Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openfortivpn for openSUSE:Factory checked in at 2022-10-15 16:38:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openfortivpn (Old) and /work/SRC/openSUSE:Factory/.openfortivpn.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openfortivpn" Sat Oct 15 16:38:29 2022 rev:22 rq:1011120 version:1.19.0 Changes: -------- --- /work/SRC/openSUSE:Factory/openfortivpn/openfortivpn.changes 2022-05-09 18:45:20.528294644 +0200 +++ /work/SRC/openSUSE:Factory/.openfortivpn.new.2275/openfortivpn.changes 2022-10-15 16:41:04.606675269 +0200 @@ -1,0 +2,13 @@ +Wed Oct 12 09:51:16 UTC 2022 - Martin Hauke <mar...@gmx.de> + +- Update to version 1.19.0 + * fix "Peer refused to agree to our IP address" message + * avoid setting duplicate routes + * remove obsolete code that reads non-XML config from FortiOS + * improve warning message when reading options from config file +- Update to version 1.18.0 + * add new options to delegate the authentication to external + programs + * minor fixes in documentation + +------------------------------------------------------------------- Old: ---- openfortivpn-1.17.3.tar.gz New: ---- openfortivpn-1.19.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openfortivpn.spec ++++++ --- /var/tmp/diff_new_pack.Gi9DSY/_old 2022-10-15 16:41:05.062676364 +0200 +++ /var/tmp/diff_new_pack.Gi9DSY/_new 2022-10-15 16:41:05.066676373 +0200 @@ -17,7 +17,7 @@ Name: openfortivpn -Version: 1.17.3 +Version: 1.19.0 Release: 0 Summary: Client for PPP+SSL VPN tunnel services License: GPL-3.0-or-later ++++++ openfortivpn-1.17.3.tar.gz -> openfortivpn-1.19.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/.github/dependabot.yml new/openfortivpn-1.19.0/.github/dependabot.yml --- old/openfortivpn-1.17.3/.github/dependabot.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/openfortivpn-1.19.0/.github/dependabot.yml 2022-10-10 17:44:34.000000000 +0200 @@ -0,0 +1,7 @@ +# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/.github/workflows/codeql-analysis.yml new/openfortivpn-1.19.0/.github/workflows/codeql-analysis.yml --- old/openfortivpn-1.17.3/.github/workflows/codeql-analysis.yml 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/.github/workflows/codeql-analysis.yml 2022-10-10 17:44:34.000000000 +0200 @@ -35,11 +35,11 @@ steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: queries: +security-extended languages: ${{ matrix.language }} @@ -51,7 +51,7 @@ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ?????? Command-line programs to run using the OS shell. # ???? https://git.io/JvXDl @@ -65,4 +65,4 @@ # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/.github/workflows/codespell.yml new/openfortivpn-1.19.0/.github/workflows/codespell.yml --- old/openfortivpn-1.17.3/.github/workflows/codespell.yml 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/.github/workflows/codespell.yml 2022-10-10 17:44:34.000000000 +0200 @@ -14,7 +14,7 @@ runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: codespell-project/actions-codespell@master with: skip: checkpatch.pl,spelling.txt,LICENSE.OpenSSL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/.github/workflows/coverity-scan.yml new/openfortivpn-1.19.0/.github/workflows/coverity-scan.yml --- old/openfortivpn-1.17.3/.github/workflows/coverity-scan.yml 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/.github/workflows/coverity-scan.yml 2022-10-10 17:44:34.000000000 +0200 @@ -12,7 +12,7 @@ steps: - name: Checkout Code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Download the Coverity Scan Build Tool run: | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/.github/workflows/openfortivpn.yml new/openfortivpn-1.19.0/.github/workflows/openfortivpn.yml --- old/openfortivpn-1.17.3/.github/workflows/openfortivpn.yml 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/.github/workflows/openfortivpn.yml 2022-10-10 17:44:34.000000000 +0200 @@ -15,7 +15,7 @@ steps: - name: Checkout Code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install Dependencies run: sudo apt-get install -y astyle @@ -38,7 +38,7 @@ steps: - name: Checkout Code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Install Dependencies run: | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/CHANGELOG.md new/openfortivpn-1.19.0/CHANGELOG.md --- old/openfortivpn-1.17.3/CHANGELOG.md 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/CHANGELOG.md 2022-10-10 17:44:34.000000000 +0200 @@ -14,6 +14,18 @@ This high level changelog is usually updated when a release is tagged. On the master branch there may be changes that are not (yet) described here. +### 1.19.0 + +* [-] fix "Peer refused to agree to our IP address" message +* [+] avoid setting duplicate routes +* [~] remove obsolete code that reads non-XML config from FortiOS 4 +* [-] improve warning message when reading options from config file + +### 1.18.0 + +* [+] add new options to delegate the authentication to external programs +* [-] minor fixes in documentation + ### 1.17.3 * [-] fix regression: spurious warning message after reading config diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/README.md new/openfortivpn-1.19.0/README.md --- old/openfortivpn-1.17.3/README.md 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/README.md 2022-10-10 17:44:34.000000000 +0200 @@ -96,7 +96,7 @@ ### Installing existing packages Some Linux distributions provide `openfortivpn` packages: -* [Fedora / CentOS](https://apps.fedoraproject.org/packages/openfortivpn) +* [Fedora / CentOS](https://packages.fedoraproject.org/pkgs/openfortivpn) * [openSUSE / SLE](https://software.opensuse.org/package/openfortivpn) * [Gentoo](https://packages.gentoo.org/packages/net-vpn/openfortivpn) * [NixOS](https://github.com/NixOS/nixpkgs/tree/master/pkgs/tools/networking/openfortivpn) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/configure.ac new/openfortivpn-1.19.0/configure.ac --- old/openfortivpn-1.17.3/configure.ac 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/configure.ac 2022-10-10 17:44:34.000000000 +0200 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ([2.63]) -AC_INIT([openfortivpn], [1.17.3]) +AC_INIT([openfortivpn], [1.19.0]) AC_CONFIG_SRCDIR([src/main.c]) AM_INIT_AUTOMAKE([foreign subdir-objects]) @@ -436,17 +436,6 @@ ]) -# prepare to get rid of obsolete code (FortiOS 4) -AC_ARG_ENABLE([obsolete], - [AS_HELP_STRING([--enable-obsolete], [enable support for FortiOS 4])],, - [enable_obsolete=no]) -AS_CASE(["$enable_obsolete"], - [yes], [], - [no], [], - [AC_MSG_ERROR([unknown option '$enable_obsolete' for --enable-obsolete])]) -AS_IF([test "x$enable_obsolete" = "xyes"], [AC_DEFINE([SUPPORT_OBSOLETE_CODE])]) - - AC_CONFIG_COMMANDS([timestamp], [touch src/.dirstamp]) AC_CONFIG_FILES([Makefile]) AC_OUTPUT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/doc/openfortivpn.1.in new/openfortivpn-1.19.0/doc/openfortivpn.1.in --- old/openfortivpn-1.17.3/doc/openfortivpn.1.in 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/doc/openfortivpn.1.in 2022-10-10 17:44:34.000000000 +0200 @@ -8,6 +8,8 @@ [\fI<host>\fR[:\fI<port>\fR]] [\fB\-u\fR \fI<user>\fR] [\fB\-p\fR \fI<pass>\fR] +[\fB\-\-cookie=\fI<cookie>\fR] +[\fB\-\-cookie\-on\-stdin\fR] [\fB\-\-pinentry=\fI<name>\fR] [\fB\-\-otp=\fI<otp>\fR] [\fB\-\-otp\-prompt=\fI<prompt>\fR] @@ -72,6 +74,12 @@ VPN account password in plain text. For a secure alternative, use pinentry or let openfortivpn prompt for the password. .TP +\fB\-\-cookie=\fI<cookie>\fR +A valid cookie (SVPNCOOKIE) to use in place of username and password. +.TP +\fB\-\-cookie\-on\-stdin\fR +Read the cookie (SVPNCOOKIE) from standard input. +.TP \fB\-\-pinentry=\fI<name>\fR The pinentry program to use. Allows supplying the password in a secure manner. For example: pinentry-gnome3 on Linux, or pinentry-mac on macOS. @@ -189,7 +197,7 @@ \fBApplies to TLS v1.2 or lower only.\fR .TP -\fB\-\-use\-peer\-dns=\fI<bool>\fR, \fB\-\-pppd\-no\-peerdns\fR +\fB\-\-pppd\-use\-peerdns=\fI<bool>\fR, \fB\-\-pppd\-no\-peerdns\fR Whether to ask peer ppp server for DNS server addresses and let pppd rewrite /etc/resolv.conf. There is no mechanism to tell the dns\-suffix to pppd. If the DNS server addresses are requested, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/src/config.c new/openfortivpn-1.19.0/src/config.c --- old/openfortivpn-1.17.3/src/config.c 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/src/config.c 2022-10-10 17:44:34.000000000 +0200 @@ -44,6 +44,7 @@ .username = {'\0'}, .password = {'\0'}, .password_set = 0, + .cookie = NULL, .otp = {'\0'}, .otp_prompt = NULL, .otp_delay = -1, @@ -268,6 +269,10 @@ continue; } cfg->otp_delay = otp_delay; + } else if (strcmp(key, "cookie") == 0) { + log_warn("Ignoring option \"%s\" in the config file.\n", key); + } else if (strcmp(key, "cookie-on-stdin") == 0) { + log_warn("Ignoring option \"%s\" in the config file.\n", key); } else if (strcmp(key, "no-ftm-push") == 0) { int no_ftm_push = strtob(val); @@ -346,13 +351,15 @@ cfg->pppd_call = strdup(val); #else } else if (strcmp(key, "pppd") == 0) { - log_warn("Ignoring pppd option \"%s\".\n", key); + log_warn("Ignoring pppd option \"%s\" in the config file.\n", + key); #endif } else if (strcmp(key, "ppp-system") == 0) { #if HAVE_USR_SBIN_PPP cfg->ppp_system = strdup(val); #else - log_warn("Ignoring option \"%s\".\n", key); + log_warn("Ignoring option \"%s\" in the config file.\n", + key); #endif } else if (strcmp(key, "use-resolvconf") == 0) { #if HAVE_RESOLVCONF @@ -365,7 +372,8 @@ } cfg->use_resolvconf = use_resolvconf; #else - log_warn("Ignoring option \"%s\".\n", key); + log_warn("Ignoring option \"%s\" in the config file.\n", + key); #endif } else if (strcmp(key, "use-syslog") == 0) { int use_syslog = strtob(val); @@ -462,6 +470,7 @@ { free(cfg->otp_prompt); free(cfg->pinentry); + free(cfg->cookie); #if HAVE_USR_SBIN_PPPD free(cfg->pppd_log); free(cfg->pppd_plugin); @@ -505,6 +514,10 @@ dst->otp_delay = src->otp_delay; if (src->no_ftm_push != invalid_cfg.no_ftm_push) dst->no_ftm_push = src->no_ftm_push; + if (src->cookie != invalid_cfg.cookie) { + free(dst->cookie); + dst->cookie = src->cookie; + } if (src->pinentry) { free(dst->pinentry); dst->pinentry = src->pinentry; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/src/config.h new/openfortivpn-1.19.0/src/config.h --- old/openfortivpn-1.17.3/src/config.h 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/src/config.h 2022-10-10 17:44:34.000000000 +0200 @@ -90,6 +90,7 @@ char password[PASSWORD_SIZE + 1]; int password_set; char otp[OTP_SIZE + 1]; + char *cookie; char *otp_prompt; unsigned int otp_delay; int no_ftm_push; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/src/http.c new/openfortivpn-1.19.0/src/http.c --- old/openfortivpn-1.17.3/src/http.c 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/src/http.c 2022-10-10 17:44:34.000000000 +0200 @@ -408,48 +408,48 @@ return ret; } -static int get_auth_cookie(struct tunnel *tunnel, char *buf, uint32_t buffer_size) +static int auth_get_cookie(struct tunnel *tunnel, char *buf, uint32_t buffer_size) { - int ret = 0; const char *line; - ret = ERR_HTTP_NO_COOKIE; - line = find_header(buf, "Set-Cookie: ", buffer_size); + return auth_set_cookie(tunnel, line); +} + +int auth_set_cookie(struct tunnel *tunnel, const char *line) +{ + int ret = ERR_HTTP_NO_COOKIE; + if (line) { - if (strncmp(line, "SVPNCOOKIE=", 11) == 0) { - if (line[11] == ';' || line[11] == '\0') { - log_debug("Empty cookie.\n"); + const char *cookie_start; + + cookie_start = strstr(line, "SVPNCOOKIE="); + if (cookie_start != NULL) { + const char *cookie_end; + size_t cookie_len; + + cookie_end = strpbrk(cookie_start, "\r\n;"); + if (cookie_end) + cookie_len = cookie_end - cookie_start; + else + cookie_len = strlen(cookie_start); + + if (cookie_len > COOKIE_SIZE) { + log_error("Cookie larger than expected: %zu > %d\n", + cookie_len, COOKIE_SIZE); } else { - char *end1; - char *end2; - char end1_save = '\0'; - char end2_save = '\0'; - - end1 = strstr(line, "\r"); - if (end1 != NULL) { - end1_save = *end1; - end1[0] = '\0'; - } - end2 = strstr(line, ";"); - if (end2 != NULL) { - end2_save = *end2; - end2[0] = '\0'; - } - log_debug("Cookie: %s\n", line); - strncpy(tunnel->cookie, line, COOKIE_SIZE); - tunnel->cookie[COOKIE_SIZE] = '\0'; - if (strlen(line) > COOKIE_SIZE) { - log_error("Cookie larger than expected: %zu > %d\n", - strlen(line), COOKIE_SIZE); + strncpy(tunnel->cookie, cookie_start, COOKIE_SIZE); + tunnel->cookie[cookie_len] = '\0'; + + if (tunnel->cookie[11] == '\0') { + log_debug("Empty cookie.\n"); } else { + log_debug("Cookie: %s\n", tunnel->cookie); ret = 1; // success } - if (end1 != NULL) - end1[0] = end1_save; - if (end2 != NULL) - end2[0] = end2_save; } + } else { + log_debug("No cookie found\n"); } } return ret; @@ -690,7 +690,7 @@ ret = ERR_HTTP_BAD_RES_CODE; goto end; } - ret = get_auth_cookie(tunnel, res, response_size); + ret = auth_get_cookie(tunnel, res, response_size); if (ret == ERR_HTTP_NO_COOKIE) { struct vpn_config *cfg = tunnel->config; @@ -772,7 +772,7 @@ goto end; } - ret = get_auth_cookie(tunnel, res, response_size); + ret = auth_get_cookie(tunnel, res, response_size); } /* @@ -890,58 +890,6 @@ } -#ifdef SUPPORT_OBSOLETE_CODE -static int parse_config(struct tunnel *tunnel, const char *buffer) -{ - const char *c, *end; - - buffer = strcasestr(buffer, "NAME=\"text6\""); - if (!buffer) - return 1; - buffer = strcasestr(buffer, "VALUE=\""); - if (!buffer) - return 1; - buffer += 7; - - end = strchr(buffer, '"'); - if (end == NULL || end == buffer) { - log_info("No split VPN route\n"); - return 1; - } - - do { - char dest[16], mask[16]; - - c = strchr(buffer, '/'); - if (c == NULL || c >= end || c - buffer > 15) { - log_warn("Wrong addresses in split VPN route: expected <dest>/<mask>\n"); - return 1; - } - memcpy(dest, buffer, c - buffer); - dest[c - buffer] = '\0'; - buffer = c + 1; - - c = strchr(buffer, ','); - if (c == NULL || c > end) - c = end; - - if (c - buffer > 15) { - log_warn("Wrong addresses in split VPN route: expected <dest>/<mask>\n"); - return 1; - } - memcpy(mask, buffer, c - buffer); - mask[c - buffer] = '\0'; - buffer = c + 1; - - ipv4_add_split_vpn_route(tunnel, dest, mask, NULL); - - } while (c < end && *c == ','); - - return 1; -} -#endif - - int auth_get_config(struct tunnel *tunnel) { char *buffer; @@ -953,18 +901,5 @@ free(buffer); } -#ifdef SUPPORT_OBSOLETE_CODE - if (ret == 1) - return ret; - - log_warn("Configuration cannot be retrieved in XML format. This VPN-SSL portal might be outdated and vulnerable, you might not be able to connect from systems with recent OpenSSL libraries.\n"); - - ret = http_request(tunnel, "GET", "/remote/fortisslvpn", "", &buffer, NULL); - if (ret == 1) { - ret = parse_config(tunnel, buffer); - free(buffer); - } -#endif - return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/src/http.h new/openfortivpn-1.19.0/src/http.h --- old/openfortivpn-1.17.3/src/http.h 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/src/http.h 2022-10-10 17:44:34.000000000 +0200 @@ -58,5 +58,6 @@ int auth_log_out(struct tunnel *tunnel); int auth_request_vpn_allocation(struct tunnel *tunnel); int auth_get_config(struct tunnel *tunnel); +int auth_set_cookie(struct tunnel *tunnel, const char *line); #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/src/ipv4.c new/openfortivpn-1.19.0/src/ipv4.c --- old/openfortivpn-1.17.3/src/ipv4.c 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/src/ipv4.c 2022-10-10 17:44:34.000000000 +0200 @@ -888,10 +888,20 @@ int i; for (i = 0; i < tunnel->ipv4.split_routes; i++) { - struct rtentry *route; - int ret; + int j, ret; + struct rtentry *route = &tunnel->ipv4.split_rt[i]; + + for (j = 0; j < i ; j++) { + struct rtentry *other_route = &tunnel->ipv4.split_rt[j]; + + if (route_dest(route).s_addr == route_dest(other_route).s_addr) + break; + } + + // skip duplicate routes + if (i != j) + continue; - route = &tunnel->ipv4.split_rt[i]; // check if the route to be added is not the one to the gateway itself if (route_dest(route).s_addr == route_dest(&tunnel->ipv4.gtw_rt).s_addr) { log_debug("Skipping route to tunnel gateway (%s).\n", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/src/main.c new/openfortivpn-1.19.0/src/main.c --- old/openfortivpn-1.17.3/src/main.c 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/src/main.c 2022-10-10 17:44:34.000000000 +0200 @@ -75,6 +75,7 @@ #define usage \ "Usage: openfortivpn [<host>[:<port>]] [-u <user>] [-p <pass>]\n" \ +" [--cookie=<cookie>] [--cookie-on-stdin]\n" \ " [--otp=<otp>] [--otp-delay=<delay>] [--otp-prompt=<prompt>]\n" \ " [--pinentry=<program>] [--realm=<realm>]\n" \ " [--ifname=<ifname>] [--set-routes=<0|1>]\n" \ @@ -112,6 +113,8 @@ " " SYSCONFDIR "/openfortivpn/config).\n" \ " -u <user>, --username=<user> VPN account username.\n" \ " -p <pass>, --password=<pass> VPN account password.\n" \ +" --cookie=<cookie> A valid session cookie (SVPNCOOKIE).\n" \ +" --cookie-on-stdin Read the cookie (SVPNCOOKIE) from standard input.\n" \ " -o <otp>, --otp=<otp> One-Time-Password.\n" \ " --otp-prompt=<prompt> Search for the OTP prompt starting with this string.\n" \ " --otp-delay=<delay> Wait <delay> seconds before sending the OTP.\n" \ @@ -196,6 +199,7 @@ .username = {'\0'}, .password = {'\0'}, .password_set = 0, + .cookie = NULL, .otp = {'\0'}, .otp_prompt = NULL, .otp_delay = 0, @@ -249,6 +253,8 @@ {"realm", required_argument, NULL, 0}, {"username", required_argument, NULL, 'u'}, {"password", required_argument, NULL, 'p'}, + {"cookie", required_argument, NULL, 0}, + {"cookie-on-stdin", no_argument, NULL, 0}, {"otp", required_argument, NULL, 'o'}, {"otp-prompt", required_argument, NULL, 0}, {"otp-delay", required_argument, NULL, 0}, @@ -509,6 +515,23 @@ cli_cfg.set_dns = set_dns; break; } + if (strcmp(long_options[option_index].name, + "cookie") == 0) { + cli_cfg.cookie = strdup(optarg); + break; + } + if (strcmp(long_options[option_index].name, + "cookie-on-stdin") == 0) { + char *cookie = read_from_stdin(COOKIE_SIZE); + + if (cookie == NULL) { + log_warn("Could not read the cookie from stdin"); + break; + } + free(cli_cfg.cookie); + cli_cfg.cookie = cookie; + break; + } goto user_error; case 'h': printf("%s%s%s%s%s%s%s", usage, summary, @@ -612,14 +635,14 @@ goto user_error; } // Check username - if (cfg.username[0] == '\0') + if (cfg.username[0] == '\0' && !cfg.cookie) // Need either username or cert if (cfg.user_cert == NULL) { log_error("Specify a username.\n"); goto user_error; } // If username but no password given, interactively ask user - if (!cfg.password_set && cfg.username[0] != '\0') { + if (!cfg.password_set && cfg.username[0] != '\0' && !cfg.cookie) { char hint[USERNAME_SIZE + 1 + REALM_SIZE + 1 + GATEWAY_HOST_SIZE + 10]; sprintf(hint, "%s_%s_%s_password", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/src/tunnel.c new/openfortivpn-1.19.0/src/tunnel.c --- old/openfortivpn-1.17.3/src/tunnel.c 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/src/tunnel.c 2022-10-10 17:44:34.000000000 +0200 @@ -238,6 +238,7 @@ "230400", // speed ":169.254.2.1", // <local_IP_address>:<remote_IP_address> "noipdefault", + "ipcp-accept-local", "noaccomp", "noauth", "default-asyncmap", @@ -1286,7 +1287,10 @@ // Step 2: connect to the HTTP interface and authenticate to get a // cookie - ret = auth_log_in(&tunnel); + if (config->cookie) + ret = auth_set_cookie(&tunnel, config->cookie); + else + ret = auth_log_in(&tunnel); if (ret != 1) { log_error("Could not authenticate to gateway. Please check the password, client certificate, etc.\n"); log_debug("%s (%d)\n", err_http_str(ret), ret); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/src/userinput.c new/openfortivpn-1.19.0/src/userinput.c --- old/openfortivpn-1.17.3/src/userinput.c 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/src/userinput.c 2022-10-10 17:44:34.000000000 +0200 @@ -340,3 +340,26 @@ printf("\n"); } + +char *read_from_stdin(size_t count) +{ + char *buf; + char *output; + int bytes_read; + + buf = malloc(count + 1); + if (buf == NULL) + return NULL; + + bytes_read = read(STDIN_FILENO, buf, count); + if (bytes_read == -1) { + free(buf); + return NULL; + } + + buf[bytes_read] = '\0'; + output = realloc(buf, bytes_read + 1); + + // Just keep using the larger buffer if realloc() fails. + return output ? output : buf; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/src/userinput.h new/openfortivpn-1.19.0/src/userinput.h --- old/openfortivpn-1.17.3/src/userinput.h 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/src/userinput.h 2022-10-10 17:44:34.000000000 +0200 @@ -23,4 +23,6 @@ void read_password(const char *pinentry, const char *hint, const char *prompt, char *pass, size_t len); +char *read_from_stdin(size_t count); + #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/tests/ci/checkpatch/checkpatch.pl new/openfortivpn-1.19.0/tests/ci/checkpatch/checkpatch.pl --- old/openfortivpn-1.17.3/tests/ci/checkpatch/checkpatch.pl 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/tests/ci/checkpatch/checkpatch.pl 2022-10-10 17:44:34.000000000 +0200 @@ -63,6 +63,7 @@ my $spelling_file = "$D/spelling.txt"; my $codespell = 0; my $codespellfile = "/usr/share/codespell/dictionary.txt"; +my $user_codespellfile = ""; my $conststructsfile = "$D/const_structs.checkpatch"; my $docsfile = "$D/../Documentation/dev-tools/checkpatch.rst"; my $typedefsfile; @@ -130,7 +131,7 @@ --ignore-perl-version override checking of perl version. expect runtime errors. --codespell Use the codespell dictionary for spelling/typos - (default:/usr/share/codespell/dictionary.txt) + (default:$codespellfile) --codespellfile Use this codespell dictionary --typedefsfile Read additional types from this file --color[=WHEN] Use colors 'always', 'never', or only when output @@ -317,7 +318,7 @@ 'debug=s' => \%debug, 'test-only=s' => \$tst_only, 'codespell!' => \$codespell, - 'codespellfile=s' => \$codespellfile, + 'codespellfile=s' => \$user_codespellfile, 'typedefsfile=s' => \$typedefsfile, 'color=s' => \$color, 'no-color' => \$color, #keep old behaviors of -nocolor @@ -325,9 +326,32 @@ 'kconfig-prefix=s' => \${CONFIG_}, 'h|help' => \$help, 'version' => \$help -) or help(1); +) or $help = 2; -help(0) if ($help); +if ($user_codespellfile) { + # Use the user provided codespell file unconditionally + $codespellfile = $user_codespellfile; +} elsif (!(-f $codespellfile)) { + # If /usr/share/codespell/dictionary.txt is not present, try to find it + # under codespell's install directory: <codespell_root>/data/dictionary.txt + if (($codespell || $help) && which("python3") ne "") { + my $python_codespell_dict = << "EOF"; + +import os.path as op +import codespell_lib +codespell_dir = op.dirname(codespell_lib.__file__) +codespell_file = op.join(codespell_dir, 'data', 'dictionary.txt') +print(codespell_file, end='') +EOF + + my $codespell_dict = `python3 -c "$python_codespell_dict" 2> /dev/null`; + $codespellfile = $codespell_dict if (-f $codespell_dict); + } +} + +# $help is 1 if either -h, --help or --version is passed as option - exitcode: 0 +# $help is 2 if invalid option is passed - exitcode: 1 +help($help - 1) if ($help); die "$P: --git cannot be used with --file or --fix\n" if ($git && ($file || $fix)); die "$P: --verbose cannot be used with --terse\n" if ($verbose && $terse); @@ -489,7 +513,8 @@ ____cacheline_aligned| ____cacheline_aligned_in_smp| ____cacheline_internodealigned_in_smp| - __weak + __weak| + __alloc_size\s*\(\s*\d+\s*(?:,\s*\d+\s*)?\) }x; our $Modifier; our $Inline = qr{inline|__always_inline|noinline|__inline|__inline__}; @@ -501,7 +526,7 @@ our $Hex = qr{(?i)0x[0-9a-f]+$Int_type?}; our $Int = qr{[0-9]+$Int_type?}; our $Octal = qr{0[0-7]+$Int_type?}; -our $String = qr{"[X\t]*"}; +our $String = qr{(?:\b[Lu])?"[X\t]*"}; our $Float_hex = qr{(?i)0x[0-9a-f]+p-?[0-9]+[fl]?}; our $Float_dec = qr{(?i)(?:[0-9]+\.[0-9]*|[0-9]*\.[0-9]+)(?:e-?[0-9]+)?[fl]?}; our $Float_int = qr{(?i)[0-9]+e-?[0-9]+[fl]?}; @@ -1017,7 +1042,8 @@ our $declaration_macros = qr{(?x: (?:$Storage\s+)?(?:[A-Z_][A-Z0-9]*_){0,2}(?:DEFINE|DECLARE)(?:_[A-Z0-9]+){1,6}\s*\(| (?:$Storage\s+)?[HLP]?LIST_HEAD\s*\(| - (?:SKCIPHER_REQUEST|SHASH_DESC|AHASH_REQUEST)_ON_STACK\s*\( + (?:SKCIPHER_REQUEST|SHASH_DESC|AHASH_REQUEST)_ON_STACK\s*\(| + (?:$Storage\s+)?(?:XA_STATE|XA_STATE_ORDER)\s*\( )}; our %allow_repeated_words = ( @@ -1181,7 +1207,8 @@ # git log --format='%H %s' -1 $line | # echo "commit $(cut -c 1-12,41-)" # done - } elsif ($lines[0] =~ /^fatal: ambiguous argument '$commit': unknown revision or path not in the working tree\./) { + } elsif ($lines[0] =~ /^fatal: ambiguous argument '$commit': unknown revision or path not in the working tree\./ || + $lines[0] =~ /^fatal: bad object $commit/) { $id = undef; } else { $id = substr($lines[0], 0, 12); @@ -2587,6 +2614,8 @@ my $reported_maintainer_file = 0; my $non_utf8_charset = 0; + my $last_git_commit_id_linenr = -1; + my $last_blank_line = 0; my $last_coalesced_string_linenr = -1; @@ -2909,10 +2938,10 @@ my ($email_name, $email_comment, $email_address, $comment1) = parse_email($ctx); my ($author_name, $author_comment, $author_address, $comment2) = parse_email($author); - if ($email_address eq $author_address && $email_name eq $author_name) { + if (lc $email_address eq lc $author_address && $email_name eq $author_name) { $author_sob = $ctx; $authorsignoff = 2; - } elsif ($email_address eq $author_address) { + } elsif (lc $email_address eq lc $author_address) { $author_sob = $ctx; $authorsignoff = 3; } elsif ($email_name eq $author_name) { @@ -3144,7 +3173,7 @@ length($line) > 75 && !($line =~ /^\s*[a-zA-Z0-9_\/\.]+\s+\|\s+\d+/ || # file delta changes - $line =~ /^\s*(?:[\w\.\-]+\/)++[\w\.\-]+:/ || + $line =~ /^\s*(?:[\w\.\-\+]*\/)++[\w\.\-\+]+:/ || # filename then : $line =~ /^\s*(?:Fixes:|Link:|$signature_tags)/i || # A Fixes: or Link: line or signature tag line @@ -3170,10 +3199,20 @@ } # Check for git id commit length and improperly formed commit descriptions - if ($in_commit_log && !$commit_log_possible_stack_dump && +# A correctly formed commit description is: +# commit <SHA-1 hash length 12+ chars> ("Complete commit subject") +# with the commit subject '("' prefix and '")' suffix +# This is a fairly compilicated block as it tests for what appears to be +# bare SHA-1 hash with minimum length of 5. It also avoids several types of +# possible SHA-1 matches. +# A commit match can span multiple lines so this block attempts to find a +# complete typical commit on a maximum of 3 lines + if ($perl_version_ok && + $in_commit_log && !$commit_log_possible_stack_dump && $line !~ /^\s*(?:Link|Patchwork|http|https|BugLink|base-commit):/i && $line !~ /^This reverts commit [0-9a-f]{7,40}/ && - ($line =~ /\bcommit\s+[0-9a-f]{5,}\b/i || + (($line =~ /\bcommit\s+[0-9a-f]{5,}\b/i || + ($line =~ /\bcommit\s*$/i && defined($rawlines[$linenr]) && $rawlines[$linenr] =~ /^\s*[0-9a-f]{5,}\b/i)) || ($line =~ /(?:\s|^)[0-9a-f]{12,40}(?:[\s"'\(\[]|$)/i && $line !~ /[\<\[][0-9a-f]{12,40}[\>\]]/i && $line !~ /\bfixes:\s*[0-9a-f]{12,40}/i))) { @@ -3183,49 +3222,56 @@ my $long = 0; my $case = 1; my $space = 1; - my $hasdesc = 0; - my $hasparens = 0; my $id = '0123456789ab'; my $orig_desc = "commit description"; my $description = ""; + my $herectx = $herecurr; + my $has_parens = 0; + my $has_quotes = 0; + + my $input = $line; + if ($line =~ /(?:\bcommit\s+[0-9a-f]{5,}|\bcommit\s*$)/i) { + for (my $n = 0; $n < 2; $n++) { + if ($input =~ /\bcommit\s+[0-9a-f]{5,}\s*($balanced_parens)/i) { + $orig_desc = $1; + $has_parens = 1; + # Always strip leading/trailing parens then double quotes if existing + $orig_desc = substr($orig_desc, 1, -1); + if ($orig_desc =~ /^".*"$/) { + $orig_desc = substr($orig_desc, 1, -1); + $has_quotes = 1; + } + last; + } + last if ($#lines < $linenr + $n); + $input .= " " . trim($rawlines[$linenr + $n]); + $herectx .= "$rawlines[$linenr + $n]\n"; + } + $herectx = $herecurr if (!$has_parens); + } - if ($line =~ /\b(c)ommit\s+([0-9a-f]{5,})\b/i) { + if ($input =~ /\b(c)ommit\s+([0-9a-f]{5,})\b/i) { $init_char = $1; $orig_commit = lc($2); - } elsif ($line =~ /\b([0-9a-f]{12,40})\b/i) { + $short = 0 if ($input =~ /\bcommit\s+[0-9a-f]{12,40}/i); + $long = 1 if ($input =~ /\bcommit\s+[0-9a-f]{41,}/i); + $space = 0 if ($input =~ /\bcommit [0-9a-f]/i); + $case = 0 if ($input =~ /\b[Cc]ommit\s+[0-9a-f]{5,40}[^A-F]/); + } elsif ($input =~ /\b([0-9a-f]{12,40})\b/i) { $orig_commit = lc($1); } - $short = 0 if ($line =~ /\bcommit\s+[0-9a-f]{12,40}/i); - $long = 1 if ($line =~ /\bcommit\s+[0-9a-f]{41,}/i); - $space = 0 if ($line =~ /\bcommit [0-9a-f]/i); - $case = 0 if ($line =~ /\b[Cc]ommit\s+[0-9a-f]{5,40}[^A-F]/); - if ($line =~ /\bcommit\s+[0-9a-f]{5,}\s+\("([^"]+)"\)/i) { - $orig_desc = $1; - $hasparens = 1; - } elsif ($line =~ /\bcommit\s+[0-9a-f]{5,}\s*$/i && - defined $rawlines[$linenr] && - $rawlines[$linenr] =~ /^\s*\("([^"]+)"\)/) { - $orig_desc = $1; - $hasparens = 1; - } elsif ($line =~ /\bcommit\s+[0-9a-f]{5,}\s+\("[^"]+$/i && - defined $rawlines[$linenr] && - $rawlines[$linenr] =~ /^\s*[^"]+"\)/) { - $line =~ /\bcommit\s+[0-9a-f]{5,}\s+\("([^"]+)$/i; - $orig_desc = $1; - $rawlines[$linenr] =~ /^\s*([^"]+)"\)/; - $orig_desc .= " " . $1; - $hasparens = 1; - } - ($id, $description) = git_commit_info($orig_commit, $id, $orig_desc); if (defined($id) && - ($short || $long || $space || $case || ($orig_desc ne $description) || !$hasparens)) { + ($short || $long || $space || $case || ($orig_desc ne $description) || !$has_quotes) && + $last_git_commit_id_linenr != $linenr - 1) { ERROR("GIT_COMMIT_ID", - "Please use git commit description style 'commit <12+ chars of sha1> (\"<title line>\")' - ie: '${init_char}ommit $id (\"$description\")'\n" . $herecurr); + "Please use git commit description style 'commit <12+ chars of sha1> (\"<title line>\")' - ie: '${init_char}ommit $id (\"$description\")'\n" . $herectx); } + #don't report the next line if this line ends in commit and the sha1 hash is the next line + $last_git_commit_id_linenr = $linenr if ($line =~ /\bcommit\s*$/i); } # Check for added, moved or deleted files @@ -3434,47 +3480,47 @@ # Kconfig supports named choices), so use a word boundary # (\b) rather than a whitespace character (\s) $line =~ /^\+\s*(?:config|menuconfig|choice)\b/) { - my $length = 0; - my $cnt = $realcnt; - my $ln = $linenr + 1; - my $f; - my $is_start = 0; - my $is_end = 0; - for (; $cnt > 0 && defined $lines[$ln - 1]; $ln++) { - $f = $lines[$ln - 1]; - $cnt-- if ($lines[$ln - 1] !~ /^-/); - $is_end = $lines[$ln - 1] =~ /^\+/; + my $ln = $linenr; + my $needs_help = 0; + my $has_help = 0; + my $help_length = 0; + while (defined $lines[$ln]) { + my $f = $lines[$ln++]; next if ($f =~ /^-/); - last if (!$file && $f =~ /^\@\@/); + last if ($f !~ /^[\+ ]/); # !patch context - if ($lines[$ln - 1] =~ /^\+\s*(?:bool|tristate|prompt)\s*["']/) { - $is_start = 1; - } elsif ($lines[$ln - 1] =~ /^\+\s*(?:---)?help(?:---)?$/) { - $length = -1; + if ($f =~ /^\+\s*(?:bool|tristate|prompt)\s*["']/) { + $needs_help = 1; + next; + } + if ($f =~ /^\+\s*help\s*$/) { + $has_help = 1; + next; } - $f =~ s/^.//; - $f =~ s/#.*//; - $f =~ s/^\s+//; - next if ($f =~ /^$/); + $f =~ s/^.//; # strip patch context [+ ] + $f =~ s/#.*//; # strip # directives + $f =~ s/^\s+//; # strip leading blanks + next if ($f =~ /^$/); # skip blank lines + # At the end of this Kconfig block: # This only checks context lines in the patch # and so hopefully shouldn't trigger false # positives, even though some of these are # common words in help texts - if ($f =~ /^\s*(?:config|menuconfig|choice|endchoice| - if|endif|menu|endmenu|source)\b/x) { - $is_end = 1; + if ($f =~ /^(?:config|menuconfig|choice|endchoice| + if|endif|menu|endmenu|source)\b/x) { last; } - $length++; + $help_length++ if ($has_help); } - if ($is_start && $is_end && $length < $min_conf_desc_length) { + if ($needs_help && + $help_length < $min_conf_desc_length) { + my $stat_real = get_stat_real($linenr, $ln - 1); WARN("CONFIG_DESCRIPTION", - "please write a paragraph that describes the config symbol fully\n" . $herecurr); + "please write a help paragraph that fully describes the config symbol\n" . "$here\n$stat_real\n"); } - #print "is_start<$is_start> is_end<$is_end> length<$length>\n"; } # check MAINTAINERS entries @@ -3881,7 +3927,7 @@ if ($prevline =~ /^[\+ ]};?\s*$/ && $line =~ /^\+/ && !($line =~ /^\+\s*$/ || - $line =~ /^\+\s*EXPORT_SYMBOL/ || + $line =~ /^\+\s*(?:EXPORT_SYMBOL|early_param)/ || $line =~ /^\+\s*MODULE_/i || $line =~ /^\+\s*\#\s*(?:end|elif|else)/ || $line =~ /^\+[a-z_]*init/ || @@ -4428,6 +4474,7 @@ # XXX(foo); # EXPORT_SYMBOL(something_foo); my $name = $1; + $name =~ s/^\s*($Ident).*/$1/; if ($stat =~ /^(?:.\s*}\s*\n)?.([A-Z_]+)\s*\(\s*($Ident)/ && $name =~ /^${Ident}_$2/) { #print "FOO C name<$name>\n"; @@ -5505,6 +5552,7 @@ defined($stat) && defined($cond) && $line =~ /\b(?:if|while|for)\s*\(/ && $line !~ /^.\s*#/) { my ($s, $c) = ($stat, $cond); + my $fixed_assign_in_if = 0; if ($c =~ /\bif\s*\(.*[^<>!=]=[^=].*/s) { if (ERROR("ASSIGN_IN_IF", @@ -5529,6 +5577,7 @@ $newline .= ')'; $newline .= " {" if (defined($brace)); fix_insert_line($fixlinenr + 1, $newline); + $fixed_assign_in_if = 1; } } } @@ -5552,8 +5601,20 @@ $stat_real = "[...]\n$stat_real"; } - ERROR("TRAILING_STATEMENTS", - "trailing statements should be on next line\n" . $herecurr . $stat_real); + if (ERROR("TRAILING_STATEMENTS", + "trailing statements should be on next line\n" . $herecurr . $stat_real) && + !$fixed_assign_in_if && + $cond_lines == 0 && + $fix && $perl_version_ok && + $fixed[$fixlinenr] =~ /^\+(\s*)((?:if|while|for)\s*$balanced_parens)\s*(.*)$/) { + my $indent = $1; + my $test = $2; + my $rest = rtrim($4); + if ($rest =~ /;$/) { + $fixed[$fixlinenr] = "\+$indent$test"; + fix_insert_line($fixlinenr + 1, "$indent\t$rest"); + } + } } } @@ -5660,7 +5721,7 @@ $var !~ /^(?:[a-z0-9_]*|[A-Z0-9_]*)?_?[a-z][A-Z](?:_[a-z0-9_]+|_[A-Z0-9_]+)?$/ && #Ignore some three character SI units explicitly, like MiB and KHz $var !~ /^(?:[a-z_]*?)_?(?:[KMGT]iB|[KMGT]?Hz)(?:_[a-z_]+)?$/) { - while ($var =~ m{($Ident)}g) { + while ($var =~ m{\b($Ident)}g) { my $word = $1; next if ($word !~ /[A-Z][a-z]|[a-z][A-Z]/); if ($check) { @@ -6132,7 +6193,8 @@ } # concatenated string without spaces between elements - if ($line =~ /$String[A-Za-z0-9_]/ || $line =~ /[A-Za-z0-9_]$String/) { + if ($line =~ /$String[A-Z_]/ || + ($line =~ /([A-Za-z0-9_]+)$String/ && $1 !~ /^[Lu]$/)) { if (CHK("CONCATENATED_STRING", "Concatenated strings should use spaces between elements\n" . $herecurr) && $fix) { @@ -6145,7 +6207,7 @@ } # uncoalesced string fragments - if ($line =~ /$String\s*"/) { + if ($line =~ /$String\s*[Lu]?"/) { if (WARN("STRING_FRAGMENTS", "Consecutive strings are generally better as a single string\n" . $herecurr) && $fix) { @@ -6972,14 +7034,16 @@ "Prefer $3(sizeof(*$1)...) over $3($4...)\n" . $herecurr); } -# check for k[mz]alloc with multiplies that could be kmalloc_array/kcalloc +# check for (kv|k)[mz]alloc with multiplies that could be kmalloc_array/kvmalloc_array/kvcalloc/kcalloc if ($perl_version_ok && defined $stat && - $stat =~ /^\+\s*($Lval)\s*\=\s*(?:$balanced_parens)?\s*(k[mz]alloc)\s*\(\s*($FuncArg)\s*\*\s*($FuncArg)\s*,/) { + $stat =~ /^\+\s*($Lval)\s*\=\s*(?:$balanced_parens)?\s*((?:kv|k)[mz]alloc)\s*\(\s*($FuncArg)\s*\*\s*($FuncArg)\s*,/) { my $oldfunc = $3; my $a1 = $4; my $a2 = $10; my $newfunc = "kmalloc_array"; + $newfunc = "kvmalloc_array" if ($oldfunc eq "kvmalloc"); + $newfunc = "kvcalloc" if ($oldfunc eq "kvzalloc"); $newfunc = "kcalloc" if ($oldfunc eq "kzalloc"); my $r1 = $a1; my $r2 = $a2; @@ -6996,7 +7060,7 @@ "Prefer $newfunc over $oldfunc with multiply\n" . $herectx) && $cnt == 1 && $fix) { - $fixed[$fixlinenr] =~ s/\b($Lval)\s*\=\s*(?:$balanced_parens)?\s*(k[mz]alloc)\s*\(\s*($FuncArg)\s*\*\s*($FuncArg)/$1 . ' = ' . "$newfunc(" . trim($r1) . ', ' . trim($r2)/e; + $fixed[$fixlinenr] =~ s/\b($Lval)\s*\=\s*(?:$balanced_parens)?\s*((?:kv|k)[mz]alloc)\s*\(\s*($FuncArg)\s*\*\s*($FuncArg)/$1 . ' = ' . "$newfunc(" . trim($r1) . ', ' . trim($r2)/e; } } } @@ -7371,6 +7435,13 @@ WARN("MODULE_LICENSE", "unknown module license " . $extracted_string . "\n" . $herecurr); } + if (!$file && $extracted_string eq '"GPL v2"') { + if (WARN("MODULE_LICENSE", + "Prefer \"GPL\" over \"GPL v2\" - see commit bf7fbeeae6db (\"module: Cure the MODULE_LICENSE \"GPL\" vs. \"GPL v2\" bogosity\")\n" . $herecurr) && + $fix) { + $fixed[$fixlinenr] =~ s/\bMODULE_LICENSE\s*\(\s*"GPL v2"\s*\)/MODULE_LICENSE("GPL")/; + } + } } # check for sysctl duplicate constants diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.17.3/tests/ci/checkpatch/spelling.txt new/openfortivpn-1.19.0/tests/ci/checkpatch/spelling.txt --- old/openfortivpn-1.17.3/tests/ci/checkpatch/spelling.txt 2022-05-03 17:51:49.000000000 +0200 +++ new/openfortivpn-1.19.0/tests/ci/checkpatch/spelling.txt 2022-10-10 17:44:34.000000000 +0200 @@ -178,7 +178,9 @@ assumtpion||assumption asuming||assuming asycronous||asynchronous +asychronous||asynchronous asynchnous||asynchronous +asynchronus||asynchronous asynchromous||asynchronous asymetric||asymmetric asymmeric||asymmetric @@ -230,6 +232,7 @@ bandwith||bandwidth banlance||balance batery||battery +battey||battery beacuse||because becasue||because becomming||becoming @@ -241,6 +244,7 @@ betweeen||between bianries||binaries bitmast||bitmask +bitwiedh||bitwidth boardcast||broadcast borad||board boundry||boundary @@ -265,7 +269,10 @@ calulate||calculate cancelation||cancellation cancle||cancel +cant||can't +cant'||can't canot||cannot +cann't||can't capabilites||capabilities capabilties||capabilities capabilty||capability @@ -328,6 +335,7 @@ comsume||consume comsumer||consumer comsuming||consuming +comaptible||compatible compability||compatibility compaibility||compatibility comparsion||comparison @@ -348,7 +356,9 @@ comppatible||compatible compres||compress compresion||compression +compresser||compressor comression||compression +comsumed||consumed comunicate||communicate comunication||communication conbination||combination @@ -501,6 +511,7 @@ disgest||digest disired||desired dispalying||displaying +dissable||disable diplay||display directon||direction direcly||directly @@ -524,6 +535,7 @@ distiction||distinction divisable||divisible divsiors||divisors +dsiabled||disabled docuentation||documentation documantation||documentation documentaion||documentation @@ -595,6 +607,7 @@ exceds||exceeds exceeed||exceed excellant||excellent +exchnage||exchange execeeded||exceeded execeeds||exceeds exeed||exceed @@ -670,6 +683,7 @@ frequncy||frequency frequancy||frequency frome||from +fronend||frontend fucntion||function fuction||function fuctions||functions @@ -754,6 +768,7 @@ implmenting||implementing incative||inactive incomming||incoming +incompaitiblity||incompatibility incompatabilities||incompatibilities incompatable||incompatible incompatble||incompatible @@ -935,9 +950,11 @@ micropone||microphone microprocesspr||microprocessor migrateable||migratable +millenium||millennium milliseonds||milliseconds minium||minimum minimam||minimum +minimun||minimum miniumum||minimum minumum||minimum misalinged||misaligned @@ -956,6 +973,7 @@ mnay||many modfiy||modify modifer||modifier +modul||module modulues||modules momery||memory memomry||memory @@ -998,6 +1016,7 @@ nubmer||number numebr||number numner||number +nunber||number obtaion||obtain obusing||abusing occassionally||occasionally @@ -1037,6 +1056,7 @@ overaall||overall overhread||overhead overlaping||overlapping +oveflow||overflow overflw||overflow overlfow||overflow overide||override @@ -1126,6 +1146,7 @@ pressre||pressure presuambly||presumably previosuly||previously +previsously||previously primative||primitive princliple||principle priorty||priority @@ -1154,6 +1175,7 @@ programers||programmers programm||program programms||programs +progres||progress progresss||progress prohibitted||prohibited prohibitting||prohibiting @@ -1286,6 +1308,7 @@ rquest||request runing||running runned||ran +runnnig||running runnning||running runtine||runtime sacrifying||sacrificing @@ -1328,6 +1351,7 @@ setts||sets settting||setting shapshot||snapshot +shoft||shift shotdown||shutdown shoud||should shouldnt||shouldn't @@ -1341,6 +1365,7 @@ simlar||similar simliar||similar simpified||simplified +simultanous||simultaneous singaled||signaled singal||signal singed||signed @@ -1439,6 +1464,7 @@ symetric||symmetric synax||syntax synchonized||synchronized +sychronization||synchronization synchronuously||synchronously syncronize||synchronize syncronized||synchronized @@ -1448,6 +1474,7 @@ sytem||system sythesis||synthesis taht||that +tained||tainted tansmit||transmit targetted||targeted targetting||targeting @@ -1476,6 +1503,7 @@ tmis||this toogle||toggle torerable||tolerable +torlence||tolerance traget||target traking||tracking tramsmitted||transmitted @@ -1490,6 +1518,7 @@ transfered||transferred transfering||transferring transision||transition +transistioned||transitioned transmittd||transmitted transormed||transformed trasfer||transfer @@ -1521,6 +1550,7 @@ unfortunatelly||unfortunately unifiy||unify uniterrupted||uninterrupted +uninterruptable||uninterruptible unintialized||uninitialized unitialized||uninitialized unkmown||unknown @@ -1553,6 +1583,7 @@ unvalid||invalid upate||update upsupported||unsupported +useable||usable usefule||useful usefull||useful usege||usage @@ -1574,6 +1605,7 @@ vaule||value verbse||verbose veify||verify +verfication||verification veriosn||version verisons||versions verison||version @@ -1586,6 +1618,7 @@ vitual||virtual vunerable||vulnerable wakeus||wakeups +was't||wasn't wathdog||watchdog wating||waiting wiat||wait
