Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openfortivpn for openSUSE:Factory checked in at 2023-07-06 18:28:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openfortivpn (Old) and /work/SRC/openSUSE:Factory/.openfortivpn.new.23466 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openfortivpn" Thu Jul 6 18:28:45 2023 rev:24 rq:1096976 version:1.20.5 Changes: -------- --- /work/SRC/openSUSE:Factory/openfortivpn/openfortivpn.changes 2023-03-08 14:53:14.174892877 +0100 +++ /work/SRC/openSUSE:Factory/.openfortivpn.new.23466/openfortivpn.changes 2023-07-06 18:28:52.647221097 +0200 @@ -1,0 +2,18 @@ +Mon Jul 3 13:31:07 UTC 2023 - Martin Hauke <mar...@gmx.de> + +- Update to version 1.20.5 + * revert previous fix from 1.20.4, make it optional. +- Update to version 1.20.4 + * fix "Peer refused to agree to his IP address" message. +- Update to version 1.20.3 + * minor change in a warning message. + * documentation improvement. + * minor changes in build and test files. +- Update to version 1.20.2 + * fix regression: do attempt to apply duplicate routes, log + INFO instead of WARN. + * minor changes in log messages. +- Update patch: + * harden_openfortivpn@.service.patch + +------------------------------------------------------------------- Old: ---- openfortivpn-1.20.1.tar.gz New: ---- openfortivpn-1.20.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openfortivpn.spec ++++++ --- /var/tmp/diff_new_pack.mmWpe8/_old 2023-07-06 18:28:53.327225272 +0200 +++ /var/tmp/diff_new_pack.mmWpe8/_new 2023-07-06 18:28:53.331225297 +0200 @@ -17,7 +17,7 @@ Name: openfortivpn -Version: 1.20.1 +Version: 1.20.5 Release: 0 Summary: Client for PPP+SSL VPN tunnel services License: GPL-3.0-or-later ++++++ harden_openfortivpn@.service.patch ++++++ --- /var/tmp/diff_new_pack.mmWpe8/_old 2023-07-06 18:28:53.355225444 +0200 +++ /var/tmp/diff_new_pack.mmWpe8/_new 2023-07-06 18:28:53.359225468 +0200 @@ -1,8 +1,8 @@ diff --git a/lib/systemd/system/openforti...@.service.in b/lib/systemd/system/openforti...@.service.in -index 154bf60..7336b8f 100644 +index 1249037..741ae07 100644 --- a/lib/systemd/system/openforti...@.service.in +++ b/lib/systemd/system/openforti...@.service.in -@@ -6,6 +6,17 @@ Documentation=man:openfortivpn(1) +@@ -9,6 +9,17 @@ Documentation=https://github.com/adrienverge/openfortivpn/wiki [Service] Type=notify PrivateTmp=true @@ -18,6 +18,6 @@ +RestrictRealtime=true +# end of automatic additions ExecStart=@BINDIR@/openfortivpn -c @SYSCONFDIR@/openfortivpn/%I.conf + Restart=on-failure OOMScoreAdjust=-100 - ++++++ openfortivpn-1.20.1.tar.gz -> openfortivpn-1.20.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/.github/workflows/codespell.yml new/openfortivpn-1.20.5/.github/workflows/codespell.yml --- old/openfortivpn-1.20.1/.github/workflows/codespell.yml 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/.github/workflows/codespell.yml 2023-06-23 08:20:36.000000000 +0200 @@ -18,4 +18,4 @@ - uses: codespell-project/actions-codespell@master with: skip: .git,checkpatch.pl,spelling.txt,LICENSE.OpenSSL - ignore_words_list: synopsys,parms + ignore_words_list: anull,caf,synopsys,parms diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/CHANGELOG.md new/openfortivpn-1.20.5/CHANGELOG.md --- old/openfortivpn-1.20.1/CHANGELOG.md 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/CHANGELOG.md 2023-06-23 08:20:36.000000000 +0200 @@ -14,6 +14,25 @@ This high level changelog is usually updated when a release is tagged. On the master branch there may be changes that are not (yet) described here. +### 1.20.5 + +* [-] revert previous fix from 1.20.4, make it optional + +### 1.20.4 + +* [-] fix "Peer refused to agree to his IP address" message + +### 1.20.3 + +* [~] minor change in a warning message +* [+] documentation improvement +* [+] minor changes in build and test files + +### 1.20.2 + +* [-] fix regression: do attempt to apply duplicate routes, log INFO instead of WARN +* [-] minor changes in log messages + ### 1.20.1 * [-] fix version string in configure.ac @@ -173,7 +192,7 @@ ### 1.8.1 -* [~] Support longer passowrds by allocation of a larger buffer +* [~] Support longer passwords by allocation of a larger buffer * [-] With version 1.8.0 /etc/resolv.conf was not updated anymore in some situations. To avoid this regression the change "Rationalize DNS options" has been reverted again to restore the behavior of versions up to 1.7.1. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/README.md new/openfortivpn-1.20.5/README.md --- old/openfortivpn-1.20.1/README.md 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/README.md 2023-06-23 08:20:36.000000000 +0200 @@ -8,9 +8,9 @@ It is compatible with Fortinet VPNs. Usage --------- +----- -``` +```shell man openfortivpn ``` @@ -18,37 +18,37 @@ -------- * Simply connect to a VPN: - ``` + ```shell openfortivpn vpn-gateway:8443 --username=foo ``` * Connect to a VPN using an authentication realm: - ``` + ```shell openfortivpn vpn-gateway:8443 --username=foo --realm=bar ``` * Store password securely with a pinentry program: - ``` + ```shell openfortivpn vpn-gateway:8443 --username=foo --pinentry=pinentry-mac ``` * Connect with a user certificate and no password: - ``` + ```shell openfortivpn vpn-gateway:8443 --username= --password= --user-cert=cert.pem --user-key=key.pem ``` * Don't set IP routes and don't add VPN nameservers to `/etc/resolv.conf`: - ``` + ```shell openfortivpn vpn-gateway:8443 -u foo --no-routes --no-dns --pppd-no-peerdns ``` * Using a configuration file: - ``` + ```shell openfortivpn -c /etc/openfortivpn/my-config ``` With `/etc/openfortivpn/my-config` containing: - ``` + ```ini host = vpn-gateway port = 8443 username = foo @@ -59,7 +59,7 @@ ``` * For the full list of config options, see the `CONFIGURATION` section of - ``` + ```shell man openfortivpn ``` @@ -74,7 +74,7 @@ To make use of your smartcard put at least `pkcs11:` to the user-cert config or commandline option. It takes the full or a partial PKCS#11 token URI. -``` +```ini user-cert = pkcs11: user-cert = pkcs11:token=someuser user-cert = pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=012345678;token=someuser @@ -88,7 +88,8 @@ Multiple readers are currently not supported. Smartcard support has been tested with Yubikey under Linux, but other PIV enabled -smartcards may work too. On Mac OS X Mojave it is known that the pkcs engine-by-id is not found. +smartcards may work too. On Mac OS X Mojave it is known that the pkcs engine-by-id +is not found. Installing ---------- @@ -140,7 +141,7 @@ * FreeBSD: `automake` `autoconf` `libressl` `pkgconf` On Linux, if you manage your kernel yourself, ensure to compile those modules: - ``` + ```text CONFIG_PPP=m CONFIG_PPP_ASYNC=m ``` @@ -188,8 +189,10 @@ entry in `/etc/sudoers` or a file under `/etc/sudoers.d`. For example: -`visudo -f /etc/sudoers.d/openfortivpn` +```shell +visudo -f /etc/sudoers.d/openfortivpn ``` +```text Cmnd_Alias OPENFORTIVPN = /usr/bin/openfortivpn %adm ALL = (ALL) OPENFORTIVPN @@ -202,10 +205,25 @@ a malicious user could use `--pppd-plugin` and `--pppd-log` options to divert the program's behaviour. +SSO/SAML/2FA +------------ + +In some cases, the server may require the VPN client to load and interact +with a web page containing JavaScript. Depending on the complexity of the +web page, interpreting the web page might be beyond the reach of a command +line program such as openfortivpn. + +In such cases, you may use an external program spawning a full-fledged +web browser such as +[openfortivpn-webview](https://github.com/gm-vm/openfortivpn-webview) +to authenticate and retrieve a session cookie. This cookie can be fed +to openfortivpn using option `--cookie-on-stdin`. Obviously, such a +solution requires a graphic session. + Contributing ------------ Feel free to make pull requests! C coding style should follow the -[Linux kernel Documentation/CodingStyle](http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-style.rst?id=refs/heads/master). +[Linux kernel coding style](https://www.kernel.org/doc/html/latest/process/coding-style.html). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/configure.ac new/openfortivpn-1.20.5/configure.ac --- old/openfortivpn-1.20.1/configure.ac 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/configure.ac 2023-06-23 08:20:36.000000000 +0200 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ([2.63]) -AC_INIT([openfortivpn], [1.20.1]) +AC_INIT([openfortivpn], [1.20.5]) AC_CONFIG_SRCDIR([src/main.c]) AM_INIT_AUTOMAKE([foreign subdir-objects]) @@ -416,6 +416,7 @@ [with_systemdsystemunitdir="$def_systemdsystemunitdir"])]) AS_IF([test "x$with_systemdsystemunitdir" != "xno"], [AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])]) +AC_MSG_NOTICE([systemdsystemunitdir... $systemdsystemunitdir]) AM_CONDITIONAL([HAVE_SYSTEMD], [test "x$with_systemdsystemunitdir" != "xno"]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/etc/ppp/ip-up.local.example new/openfortivpn-1.20.5/etc/ppp/ip-up.local.example --- old/openfortivpn-1.20.1/etc/ppp/ip-up.local.example 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/etc/ppp/ip-up.local.example 2023-06-23 08:20:36.000000000 +0200 @@ -3,17 +3,17 @@ case "$PPP_IPPARAM" in openfortivpn*) rconf=/etc/resolv.conf - routes=$(echo $PPP_IPPARAM | tr , ' ') + routes=$(echo "$PPP_IPPARAM" | tr , ' ') for r in $routes; do [[ $r = "openfortivpn" ]] && continue com="ip route add ${r%/*} via ${r##*/}" - echo $com + echo "$com" $com done cp -pv $rconf $rconf.openfortivpn if [[ "$DNS1" ]]; then - echo nameserver $DNS1 > $rconf - [[ "$DNS2" ]] && [[ "$DNS1" != "$DNS2" ]] && echo nameserver $DNS2 >> $rconf + echo nameserver "$DNS1" > $rconf + [[ "$DNS2" ]] && [[ "$DNS1" != "$DNS2" ]] && echo nameserver "$DNS2" >> $rconf fi exit 0 ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/lib/systemd/system/openforti...@.service.in new/openfortivpn-1.20.5/lib/systemd/system/openforti...@.service.in --- old/openfortivpn-1.20.1/lib/systemd/system/openforti...@.service.in 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/lib/systemd/system/openforti...@.service.in 2023-06-23 08:20:36.000000000 +0200 @@ -1,12 +1,16 @@ [Unit] Description=OpenFortiVPN for %I After=network-online.target +Wants=network-online.target Documentation=man:openfortivpn(1) +Documentation=https://github.com/adrienverge/openfortivpn#readme +Documentation=https://github.com/adrienverge/openfortivpn/wiki [Service] Type=notify PrivateTmp=true ExecStart=@BINDIR@/openfortivpn -c @SYSCONFDIR@/openfortivpn/%I.conf +Restart=on-failure OOMScoreAdjust=-100 [Install] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/config.c new/openfortivpn-1.20.5/src/config.c --- old/openfortivpn-1.20.1/src/config.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/config.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -67,6 +67,7 @@ .pppd_ipparam = NULL, .pppd_ifname = NULL, .pppd_call = NULL, + .pppd_accept_remote = -1, #endif #if HAVE_USR_SBIN_PPP .ppp_system = NULL, @@ -366,7 +367,7 @@ int use_resolvconf = strtob(val); if (use_resolvconf < 0) { - log_warn("Bad use-resolvconf value in configuration file: \"%s\".\n", + log_warn("Bad value for use-resolvconf in configuration file: \"%s\".\n", val); continue; } @@ -563,6 +564,8 @@ free(dst->pppd_call); dst->pppd_call = src->pppd_call; } + if (src->pppd_accept_remote != invalid_cfg.pppd_accept_remote) + dst->pppd_accept_remote = src->pppd_accept_remote; #endif #if HAVE_USR_SBIN_PPP if (src->ppp_system) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/config.h new/openfortivpn-1.20.5/src/config.h --- old/openfortivpn-1.20.1/src/config.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/config.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -83,41 +83,42 @@ #define MAX_DOMAIN_LENGTH 256 struct vpn_config { - char gateway_host[GATEWAY_HOST_SIZE + 1]; - struct in_addr gateway_ip; - uint16_t gateway_port; - char username[USERNAME_SIZE + 1]; - char password[PASSWORD_SIZE + 1]; - int password_set; - char otp[OTP_SIZE + 1]; - char *cookie; - char *otp_prompt; - unsigned int otp_delay; - int no_ftm_push; - char *pinentry; - char iface_name[IF_NAMESIZE]; - char realm[REALM_SIZE + 1]; - - int set_routes; - int set_dns; - int pppd_use_peerdns; - int use_syslog; + char gateway_host[GATEWAY_HOST_SIZE + 1]; + struct in_addr gateway_ip; + uint16_t gateway_port; + char username[USERNAME_SIZE + 1]; + char password[PASSWORD_SIZE + 1]; + int password_set; + char otp[OTP_SIZE + 1]; + char *cookie; + char *otp_prompt; + unsigned int otp_delay; + int no_ftm_push; + char *pinentry; + char iface_name[IF_NAMESIZE]; + char realm[REALM_SIZE + 1]; + + int set_routes; + int set_dns; + int pppd_use_peerdns; + int use_syslog; #if HAVE_RESOLVCONF - int use_resolvconf; + int use_resolvconf; #endif - int half_internet_routes; + int half_internet_routes; - unsigned int persistent; + unsigned int persistent; #if HAVE_USR_SBIN_PPPD - char *pppd_log; - char *pppd_plugin; - char *pppd_ipparam; - char *pppd_ifname; - char *pppd_call; + char *pppd_log; + char *pppd_plugin; + char *pppd_ipparam; + char *pppd_ifname; + char *pppd_call; + int pppd_accept_remote; #endif #if HAVE_USR_SBIN_PPP - char *ppp_system; + char *ppp_system; #endif char *ca_file; char *user_cert; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/hdlc.c new/openfortivpn-1.20.5/src/hdlc.c --- old/openfortivpn-1.20.1/src/hdlc.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/hdlc.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/hdlc.h new/openfortivpn-1.20.5/src/hdlc.h --- old/openfortivpn-1.20.1/src/hdlc.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/hdlc.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/http.c new/openfortivpn-1.20.5/src/http.c --- old/openfortivpn-1.20.1/src/http.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/http.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -375,7 +375,6 @@ static int get_action_url(const char *buf, const char *key, char *retbuf, size_t retbuflen) { - int ret = -1; char *tokens; size_t keylen = strlen(key); @@ -840,7 +839,7 @@ if (xml_find(' ', "domain=", val, 1)) { tunnel->ipv4.dns_suffix = xml_get(xml_find(' ', "domain=", val, 1)); - log_debug("found dns suffix %s in xml config\n", + log_debug("Found dns suffix %s in xml config\n", tunnel->ipv4.dns_suffix); break; } @@ -851,7 +850,7 @@ while ((val = xml_find('<', "dns", val, 2))) { if (xml_find(' ', "ip=", val, 1)) { dns_server = xml_get(xml_find(' ', "ip=", val, 1)); - log_debug("found dns server %s in xml config\n", dns_server); + log_debug("Found dns server %s in xml config\n", dns_server); if (!tunnel->ipv4.ns1_addr.s_addr) tunnel->ipv4.ns1_addr.s_addr = inet_addr(dns_server); else if (!tunnel->ipv4.ns2_addr.s_addr) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/http.h new/openfortivpn-1.20.5/src/http.h --- old/openfortivpn-1.20.1/src/http.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/http.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/io.c new/openfortivpn-1.20.5/src/io.c --- old/openfortivpn-1.20.1/src/io.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/io.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/io.h new/openfortivpn-1.20.5/src/io.h --- old/openfortivpn-1.20.1/src/io.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/io.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/ipv4.c new/openfortivpn-1.20.5/src/ipv4.c --- old/openfortivpn-1.20.1/src/ipv4.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/ipv4.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -345,7 +345,7 @@ #endif if (total_bytes_read == 0) { - log_debug("routing table is empty.\n"); + log_debug("Routing table is empty.\n"); err = ERR_IPV4_PROC_NET_ROUTE; goto end; } @@ -354,7 +354,7 @@ // Skip first line start = strchr(buffer, '\n'); if (start == NULL) { - log_debug("routing table is malformed.\n"); + log_debug("Routing table is malformed.\n"); err = ERR_IPV4_PROC_NET_ROUTE; goto end; } @@ -370,14 +370,14 @@ start = strchr(++start, '\n'); start = strchr(++start, '\n'); if (start == NULL) { - log_debug("routing table is malformed.\n"); + log_debug("Routing table is malformed.\n"); err = ERR_IPV4_PROC_NET_ROUTE; goto end; } #endif if (strchr(start, '\n') == NULL) { - log_debug("routing table is malformed.\n"); + log_debug("Routing table is malformed.\n"); err = ERR_IPV4_PROC_NET_ROUTE; goto end; } @@ -607,7 +607,7 @@ /* we can copy rtentry struct directly between openfortivpn and kernel */ log_debug("ip route add %s\n", ipv4_show_route(route)); - int sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP); + int sockfd = socket(AF_INET, SOCK_DGRAM, 0); if (sockfd < 0) return ERR_IPV4_SEE_ERRNO; @@ -676,7 +676,7 @@ tmp.rt_window = 0; tmp.rt_irtt = 0; - sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP); + sockfd = socket(AF_INET, SOCK_DGRAM, 0); if (sockfd < 0) return ERR_IPV4_SEE_ERRNO; if (ioctl(sockfd, SIOCDELRT, &tmp) == -1) { @@ -766,7 +766,7 @@ if ((ret == 0) && (route_dest(gtw_rt).s_addr == tunnel->config->gateway_ip.s_addr) && (route_mask(gtw_rt).s_addr == inet_addr("255.255.255.255"))) { - log_debug("removing wrong route to vpn server...\n"); + log_debug("Removing wrong route to vpn server...\n"); log_debug("ip route show %s\n", ipv4_show_route(gtw_rt)); ipv4_del_route(gtw_rt); } @@ -888,20 +888,10 @@ int i; for (i = 0; i < tunnel->ipv4.split_routes; i++) { - int j, ret; - struct rtentry *route = &tunnel->ipv4.split_rt[i]; - - for (j = 0; j < i ; j++) { - struct rtentry *other_route = &tunnel->ipv4.split_rt[j]; - - if (route_dest(route).s_addr == route_dest(other_route).s_addr) - break; - } - - // skip duplicate routes - if (i != j) - continue; + struct rtentry *route; + int ret; + route = &tunnel->ipv4.split_rt[i]; // check if the route to be added is not the one to the gateway itself if (route_dest(route).s_addr == route_dest(&tunnel->ipv4.gtw_rt).s_addr) { log_debug("Skipping route to tunnel gateway (%s).\n", @@ -921,7 +911,7 @@ route->rt_flags |= RTF_GATEWAY; ret = ipv4_set_route(route); if (ret == ERR_IPV4_SEE_ERRNO && errno == EEXIST) - log_warn("Route to gateway exists already.\n"); + log_info("Route to gateway exists already.\n"); else if (ret != 0) log_warn("Could not set route to tunnel gateway (%s).\n", err_ipv4_str(ret)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/ipv4.h new/openfortivpn-1.20.5/src/ipv4.h --- old/openfortivpn-1.20.1/src/ipv4.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/ipv4.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/log.c new/openfortivpn-1.20.5/src/log.c --- old/openfortivpn-1.20.1/src/log.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/log.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/log.h new/openfortivpn-1.20.5/src/log.h --- old/openfortivpn-1.20.1/src/log.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/log.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/main.c new/openfortivpn-1.20.5/src/main.c --- old/openfortivpn-1.20.1/src/main.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/main.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,7 +36,8 @@ #define PPPD_USAGE \ " [--pppd-use-peerdns=<0|1>] [--pppd-log=<file>]\n" \ " [--pppd-ifname=<string>] [--pppd-ipparam=<string>]\n" \ -" [--pppd-call=<name>] [--pppd-plugin=<file>]\n" +" [--pppd-call=<name>] [--pppd-plugin=<file>]\n" \ +" [--pppd-accept-remote]\n" #define PPPD_HELP \ " --pppd-use-peerdns=[01] Whether to ask peer ppp server for DNS server\n" \ @@ -52,7 +53,9 @@ " and ip-down scripts. See man (8) pppd.\n" \ " --pppd-call=<name> Move most pppd options from pppd cmdline to\n" \ " /etc/ppp/peers/<name> and invoke pppd with\n" \ -" 'call <name>'.\n" +" 'call <name>'.\n" \ +" --pppd-accept-remote Invoke pppd with option 'ipcp-accept-remote'." \ +" It might help avoid errors with PPP 2.5.0.\n" #elif HAVE_USR_SBIN_PPP #define PPPD_USAGE \ " [--ppp-system=<system>]\n" @@ -243,6 +246,7 @@ .pppd_ipparam = NULL, .pppd_ifname = NULL, .pppd_call = NULL, + .pppd_accept_remote = 0, #endif #if HAVE_USR_SBIN_PPP .ppp_system = NULL, @@ -305,6 +309,7 @@ {"pppd-ipparam", required_argument, NULL, 0}, {"pppd-ifname", required_argument, NULL, 0}, {"pppd-call", required_argument, NULL, 0}, + {"pppd-accept-remote", no_argument, &cli_cfg.pppd_accept_remote, 1}, {"plugin", required_argument, NULL, 0}, // deprecated #endif #if HAVE_USR_SBIN_PPP @@ -338,7 +343,7 @@ "version") == 0) { printf(VERSION "\n"); if (strcmp(&REVISION[1], VERSION)) - log_debug("revision " REVISION "\n"); + log_debug("Revision " REVISION "\n"); ret = EXIT_SUCCESS; goto exit; } @@ -385,7 +390,7 @@ cli_cfg.pppd_call = strdup(optarg); break; } - // --plugin is deprecated, --pppd-plugin should be used + // --plugin is deprecated, use --pppd-plugin if (cli_cfg.pppd_plugin == NULL && strcmp(long_options[option_index].name, "plugin") == 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/ssl.h new/openfortivpn-1.20.5/src/ssl.h --- old/openfortivpn-1.20.1/src/ssl.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/ssl.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/tunnel.c new/openfortivpn-1.20.5/src/tunnel.c --- old/openfortivpn-1.20.1/src/tunnel.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/tunnel.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -232,9 +232,50 @@ } else { static const char *const v[] = { ppp_path, - "230400", // speed - ":169.254.2.1", // <local_IP_address>:<remote_IP_address> + /* + * On systems such as 4.4BSD and NetBSD, any speed can + * be specified. Other systems (e.g. Linux, SunOS) only + * support the commonly-used baud rates. + */ + "230400", + /* + * Set the local and/or remote interface IP addresses. + * Either one may be omitted. The IP addresses can be + * specified with a host name or in decimal dot notation + * (e.g. 150.234.56.78). The default local address is + * the (first) IP address of the system (unless the + * noipdefault option is given). The remote address will + * be obtained from the peer if not specified in any + * option. + * Thus, in simple cases, this option is not required. + * If a local and/or remote IP address is specified with + * this option, pppd will not accept a different value + * from the peer in the IPCP negotiation, unless the + * ipcp-accept-local and/or ipcp-accept-remote options + * are given, respectively. + */ + ":169.254.2.1", + /* + * Disables the default behaviour when no local + * IP address is specified, which is to determine + * (if possible) the local IP address from the hostname. + * With this option, the peer will have to supply the + * local IP address during IPCP negotiation (unless + * it specified explicitly on the command line or in + * an options file). + */ "noipdefault", + /* + * With this option, pppd will accept the peer's idea + * of our local IP address, even if the local IP address + * was specified in an option. + * + * This option attempts to fix this: + * Peer refused to agree to our IP address + * + * Yet, this doesn't make sense: we do not specify + * a local IP address, and we use noipdefault. + */ "ipcp-accept-local", "noaccomp", "noauth", @@ -314,6 +355,25 @@ return 1; } } + if (tunnel->config->pppd_accept_remote) + /* + * With this option, pppd will accept the peer's idea of + * its (remote) IP address, even if the remote IP address + * was specified in an option. + * + * This option attempts to fix this with PPP 2.5.0: + * Peer refused to agree to his IP address + * + * Currently (always?) breaks on macOS with: + * Could not get current default route + * (Parsing /proc/net/route failed). + * Protecting tunnel route has failed. + * But this can be working except for some cases. + */ + if (ofv_append_varr(&pppd_args, "ipcp-accept-remote")) { + free(pppd_args.data); + return 1; + } #endif #if HAVE_USR_SBIN_PPP if (tunnel->config->ppp_system) { @@ -380,11 +440,12 @@ "The PPP negotiation failed because serial loopback was detected.", "The init script failed (returned a non-zero exit status).", "We failed to authenticate ourselves to the peer." -#else // sysexits(3) - https://www.freebsd.org/cgi/man.cgi?query=sysexits +#endif +#if HAVE_USR_SBIN_PPP // sysexits(3) - https://www.freebsd.org/cgi/man.cgi?query=sysexits // EX_NORMAL = EX_OK (0) "Successful exit.", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, // 1-9 - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, // 10-19 + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, // 10-19 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, // 20-29 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, // 30-39 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, // 40-49 @@ -748,7 +809,7 @@ log_debug("server_port: %u\n", ntohs(server.sin_port)); server.sin_family = AF_INET; memset(&(server.sin_zero), '\0', 8); - log_debug("gateway_addr: %s\n", inet_ntoa(tunnel->config->gateway_ip)); + log_debug("gateway_ip: %s\n", inet_ntoa(tunnel->config->gateway_ip)); log_debug("gateway_port: %u\n", tunnel->config->gateway_port); ret = connect(handle, (struct sockaddr *) &server, sizeof(server)); @@ -1101,8 +1162,8 @@ } #endif - /* Use engine for PIV if user-cert config starts with pkcs11 URI: */ #ifndef OPENSSL_NO_ENGINE + /* Use PKCS11 engine for PIV if user-cert config starts with pkcs11 URI: */ if (tunnel->config->use_engine > 0) { ENGINE *e; @@ -1161,10 +1222,8 @@ ERR_error_string(ERR_peek_last_error(), NULL)); goto err_ssl_context; } - - } else { /* end PKCS11-engine */ + } else { /* end PKCS11 engine */ #endif - if (tunnel->config->user_cert) { if (!SSL_CTX_use_certificate_chain_file( tunnel->ssl_context, tunnel->config->user_cert)) { @@ -1333,7 +1392,7 @@ log_debug("Starting IO through the tunnel\n"); io_loop(&tunnel); - log_debug("disconnecting\n"); + log_debug("Disconnecting\n"); if (tunnel.state == STATE_UP) if (tunnel.on_ppp_if_down != NULL) tunnel.on_ppp_if_down(&tunnel); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/tunnel.h new/openfortivpn-1.20.5/src/tunnel.h --- old/openfortivpn-1.20.1/src/tunnel.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/tunnel.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Adrien Vergé + * Copyright (c) 2015 Adrien Vergé * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/userinput.c new/openfortivpn-1.20.5/src/userinput.c --- old/openfortivpn-1.20.1/src/userinput.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/userinput.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,6 +1,6 @@ /* - * Copyright (C) 2015 DavÃð Steinn Geirsson - * Copyright (C) 2019 Lubomir Rintel <lkund...@v3.sk> + * Copyright (c) 2015 DavÃð Steinn Geirsson + * Copyright (c) 2019 Lubomir Rintel <lkund...@v3.sk> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/userinput.h new/openfortivpn-1.20.5/src/userinput.h --- old/openfortivpn-1.20.1/src/userinput.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/userinput.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 DavÃð Steinn Geirsson + * Copyright (c) 2015 DavÃð Steinn Geirsson * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/xml.c new/openfortivpn-1.20.5/src/xml.c --- old/openfortivpn-1.20.1/src/xml.c 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/xml.c 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Lubomir Rintel + * Copyright (c) 2015 Lubomir Rintel * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/src/xml.h new/openfortivpn-1.20.5/src/xml.h --- old/openfortivpn-1.20.1/src/xml.h 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/src/xml.h 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015 Lubomir Rintel + * Copyright (c) 2015 Lubomir Rintel * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/tests/ci/checkpatch/checkpatch.pl new/openfortivpn-1.20.5/tests/ci/checkpatch/checkpatch.pl --- old/openfortivpn-1.20.1/tests/ci/checkpatch/checkpatch.pl 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/tests/ci/checkpatch/checkpatch.pl 2023-06-23 08:20:36.000000000 +0200 @@ -620,6 +620,22 @@ Cc: )}; +our @link_tags = qw(Link Closes); + +#Create a search and print patterns for all these strings to be used directly below +our $link_tags_search = ""; +our $link_tags_print = ""; +foreach my $entry (@link_tags) { + if ($link_tags_search ne "") { + $link_tags_search .= '|'; + $link_tags_print .= ' or '; + } + $entry .= ':'; + $link_tags_search .= $entry; + $link_tags_print .= "'$entry'"; +} +$link_tags_search = "(?:${link_tags_search})"; + our $tracing_logging_tags = qr{(?xi: [=-]*> | <[=-]* | @@ -823,7 +839,9 @@ "get_state_synchronize_sched" => "get_state_synchronize_rcu", "cond_synchronize_sched" => "cond_synchronize_rcu", "kmap" => "kmap_local_page", + "kunmap" => "kunmap_local", "kmap_atomic" => "kmap_local_page", + "kunmap_atomic" => "kunmap_local", ); #Create a search pattern for all these strings to speed up a loop below @@ -3142,21 +3160,33 @@ if ($sign_off =~ /^co-developed-by:$/i) { if ($email eq $author) { WARN("BAD_SIGN_OFF", - "Co-developed-by: should not be used to attribute nominal patch author '$author'\n" . "$here\n" . $rawline); + "Co-developed-by: should not be used to attribute nominal patch author '$author'\n" . $herecurr); } if (!defined $lines[$linenr]) { WARN("BAD_SIGN_OFF", - "Co-developed-by: must be immediately followed by Signed-off-by:\n" . "$here\n" . $rawline); - } elsif ($rawlines[$linenr] !~ /^\s*signed-off-by:\s*(.*)/i) { + "Co-developed-by: must be immediately followed by Signed-off-by:\n" . $herecurr); + } elsif ($rawlines[$linenr] !~ /^signed-off-by:\s*(.*)/i) { WARN("BAD_SIGN_OFF", - "Co-developed-by: must be immediately followed by Signed-off-by:\n" . "$here\n" . $rawline . "\n" .$rawlines[$linenr]); + "Co-developed-by: must be immediately followed by Signed-off-by:\n" . $herecurr . $rawlines[$linenr] . "\n"); } elsif ($1 ne $email) { WARN("BAD_SIGN_OFF", - "Co-developed-by and Signed-off-by: name/email do not match \n" . "$here\n" . $rawline . "\n" .$rawlines[$linenr]); + "Co-developed-by and Signed-off-by: name/email do not match\n" . $herecurr . $rawlines[$linenr] . "\n"); + } + } + +# check if Reported-by: is followed by a Closes: tag + if ($sign_off =~ /^reported(?:|-and-tested)-by:$/i) { + if (!defined $lines[$linenr]) { + WARN("BAD_REPORTED_BY_LINK", + "Reported-by: should be immediately followed by Closes: with a URL to the report\n" . $herecurr . "\n"); + } elsif ($rawlines[$linenr] !~ /^closes:\s*/i) { + WARN("BAD_REPORTED_BY_LINK", + "Reported-by: should be immediately followed by Closes: with a URL to the report\n" . $herecurr . $rawlines[$linenr] . "\n"); } } } + # Check Fixes: styles is correct if (!$in_header_lines && $line =~ /^\s*fixes:?\s*(?:commit\s*)?[0-9a-f]{5,}\b/i) { @@ -3236,8 +3266,8 @@ # file delta changes $line =~ /^\s*(?:[\w\.\-\+]*\/)++[\w\.\-\+]+:/ || # filename then : - $line =~ /^\s*(?:Fixes:|Link:|$signature_tags)/i || - # A Fixes: or Link: line or signature tag line + $line =~ /^\s*(?:Fixes:|$link_tags_search|$signature_tags)/i || + # A Fixes:, link or signature tag line $commit_log_possible_stack_dump)) { WARN("COMMIT_LOG_LONG_LINE", "Possible unwrapped commit description (prefer a maximum 75 chars per line)\n" . $herecurr); @@ -3250,6 +3280,29 @@ $commit_log_possible_stack_dump = 0; } +# Check for odd tags before a URI/URL + if ($in_commit_log && + $line =~ /^\s*(\w+:)\s*http/ && $1 !~ /^$link_tags_search$/) { + if ($1 =~ /^v(?:ersion)?\d+/i) { + WARN("COMMIT_LOG_VERSIONING", + "Patch version information should be after the --- line\n" . $herecurr); + } else { + WARN("COMMIT_LOG_USE_LINK", + "Unknown link reference '$1', use $link_tags_print instead\n" . $herecurr); + } + } + +# Check for misuse of the link tags + if ($in_commit_log && + $line =~ /^\s*(\w+:)\s*(\S+)/) { + my $tag = $1; + my $value = $2; + if ($tag =~ /^$link_tags_search$/ && $value !~ m{^https?://}) { + WARN("COMMIT_LOG_WRONG_LINK", + "'$tag' should be followed by a public http(s) link\n" . $herecurr); + } + } + # Check for lines starting with a # if ($in_commit_log && $line =~ /^#/) { if (WARN("COMMIT_COMMENT_SYMBOL", @@ -3710,7 +3763,7 @@ "'$spdx_license' is not supported in LICENSES/...\n" . $herecurr); } if ($realfile =~ m@^Documentation/devicetree/bindings/@ && - not $spdx_license =~ /GPL-2\.0.*BSD-2-Clause/) { + $spdx_license !~ /GPL-2\.0(?:-only)? OR BSD-2-Clause/) { my $msg_level = \&WARN; $msg_level = \&CHK if ($file); if (&{$msg_level}("SPDX_LICENSE_TAG", @@ -3720,12 +3773,17 @@ $fixed[$fixlinenr] =~ s/SPDX-License-Identifier: .*/SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)/; } } + if ($realfile =~ m@^include/dt-bindings/@ && + $spdx_license !~ /GPL-2\.0(?:-only)? OR \S+/) { + WARN("SPDX_LICENSE_TAG", + "DT binding headers should be licensed (GPL-2.0-only OR .*)\n" . $herecurr); + } } } } # check for embedded filenames - if ($rawline =~ /^\+.*\Q$realfile\E/) { + if ($rawline =~ /^\+.*\b\Q$realfile\E\b/) { WARN("EMBEDDED_FILENAME", "It's generally not useful to have the filename in the file\n" . $herecurr); } @@ -5783,6 +5841,8 @@ $var !~ /^(?:[A-Z]+_){1,5}[A-Z]{1,3}[a-z]/ && #Ignore Page<foo> variants $var !~ /^(?:Clear|Set|TestClear|TestSet|)Page[A-Z]/ && +#Ignore ETHTOOL_LINK_MODE_<foo> variants + $var !~ /^ETHTOOL_LINK_MODE_/ && #Ignore SI style variants like nS, mV and dB #(ie: max_uV, regulator_min_uA_show, RANGE_mA_VALUE) $var !~ /^(?:[a-z0-9_]*|[A-Z0-9_]*)?_?[a-z][A-Z](?:_[a-z0-9_]+|_[A-Z0-9_]+)?$/ && @@ -6362,6 +6422,15 @@ } } +# check for soon-to-be-deprecated single-argument k[v]free_rcu() API + if ($line =~ /\bk[v]?free_rcu\s*\([^(]+\)/) { + if ($line =~ /\bk[v]?free_rcu\s*\([^,]+\)/) { + ERROR("DEPRECATED_API", + "Single-argument k[v]free_rcu() API is deprecated, please pass rcu_head object or call k[v]free_rcu_mightsleep()." . $herecurr); + } + } + + # check for unnecessary "Out of Memory" messages if ($line =~ /^\+.*\b$logFunctions\s*\(/ && $prevline =~ /^[ \+]\s*if\s*\(\s*(\!\s*|NULL\s*==\s*)?($Lval)(\s*==\s*NULL\s*)?\s*\)/ && diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/tests/lint/astyle.sh new/openfortivpn-1.20.5/tests/lint/astyle.sh --- old/openfortivpn-1.20.1/tests/lint/astyle.sh 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/tests/lint/astyle.sh 2023-06-23 08:20:36.000000000 +0200 @@ -1,10 +1,10 @@ #!/bin/bash -# Copyright (C) 2015 Adrien Vergé +# Copyright (c) 2015 Adrien Vergé # Check that astyle is installed if ! command -v astyle &>/dev/null; then echo "error: astyle is not installed" >&2 - exit -1 + exit 255 fi rc=0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/tests/lint/checkpatch.sh new/openfortivpn-1.20.5/tests/lint/checkpatch.sh --- old/openfortivpn-1.20.1/tests/lint/checkpatch.sh 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/tests/lint/checkpatch.sh 2023-06-23 08:20:36.000000000 +0200 @@ -1,9 +1,9 @@ #!/bin/bash -# Copyright (C) 2020 Dimitri Papadopoulos +# Copyright (c) 2020 Dimitri Papadopoulos # Path to checkpatch.pl -script_dir=`dirname "${BASH_SOURCE[0]}"` -checkpatch_path=`realpath "${script_dir}/../ci/checkpatch/checkpatch.pl"` +script_dir=$(dirname "${BASH_SOURCE[0]}") +checkpatch_path=$(realpath "${script_dir}/../ci/checkpatch/checkpatch.pl") rc=0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/tests/lint/eol-at-eof.sh new/openfortivpn-1.20.5/tests/lint/eol-at-eof.sh --- old/openfortivpn-1.20.1/tests/lint/eol-at-eof.sh 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/tests/lint/eol-at-eof.sh 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (C) 2015 Adrien Vergé +# Copyright (c) 2015 Adrien Vergé rc=0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/tests/lint/line_length.py new/openfortivpn-1.20.5/tests/lint/line_length.py --- old/openfortivpn-1.20.1/tests/lint/line_length.py 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/tests/lint/line_length.py 2023-06-23 08:20:36.000000000 +0200 @@ -1,6 +1,5 @@ #!/usr/bin/python3 -# -*- coding: utf-8 -*- -# Copyright (C) 2015 Adrien Vergé +# Copyright (c) 2015 Adrien Vergé """Enforce maximum line length in openfortivpn C source code. @@ -39,10 +38,8 @@ True if line ends with string, False otherwise. """ - for end in ('"', '",', '");', '";', '" \\', '];'): - if line.endswith(end): - return True - return False + return any(line.endswith(end) + for end in ('"', '",', '");', '";', '" \\', '];')) def main(): @@ -67,8 +64,7 @@ line = line.replace("\t", " ") # Lines longer than MAX are reported as an error if len(line) > MAX: - print("{}: {}: line too long ({} characters)" - .format(arg, i, len(line))) + print(f"{arg}: {i}: line too long ({len(line)} characters)") exit_status = 1 sys.exit(exit_status) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openfortivpn-1.20.1/tests/lint/run.sh new/openfortivpn-1.20.5/tests/lint/run.sh --- old/openfortivpn-1.20.1/tests/lint/run.sh 2023-02-25 15:38:02.000000000 +0100 +++ new/openfortivpn-1.20.5/tests/lint/run.sh 2023-06-23 08:20:36.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (C) 2015 Adrien Vergé +# Copyright (c) 2015 Adrien Vergé rc=0
