke <>
- Update to version 1.13.3
  * fix a coverity warning
  * cross-compile: do not check resolvconf on the host system
* Wed Mar 25 2020 Martin Hauke <>
- Update to version 1.13.2
  * properly build on FreeBSD, even if ppp is not installed at
    configure time
  * build in the absence of resolvconf
* Tue Mar 24 2020 Martin Hauke <>
- Update to versin 1.13.0
  * avoid unsupported versions of resolvconf
  * add configure and command line option for resolvconf
  * increase BUFSIZ
  * reinitialize static variables with the --persistent option
  * fix a memory leak in ipv4_add_nameservers_to_resolv_conf
* Thu Nov 28 2019 Martin Hauke <>
- Update to version 1.11.0
  * allow to connect with empty password (and with smartcard
    instead of username)
  * properly handle manipulations of resolv.conf
  * support dns-suffix feature
  * several codacy fixes
  * Add smartcard support with openssl-engine
  * correctly shift masks for cidr notation on MAC
  * one-byte fix to build with lcc compiler
  * pass space character as %20 instead of encoding it as '+'
- Update to version 1.10.0
  * fix openssl 1.1.x compatibility issues
  * Connect to old TLSv1.0 software - override new openssl defaults.
  * suppress cleartext password in debug detail output / add new
    verbosity level
  * increase speed setting for pppd
  * rt_dst: don't run tests when option is passed
  * don't check file path if --with/--disable specified
  * userinput: pass a hint to the pinentry program
  * tunnel: make pppd default to logging to stderr
  * tunnel: pass our stderr to the pppd slave
Version: 1.12.0-bp151.3.3.1
* Thu Feb 27 2020 Martin Hauke <>
- Update to version 1.12.0
  * fix CVE-2020-7043: TLS Certificate CommonName NULL Byte
  * fix CVE-2020-7042: use of uninitialized memory in
  * fix CVE-2020-7041: incorrect use of X509_check_host
    (regarding return value).
  * always hide cleartest password in -vv output
  * add a clear warning about sensitive information in the debug
  * add a hint in debug output when password is read from config
  * fix segfault when connecting with empty password
  * use resolvconf if available to update resolv.conf file
  * replace semicolon by space in dns-suffix string