Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openfortivpn-1.17.1-2.1 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: openfortivpn Distribution: openSUSE Tumbleweed
Version: 1.17.1 Vendor: openSUSE
Release: 2.1 Build date: Mon Oct 18 22:16:28 2021
Group: Productivity/Networking/Security Build host: obs-arm-11
Size: 150713 Source RPM: openfortivpn-1.17.1-2.1.src.rpm
Summary: Client for PPP+SSL VPN tunnel services
openfortivpn is a client for PPP+SSL VPN tunnel services. It spawns a pppd
process and operates the communication between the gateway and this process.

It is compatible with Fortinet VPNs.






* Wed Oct 13 2021 Johannes Segitz <>
  - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
    * harden_openfortivpn@.service.patch
* Thu Sep 09 2021 Martin Hauke <>
  - Updat eto version 1.17.1
    * fix regression: enable OpenSSL engines by default
    * fix typos found by codespell
    * fix LGTM alerts
* Fri Jul 16 2021 Martin Hauke <>
  - Update to version 1.17.0
    * make OpenSSL engines optional
    * document and favor --pinentry over plain text password in
      configuration file
    * fix buffer overflow and other errors in URI espcaping for
    - -pinentry
    * use different --pinentry hints for different hosts, usernames
      and realms
    * fix memory management errors related to --user-agent option
* Sun Feb 14 2021 Martin Hauke <>
  - Update to version 1.16.0
    * support for user key pass phrase
    * add a space at the end of the OTP prompt
    * modify memory allocation in the tunnel configuration structure
    * openfortivpn returns the PPP exit status
    * print SSL socket options in log
* Wed Sep 09 2020 Martin Hauke <>
  - Update to version 1.15.0
    * fix issue sending pin codes
    * add command line option to bind to specific interface
    * use different hints for OTP and 2FA
    * remove password from /proc/#/cmd
    * extend OTP to allow FTM push
    * add preliminary support for host checks
    * don't accept route to the vpn gateway
    * fix byte counter in pppd_write
* Sat May 23 2020 Martin Hauke <>
  - Update to version 1.14.1
    * fix out of bounds array access
* Tue May 12 2020 Martin Hauke <>
  - Update to version 1.14.0
    * add git commit id in debug output
    * do not use interface ip for routing on linux
    * avoid extra hop on interface for default route
    * clean up, updates and improvments in the build system
    * increase the inbound HTTP buffer capacity when needed
    * print domain search list to output
    * add systemd service file
    * add systemd notification when stopping
    * allow logging with both smartcard and username
    * fix GCC 9 and clang warnings
    * bump default minimal TLS version from TLSv1.0 to TLSv1.2
    * fix a couple coverity warnings
  - Package systemd service file
* Wed Apr 01 2020 Martin Hauke <>
  - Update to version 1.13.3
    * fix a coverity warning
    * cross-compile: do not check resolvconf on the host system
* Wed Mar 25 2020 Martin Hauke <>
  - Update to version 1.13.2
    * properly build on FreeBSD, even if ppp is not installed at
      configure time
    * build in the absence of resolvconf
* Tue Mar 24 2020 Martin Hauke <>
  - Update to versin 1.13.0
    * avoid unsupported versions of resolvconf
    * add configure and command line option for resolvconf
    * increase BUFSIZ
    * reinitialize static variables with the --persistent option
    * fix a memory leak in ipv4_add_nameservers_to_resolv_conf
* Thu Feb 27 2020 Martin Hauke <>
  - Update to version 1.12.0
    * fix CVE-2020-7043: TLS Certificate CommonName NULL Byte
    * fix CVE-2020-7042: use of uninitialized memory in
    * fix CVE-2020-7041: incorrect use of X509_check_host
      (regarding return value).
    * always hide cleartest password in -vv output
    * add a clear warning about sensitive information in the debug
    * add a hint in debug output when password is read from config
    * fix segfault when connecting with empty password
    * use resolvconf if available to update resolv.conf file
    * replace semicolon by space in dns-suffix string
* Thu Nov 28 2019 Martin Hauke <>
  - Update to version 1.11.0
    * allow to connect with empty password (and with smartcard
      instead of username)
    * properly handle manipulations of resolv.conf
    * support dns-suffix feature
    * several codacy fixes
    * Add smartcard support with openssl-engine
    * correctly shift masks for cidr notation on MAC
    * one-byte fix to build with lcc compiler
    * pass space character as %20 instead of encoding it as '+'
  - Update to version 1.10.0
    * fix openssl 1.1.x compatibility issues
    * Connect to old TLSv1.0 software - override new openssl defaults.
    * suppress cleartext password in debug detail output / add new
      verbosity level
    * increase speed setting for pppd
    * rt_dst: don't run tests when option is passed
    * don't check file path if --with/--disable specified
    * userinput: pass a hint to the pinentry program
    * tunnel: make pppd default to logging to stderr
    * tunnel: pass our stderr to the pppd slave
* Sun Mar 17 2019 Martin Hauke <>
  - Update to version 1.9.0
    * Update of the man page, especially about the dns settings
    * improved configure output: show detected paths for use at runtime
    * Make search string for the otp-prompt configurable
    * Add an option to specify a configurable delay during otp
    * Make the options that control usepeerdns more consistent
* Mon Jan 07 2019
  - Update to version 1.8.1
    Bug fix
    * With version 1.8.0 /etc/resolv.conf was not updated anymore in
      some situations. To avoid this regression the change
      "Rationalize DNS options" has been reverted again to restore the
      behavior of versions up to 1.7.1.
    * Correctly use realm together with two factor authentication
    * If no port is specified use standard https port similar as vendor
    * Fix value of Accept-Encoding request header
    * Bugfix in url_encode for non alphanumerical characters
    * HTML URL Encoding with uppercase characters
    * Honor Cipher-list option
    Change in behavior
    * Support longer passowrds by allocation of a larger buffer
    * Improved detection of pppd/ppp client during configure stage
  - Update to version 1.8.0
    Bug fix
    * Prioritize command line arguments over config file parameters
    Change in behavior
    * When logging traffic also show http traffic (not only tunneled
    * Improve error message in case of login failure
    * Require root privileges for running. They are needed at various
      places. Previously, just a warning was issued, but in later stage
      things have failed.
    * Dynamically allocate routing buffer and therefore allow larger
      routing table.
    * Support systemd notification upon tunnel up
    * Change the way to read passwords such that backspace etc. should
      work as usual
    * Rationalize DNS options: pppd and openfortivpn were updating
      /etc/resolv.conf. Check man page and help output for the
      documentation of the current behavior.
* Mon Jun 18 2018
  - Update to version 1.7.1
    * openfortivpn version 1.7.1
    * remove iswhitespace_like in favorite of isspace
    * treat carriage returns as white space (might solve #129) (#334)
    * update for MacOS X (#333)
    * Ooops... Fix --help output.
    * Revert 6772c53
    * Let pppd handle DNS servers
    * Manual page fixes
    * Documentation: we -> openfortivpn
    * Ooops... Partial revert of 30a4e0b
    * Temporarily change recipient of Coverity reports
    * Simplify ofv_append_varr()
    * Use the ARRAY_SIZE macro
    * Automated Coverity analysis with Travis CI
    * Fix pylint warnings
    * Restore configure options removed in ac5c083
    * Shell indentation: avoid mixing tabs and spaces
    * Use PKG_CHECK_MODULES compiler/linker flags
    * Quote shell variables
    * bash -> sh
    * Balance directory tree
    * Build openfortivpn against OpenSSL 1.0.2
    * Refactor Travis CI integration
    * Revert 79f52ef
    * Rework OpenSSL library detection
    * Reworked array of pppd args (#295)
    * Build with missing pthread_mutexattr_setrobust() (#298)
* Mon Apr 23 2018
  - Update to version 1.7.0
    * correctly set up route to vpn gateway (#285)
    * Properly check vsnprintf() return value
    * const correctness for strings
    * socket() requires <sys/socket.h> (#290)
    * HTTP end-of-line marker is CR LF
    * malloc(), realloc() and free() require <stdlib.h>
    * vsnprintf() is defined in <stdio.h>
    * va_start() and va_end() require <stdarg.h> (#287)
    * Improve script to find line length errors
    * If the OTP is specified in the configuration, use it for 2FA
    * fix formatting of man page
    * replace hard-coded virtual ip address in pppd call parameters
      by a rfc3330 test-net address
    * Print proper pppd status messages
    * Linux kernel coding style
    * Ignore strings when calculating line lengths
    * Make sure the Coverity defect is a false positive (#264)
    * Linux kernel coding style
    * Rephrase --half-internet-routes documentation
    * Limit string length to C99 standard
    * Add info about Debian (testing) package to readme
    * Add --pppd-call option. (#270)
    * Explain why Coverity defect is a false positive
    * Linux kernel coding style
    * Use X509_check_host instead of explicit CN match. (#242)
    * Fix usage string for half-internet-routes
    * UINT_MAX is defined in <limits.h>
    * avoid confusion of code branches for different platforms
    * added --persistent option for automatic reconnects (#190)
    * update
    * Bourne shell
    * call aclocal from only if it exists
    * improve autoconf
    * Standard error message for malloc()/realloc()
    * Avoid Valgrind warning
    * C99 initialization instead of memset()
    * Documentation



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Nov 19 23:17:08 2021