Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openfortivpn for openSUSE:Factory
checked in at 2023-03-08 14:53:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openfortivpn (Old)
and /work/SRC/openSUSE:Factory/.openfortivpn.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openfortivpn"
Wed Mar 8 14:53:10 2023 rev:23 rq:1070024 version:1.20.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openfortivpn/openfortivpn.changes
2022-10-15 16:41:04.606675269 +0200
+++ /work/SRC/openSUSE:Factory/.openfortivpn.new.31432/openfortivpn.changes
2023-03-08 14:53:14.174892877 +0100
@@ -1,0 +2,9 @@
+Mon Feb 27 13:39:27 UTC 2023 - Martin Hauke <mar...@gmx.de>
+
+- Update to versoin 1.20.1
+ * Bugfix release.
+- Update to versoin 1.20.0
+ * Discard invalid empty HDLC frame at end of buffer.
+ * Prepend "SVPNCOOKIE=" to the given cookie if missing.
+
+-------------------------------------------------------------------
Old:
----
openfortivpn-1.19.0.tar.gz
New:
----
openfortivpn-1.20.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openfortivpn.spec ++++++
--- /var/tmp/diff_new_pack.2IokPq/_old 2023-03-08 14:53:14.646895447 +0100
+++ /var/tmp/diff_new_pack.2IokPq/_new 2023-03-08 14:53:14.650895469 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openfortivpn
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: openfortivpn
-Version: 1.19.0
+Version: 1.20.1
Release: 0
Summary: Client for PPP+SSL VPN tunnel services
License: GPL-3.0-or-later
++++++ openfortivpn-1.19.0.tar.gz -> openfortivpn-1.20.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openfortivpn-1.19.0/.github/workflows/codeql-analysis.yml
new/openfortivpn-1.20.1/.github/workflows/codeql-analysis.yml
--- old/openfortivpn-1.19.0/.github/workflows/codeql-analysis.yml
2022-10-10 17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/.github/workflows/codeql-analysis.yml
2023-02-25 15:38:02.000000000 +0100
@@ -1,68 +1,65 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
+name: "Code Scanning - Action"
on:
push:
- branches: [ master ]
+ branches: [master]
pull_request:
# The branches below must be a subset of the branches above
- branches: [ master ]
+ branches: [master]
schedule:
+ # ââââââââââââââ minute (0 - 59)
+ # â ââââââââââââââ hour (0 - 23)
+ # â â ââââââââââââââ day of the
month (1 - 31)
+ # â â â ââââââââââââââ month (1
- 12 or JAN-DEC)
+ # â â â â ââââââââââââââ day
of the week (0 - 6 or SUN-SAT)
+ # â â â â â
+ # â â â â â
+ # â â â â â
+ # * * * * *
- cron: '26 6 * * 5'
jobs:
- analyze:
- name: Analyze
+ CodeQL-Build:
+ # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- language: [ 'cpp' ]
- # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript',
'python' ]
- # Learn more:
- #
https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+ permissions:
+ # required for all workflows
+ security-events: write
+
+ # only required for workflows in private repositories
+ actions: read
+ contents: read
steps:
- - name: Checkout repository
- uses: actions/checkout@v3
+ - name: Checkout repository
+ uses: actions/checkout@v3
- # Initializes the CodeQL tools for scanning.
- - name: Initialize CodeQL
- uses: github/codeql-action/init@v2
- with:
- queries: +security-extended
- languages: ${{ matrix.language }}
- # If you wish to specify custom queries, you can do so here or in a
config file.
- # By default, queries listed here will override any specified in a
config file.
- # Prefix the list here with "+" to use these queries and those in the
config file.
- # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
- # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
- # If this step fails, then you should remove it and run the build manually
(see below)
- - name: Autobuild
- uses: github/codeql-action/autobuild@v2
-
- # â¹ï¸ Command-line programs to run using the OS shell.
- # ð https://git.io/JvXDl
-
- # âï¸ If the Autobuild fails above, remove it and uncomment the
following three lines
- # and modify them (or add more) to build your code if your project
- # uses a compiled language
-
- #- run: |
- # make bootstrap
- # make release
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ # Override language selection by uncommenting this and choosing your
languages
+ # with:
+ # languages: go, javascript, csharp, python, cpp, java
+ with:
+ languages: cpp
+ queries: +security-extended
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or
Java).
+ # If this step fails, then you should remove it and run the build
manually (see below).
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v2
+
+ # â¹ï¸ Command-line programs to run using the OS shell.
+ # ð See
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+ # âï¸ If the Autobuild fails above, remove it and uncomment the
following
+ # three lines and modify them (or add more) to build your code if your
+ # project uses a compiled language
+
+ #- run: |
+ # make bootstrap
+ # make release
- - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/.github/workflows/codespell.yml
new/openfortivpn-1.20.1/.github/workflows/codespell.yml
--- old/openfortivpn-1.19.0/.github/workflows/codespell.yml 2022-10-10
17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/.github/workflows/codespell.yml 2023-02-25
15:38:02.000000000 +0100
@@ -17,5 +17,5 @@
- uses: actions/checkout@v3
- uses: codespell-project/actions-codespell@master
with:
- skip: checkpatch.pl,spelling.txt,LICENSE.OpenSSL
+ skip: .git,checkpatch.pl,spelling.txt,LICENSE.OpenSSL
ignore_words_list: synopsys,parms
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openfortivpn-1.19.0/.github/workflows/openfortivpn.yml
new/openfortivpn-1.20.1/.github/workflows/openfortivpn.yml
--- old/openfortivpn-1.19.0/.github/workflows/openfortivpn.yml 2022-10-10
17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/.github/workflows/openfortivpn.yml 2023-02-25
15:38:02.000000000 +0100
@@ -8,6 +8,9 @@
branches:
- master
+permissions:
+ contents: read
+
jobs:
astyle:
name: Style
@@ -21,16 +24,16 @@
run: sudo apt-get install -y astyle
- name: Artistic Style
- run: ./tests/lint/astyle.sh $(git ls-files '*.[ch]' | grep -v
openssl_hostname_validation)
+ run: ./tests/lint/astyle.sh $(git ls-files '*.[ch]')
- name: Linux Kernel Coding Style
- run: ./tests/lint/checkpatch.sh $(git ls-files '*.[ch]' | grep -v
openssl_hostname_validation)
+ run: ./tests/lint/checkpatch.sh $(git ls-files '*.[ch]')
- name: EOL at EOF
- run: ./tests/lint/eol-at-eof.sh $(git ls-files | grep -v
openssl_hostname_validation)
+ run: ./tests/lint/eol-at-eof.sh $(git ls-files)
- name: Line Length
- run: ./tests/lint/line_length.py $(git ls-files '*.[ch]' | grep -v
openssl_hostname_validation)
+ run: ./tests/lint/line_length.py $(git ls-files '*.[ch]')
build:
name: Build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/CHANGELOG.md
new/openfortivpn-1.20.1/CHANGELOG.md
--- old/openfortivpn-1.19.0/CHANGELOG.md 2022-10-10 17:44:34.000000000
+0200
+++ new/openfortivpn-1.20.1/CHANGELOG.md 2023-02-25 15:38:02.000000000
+0100
@@ -14,6 +14,19 @@
This high level changelog is usually updated when a release is tagged.
On the master branch there may be changes that are not (yet) described here.
+### 1.20.1
+
+* [-] fix version string in configure.ac
+
+### 1.20.0
+
+* [-] fix incorrect empty HDLC frame detection causing connection drops
+* [+] increase the inbound HTTP buffer capacity
+* [-] fix a few log messages
+* [-] fix innocuous memory leaks when parsing options
+* [+] prepend "SVPNCOOKIE=" to the cookie if missing
+* [~] drop support for openssl < 1.0.2
+
### 1.19.0
* [-] fix "Peer refused to agree to our IP address" message
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/Makefile.am
new/openfortivpn-1.20.1/Makefile.am
--- old/openfortivpn-1.19.0/Makefile.am 2022-10-10 17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/Makefile.am 2023-02-25 15:38:02.000000000 +0100
@@ -5,9 +5,7 @@
src/http.c src/http.h src/io.c src/io.h src/ipv4.c \
src/ipv4.h src/log.c src/log.h src/tunnel.c \
src/tunnel.h src/main.c src/ssl.h src/xml.c \
- src/xml.h src/userinput.c src/userinput.h \
- src/openssl_hostname_validation.c \
- src/openssl_hostname_validation.h
+ src/xml.h src/userinput.c src/userinput.h
openfortivpn_CPPFLAGS = -DSYSCONFDIR=\"$(sysconfdir)\" \
-DPPP_PATH=\"@PPP_PATH@\" \
-DNETSTAT_PATH=\"@NETSTAT_PATH@\" \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/configure.ac
new/openfortivpn-1.20.1/configure.ac
--- old/openfortivpn-1.19.0/configure.ac 2022-10-10 17:44:34.000000000
+0200
+++ new/openfortivpn-1.20.1/configure.ac 2023-02-25 15:38:02.000000000
+0100
@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ([2.63])
-AC_INIT([openfortivpn], [1.19.0])
+AC_INIT([openfortivpn], [1.20.1])
AC_CONFIG_SRCDIR([src/main.c])
AM_INIT_AUTOMAKE([foreign subdir-objects])
@@ -31,7 +31,7 @@
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
# Checks for libraries.
-PKG_CHECK_MODULES(OPENSSL, [libssl >= 0.9.8 libcrypto >= 0.9.8], [],
[AC_MSG_ERROR([Cannot find OpenSSL 0.9.8 or higher.])])
+PKG_CHECK_MODULES(OPENSSL, [libssl >= 1.0.2 libcrypto >= 1.0.2], [],
[AC_MSG_ERROR([Cannot find OpenSSL 1.0.2 or higher.])])
AC_CHECK_LIB([pthread], [pthread_create], [], [AC_MSG_ERROR([Cannot find
libpthread.])])
AC_CHECK_LIB([util], [forkpty], [], [AC_MSG_ERROR([Cannot find libutil.])])
PKG_CHECK_MODULES(LIBSYSTEMD, [libsystemd], [AC_DEFINE(HAVE_SYSTEMD)],
[AC_MSG_RESULT([libsystemd not present])])
@@ -175,7 +175,6 @@
save_openssl_LIBS="${LIBS}"
CPPFLAGS="${OPENSSL_CFLAGS} ${CPPFLAGS}"
LIBS="${OPENSSL_LIBS} ${LIBS}"
-AC_CHECK_FUNCS([X509_check_host])
CPPFLAGS="${save_openssl_CPPFLAGS}"
LIBS="${save_openssl_LIBS}"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/src/hdlc.c
new/openfortivpn-1.20.1/src/hdlc.c
--- old/openfortivpn-1.19.0/src/hdlc.c 2022-10-10 17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/src/hdlc.c 2023-02-25 15:38:02.000000000 +0100
@@ -200,7 +200,7 @@
int i, s = -1, e = -1;
// Look for frame start
- for (i = *start; i < bufsize - 2; i++) {
+ for (i = *start; i < bufsize; i++) {
if (buffer[i] == 0x7e) { // Flag Sequence
s = i + 1;
break;
@@ -210,7 +210,7 @@
return ERR_HDLC_NO_FRAME_FOUND;
// Discard empty frames
- while (s < bufsize - 2 && buffer[s] == 0x7e) // consecutive Flag
Sequences
+ while (s < bufsize && buffer[s] == 0x7e) // consecutive Flag Sequences
s++;
// Look for frame end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/src/http.c
new/openfortivpn-1.20.1/src/http.c
--- old/openfortivpn-1.19.0/src/http.c 2022-10-10 17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/src/http.c 2023-02-25 15:38:02.000000000 +0100
@@ -36,7 +36,7 @@
* Fixed size of the buffer for outgoing HTTP requests.
* Initial size of the buffer for incoming HTTP responses.
*/
-#define HTTP_BUFFER_SIZE 0x8000
+#define HTTP_BUFFER_SIZE 0x10000
/*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/src/ipv4.c
new/openfortivpn-1.20.1/src/ipv4.c
--- old/openfortivpn-1.19.0/src/ipv4.c 2022-10-10 17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/src/ipv4.c 2023-02-25 15:38:02.000000000 +0100
@@ -205,7 +205,7 @@
}
#else
- FILE * fp;
+ FILE *fp;
uint32_t total_bytes_read = 0;
char *saveptr3 = NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/src/main.c
new/openfortivpn-1.20.1/src/main.c
--- old/openfortivpn-1.19.0/src/main.c 2022-10-10 17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/src/main.c 2023-02-25 15:38:02.000000000 +0100
@@ -186,6 +186,27 @@
" trusted-cert = othercertificatedigest6631bf...\n" \
" For a full-featured configuration see man openfortivpn(1).\n"
+/**
+ * Returns the given "input" prefixed with "prefix" in a dynamically
+ * allocated string. This behaves exactly like "strdup" if "input" already
+ * starts with "prefix".
+ */
+static char *strdup_with_prefix(const char *input, const char *prefix)
+{
+ size_t prefix_len = strlen(prefix);
+ char *output;
+
+ if (strncmp(prefix, input, prefix_len) == 0)
+ return strdup(input);
+
+ output = malloc(prefix_len + strlen(input) + 1);
+ if (output) {
+ strcpy(output, prefix);
+ strcpy(output + prefix_len, input);
+ }
+ return output;
+}
+
int main(int argc, char **argv)
{
int ret = EXIT_FAILURE;
@@ -336,26 +357,31 @@
}
if (strcmp(long_options[option_index].name,
"pppd-log") == 0) {
+ free(cli_cfg.pppd_log);
cli_cfg.pppd_log = strdup(optarg);
break;
}
if (strcmp(long_options[option_index].name,
"pppd-plugin") == 0) {
+ free(cli_cfg.pppd_plugin);
cli_cfg.pppd_plugin = strdup(optarg);
break;
}
if (strcmp(long_options[option_index].name,
"pppd-ifname") == 0) {
+ free(cli_cfg.pppd_ifname);
cli_cfg.pppd_ifname = strdup(optarg);
break;
}
if (strcmp(long_options[option_index].name,
"pppd-ipparam") == 0) {
+ free(cli_cfg.pppd_ipparam);
cli_cfg.pppd_ipparam = strdup(optarg);
break;
}
if (strcmp(long_options[option_index].name,
"pppd-call") == 0) {
+ free(cli_cfg.pppd_call);
cli_cfg.pppd_call = strdup(optarg);
break;
}
@@ -363,6 +389,7 @@
if (cli_cfg.pppd_plugin == NULL &&
strcmp(long_options[option_index].name,
"plugin") == 0) {
+ free(cli_cfg.pppd_plugin);
cli_cfg.pppd_plugin = strdup(optarg);
break;
}
@@ -370,6 +397,7 @@
#if HAVE_USR_SBIN_PPP
if (strcmp(long_options[option_index].name,
"ppp-system") == 0) {
+ free(cli_cfg.ppp_system);
cfg.ppp_system = strdup(optarg);
break;
}
@@ -390,16 +418,19 @@
#endif
if (strcmp(long_options[option_index].name,
"ca-file") == 0) {
+ free(cli_cfg.ca_file);
cli_cfg.ca_file = strdup(optarg);
break;
}
if (strcmp(long_options[option_index].name,
"user-cert") == 0) {
+ free(cli_cfg.user_cert);
cli_cfg.user_cert = strdup(optarg);
break;
}
if (strcmp(long_options[option_index].name,
"user-key") == 0) {
+ free(cli_cfg.user_key);
cli_cfg.user_key = strdup(optarg);
break;
}
@@ -413,6 +444,7 @@
}
if (strcmp(long_options[option_index].name,
"pinentry") == 0) {
+ free(cli_cfg.pinentry);
cli_cfg.pinentry = strdup(optarg);
break;
}
@@ -430,6 +462,7 @@
}
if (strcmp(long_options[option_index].name,
"cipher-list") == 0) {
+ free(cli_cfg.cipher_list);
cli_cfg.cipher_list = strdup(optarg);
break;
}
@@ -447,6 +480,7 @@
}
if (strcmp(long_options[option_index].name,
"otp-prompt") == 0) {
+ free(cli_cfg.otp_prompt);
cli_cfg.otp_prompt = strdup(optarg);
break;
}
@@ -517,7 +551,8 @@
}
if (strcmp(long_options[option_index].name,
"cookie") == 0) {
- cli_cfg.cookie = strdup(optarg);
+ free(cli_cfg.cookie);
+ cli_cfg.cookie = strdup_with_prefix(optarg,
"SVPNCOOKIE=");
break;
}
if (strcmp(long_options[option_index].name,
@@ -525,11 +560,12 @@
char *cookie = read_from_stdin(COOKIE_SIZE);
if (cookie == NULL) {
- log_warn("Could not read the cookie
from stdin");
+ log_error("Could not read the cookie
from stdin\n");
break;
}
free(cli_cfg.cookie);
- cli_cfg.cookie = cookie;
+ cli_cfg.cookie = strdup_with_prefix(cookie,
"SVPNCOOKIE=");
+ free(cookie);
break;
}
goto user_error;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openfortivpn-1.19.0/src/openssl_hostname_validation.c
new/openfortivpn-1.20.1/src/openssl_hostname_validation.c
--- old/openfortivpn-1.19.0/src/openssl_hostname_validation.c 2022-10-10
17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/src/openssl_hostname_validation.c 1970-01-01
01:00:00.000000000 +0100
@@ -1,165 +0,0 @@
-/* Obtained from: https://github.com/iSECPartners/ssl-conservatory */
-
-/*
- * Helper functions to perform basic hostname validation using OpenSSL.
- *
- * Author: Alban Diquet
- *
- * Copyright (C) 2012, iSEC Partners.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
copy of
- * this software and associated documentation files (the "Software"), to deal
in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies
- * of the Software, and to permit persons to whom the Software is furnished to
do
- * so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE
- * SOFTWARE.
- *
- */
-
-
-#include <strings.h>
-#include <openssl/x509v3.h>
-#include <openssl/ssl.h>
-
-#define HOSTNAME_MAX_SIZE 255
-
-#ifndef HAVE_X509_CHECK_HOST
-
-#include "openssl_hostname_validation.h"
-
-
-/**
-* Tries to find a match for hostname in the certificate's Common Name field.
-*
-* Returns MatchFound if a match was found.
-* Returns MatchNotFound if no matches were found.
-* Returns MalformedCertificate if the Common Name had a NUL character embedded
in it.
-* Returns Error if the Common Name could not be extracted.
-*/
-static HostnameValidationResult matches_common_name(const char *hostname,
const X509 *server_cert) {
- int common_name_loc = -1;
- X509_NAME_ENTRY *common_name_entry = NULL;
- ASN1_STRING *common_name_asn1 = NULL;
- char *common_name_str = NULL;
-
- // Find the position of the CN field in the Subject field of the
certificate
- common_name_loc =
X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) server_cert),
NID_commonName, -1);
- if (common_name_loc < 0) {
- return Error;
- }
-
- // Extract the CN field
- common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *)
server_cert), common_name_loc);
- if (common_name_entry == NULL) {
- return Error;
- }
-
- // Convert the CN field to a C string
- common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
- if (common_name_asn1 == NULL) {
- return Error;
- }
- common_name_str = (char *) ASN1_STRING_data(common_name_asn1);
-
- // Make sure there isn't an embedded NUL character in the CN
- if (ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) {
- return MalformedCertificate;
- }
-
- // Compare expected hostname with the CN
- if (strcasecmp(hostname, common_name_str) == 0) {
- return MatchFound;
- }
- else {
- return MatchNotFound;
- }
-}
-
-
-/**
-* Tries to find a match for hostname in the certificate's Subject Alternative
Name extension.
-*
-* Returns MatchFound if a match was found.
-* Returns MatchNotFound if no matches were found.
-* Returns MalformedCertificate if any of the hostnames had a NUL character
embedded in it.
-* Returns NoSANPresent if the SAN extension was not present in the certificate.
-*/
-static HostnameValidationResult matches_subject_alternative_name(const char
*hostname, const X509 *server_cert) {
- HostnameValidationResult result = MatchNotFound;
- int i;
- int san_names_nb = -1;
- STACK_OF(GENERAL_NAME) *san_names = NULL;
-
- // Try to extract the names within the SAN extension from the
certificate
- san_names = X509_get_ext_d2i((X509 *) server_cert,
NID_subject_alt_name, NULL, NULL);
- if (san_names == NULL) {
- return NoSANPresent;
- }
- san_names_nb = sk_GENERAL_NAME_num(san_names);
-
- // Check each name within the extension
- for (i=0; i<san_names_nb; i++) {
- const GENERAL_NAME *current_name =
sk_GENERAL_NAME_value(san_names, i);
-
- if (current_name->type == GEN_DNS) {
- // Current name is a DNS name, let's check it
- char *dns_name = (char *)
ASN1_STRING_data(current_name->d.dNSName);
-
- // Make sure there isn't an embedded NUL character in
the DNS name
- if (ASN1_STRING_length(current_name->d.dNSName) !=
strlen(dns_name)) {
- result = MalformedCertificate;
- break;
- }
- else { // Compare expected hostname with the DNS name
- if (strcasecmp(hostname, dns_name) == 0) {
- result = MatchFound;
- break;
- }
- }
- }
- }
- sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
-
- return result;
-}
-
-
-/**
-* Validates the server's identity by looking for the expected hostname in the
-* server's certificate. As described in RFC 6125, it first tries to find a
match
-* in the Subject Alternative Name extension. If the extension is not present in
-* the certificate, it checks the Common Name instead.
-*
-* Returns MatchFound if a match was found.
-* Returns MatchNotFound if no matches were found.
-* Returns MalformedCertificate if any of the hostnames had a NUL character
embedded in it.
-* Returns Error if there was an error.
-*/
-HostnameValidationResult validate_hostname(const char *hostname, const X509
*server_cert) {
- HostnameValidationResult result;
-
- if((hostname == NULL) || (server_cert == NULL))
- return Error;
-
- // First try the Subject Alternative Names extension
- result = matches_subject_alternative_name(hostname, server_cert);
- if (result == NoSANPresent) {
- // Extension was not found: try the Common Name
- result = matches_common_name(hostname, server_cert);
- }
-
- return result;
-}
-
-#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openfortivpn-1.19.0/src/openssl_hostname_validation.h
new/openfortivpn-1.20.1/src/openssl_hostname_validation.h
--- old/openfortivpn-1.19.0/src/openssl_hostname_validation.h 2022-10-10
17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/src/openssl_hostname_validation.h 1970-01-01
01:00:00.000000000 +0100
@@ -1,53 +0,0 @@
-/* Obtained from: https://github.com/iSECPartners/ssl-conservatory */
-
-/*
- * Helper functions to perform basic hostname validation using OpenSSL.
- *
- * Author: Alban Diquet
- *
- * Copyright (C) 2012, iSEC Partners.
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
copy of
- * this software and associated documentation files (the "Software"), to deal
in
- * the Software without restriction, including without limitation the rights to
- * use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies
- * of the Software, and to permit persons to whom the Software is furnished to
do
- * so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE
- * SOFTWARE.
- *
- */
-
-#ifndef HAVE_X509_CHECK_HOST
-
-typedef enum {
- MatchFound,
- MatchNotFound,
- NoSANPresent,
- MalformedCertificate,
- Error
-} HostnameValidationResult;
-
-/**
-* Validates the server's identity by looking for the expected hostname in the
-* server's certificate. As described in RFC 6125, it first tries to find a
match
-* in the Subject Alternative Name extension. If the extension is not present in
-* the certificate, it checks the Common Name instead.
-*
-* Returns MatchFound if a match was found.
-* Returns MatchNotFound if no matches were found.
-* Returns MalformedCertificate if any of the hostnames had a NUL character
embedded in it.
-* Returns Error if there was an error.
-*/
-HostnameValidationResult validate_hostname(const char *hostname, const X509
*server_cert);
-
-#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/src/tunnel.c
new/openfortivpn-1.20.1/src/tunnel.c
--- old/openfortivpn-1.19.0/src/tunnel.c 2022-10-10 17:44:34.000000000
+0200
+++ new/openfortivpn-1.20.1/src/tunnel.c 2023-02-25 15:38:02.000000000
+0100
@@ -30,9 +30,6 @@
#include "http.h"
#include "log.h"
#include "userinput.h"
-#ifndef HAVE_X509_CHECK_HOST
-#include "openssl_hostname_validation.h"
-#endif
#include <openssl/err.h>
#ifndef OPENSSL_NO_ENGINE
@@ -855,7 +852,6 @@
static int ssl_verify_cert(struct tunnel *tunnel)
{
int ret = -1;
- int cert_valid = 0;
unsigned char digest[SHA256LEN];
unsigned int len;
struct x509_digest *elem;
@@ -874,25 +870,13 @@
return 1;
}
- subj = X509_get_subject_name(cert);
-
-#ifdef HAVE_X509_CHECK_HOST
- // Use OpenSSL native host validation if v >= 1.0.2.
- // compare against gateway_host and correctly check return value
- // to fix prior incorrect use of X509_check_host
- if (X509_check_host(cert, tunnel->config->gateway_host,
- 0, 0, NULL) == 1)
- cert_valid = 1;
-#else
- // Use validate_hostname form iSECPartners if native validation not
available
- // in order to avoid TLS Certificate CommonName NULL Byte Vulnerability
- if (validate_hostname(tunnel->config->gateway_host, cert) == MatchFound)
- cert_valid = 1;
-#endif
-
- // Try to validate certificate using local PKI
- if (cert_valid
- && SSL_get_verify_result(tunnel->ssl_handle) == X509_V_OK) {
+ // Validate certificate:
+ // 1. Validate using local PKI
+ // 2. Compare against gateway_host and correctly check return value
+ // to fix prior incorrect use of X509_check_host
+ if (SSL_get_verify_result(tunnel->ssl_handle) == X509_V_OK
+ && X509_check_host(cert, tunnel->config->gateway_host,
+ 0, 0, NULL) == 1) {
log_debug("Gateway certificate validation succeeded.\n");
ret = 0;
goto free_cert;
@@ -920,6 +904,8 @@
goto free_cert;
}
+ subj = X509_get_subject_name(cert);
+
log_error("Gateway certificate validation failed, and the certificate
digest is not in the local whitelist. If you trust it, rerun with:\n");
log_error(" --trusted-cert %s\n", digest_str);
log_error("or add this line to your configuration file:\n");
@@ -987,7 +973,7 @@
PEM_PASSPHRASE_SIZE + 1);
cfg->pem_passphrase_set = 1;
} else {
- log_error("Buffer too small for PEM pass
phrase: %d.",
+ log_error("Buffer too small for PEM pass
phrase: %d.\n",
size);
}
}
@@ -998,7 +984,7 @@
return strlen(buf);
}
} else {
- log_error("We refuse to write PEM pass phrases!");
+ log_error("We refuse to write PEM pass phrases!\n");
}
return -1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openfortivpn-1.19.0/tests/ci/checkpatch/checkpatch.pl
new/openfortivpn-1.20.1/tests/ci/checkpatch/checkpatch.pl
--- old/openfortivpn-1.19.0/tests/ci/checkpatch/checkpatch.pl 2022-10-10
17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/tests/ci/checkpatch/checkpatch.pl 2023-02-25
15:38:02.000000000 +0100
@@ -576,10 +576,14 @@
(?:__)?(?:u|s|be|le)(?:8|16|32|64)|
atomic_t
)};
+our $typeStdioTypedefs = qr{(?x:
+ FILE
+)};
our $typeTypedefs = qr{(?x:
$typeC99Typedefs\b|
$typeOtherOSTypedefs\b|
- $typeKernelTypedefs\b
+ $typeKernelTypedefs\b|
+ $typeStdioTypedefs\b
)};
our $zero_initializer = qr{(?:(?:0[xX])?0+$Int_type?|NULL|false)\b};
@@ -698,6 +702,17 @@
return "";
}
+our $obsolete_archives = qr{(?xi:
+ \Qfreedesktop.org/archives/dri-devel\E |
+ \Qlists.infradead.org\E |
+ \Qlkml.org\E |
+ \Qmail-archive.com\E |
+ \Qmailman.alsa-project.org/pipermail\E |
+ \Qmarc.info\E |
+ \Qozlabs.org/pipermail\E |
+ \Qspinics.net\E
+)};
+
our @typeListMisordered = (
qr{char\s+(?:un)?signed},
qr{int\s+(?:(?:un)?signed\s+)?short\s},
@@ -807,6 +822,8 @@
"rcu_barrier_sched" => "rcu_barrier",
"get_state_synchronize_sched" => "get_state_synchronize_rcu",
"cond_synchronize_sched" => "cond_synchronize_rcu",
+ "kmap" => "kmap_local_page",
+ "kmap_atomic" => "kmap_local_page",
);
#Create a search pattern for all these strings to speed up a loop below
@@ -3140,6 +3157,50 @@
}
}
+# Check Fixes: styles is correct
+ if (!$in_header_lines &&
+ $line =~ /^\s*fixes:?\s*(?:commit\s*)?[0-9a-f]{5,}\b/i) {
+ my $orig_commit = "";
+ my $id = "0123456789ab";
+ my $title = "commit title";
+ my $tag_case = 1;
+ my $tag_space = 1;
+ my $id_length = 1;
+ my $id_case = 1;
+ my $title_has_quotes = 0;
+
+ if ($line =~
/(\s*fixes:?)\s+([0-9a-f]{5,})\s+($balanced_parens)/i) {
+ my $tag = $1;
+ $orig_commit = $2;
+ $title = $3;
+
+ $tag_case = 0 if $tag eq "Fixes:";
+ $tag_space = 0 if ($line =~ /^fixes:?
[0-9a-f]{5,} ($balanced_parens)/i);
+
+ $id_length = 0 if ($orig_commit =~
/^[0-9a-f]{12}$/i);
+ $id_case = 0 if ($orig_commit !~ /[A-F]/);
+
+ # Always strip leading/trailing parens then
double quotes if existing
+ $title = substr($title, 1, -1);
+ if ($title =~ /^".*"$/) {
+ $title = substr($title, 1, -1);
+ $title_has_quotes = 1;
+ }
+ }
+
+ my ($cid, $ctitle) = git_commit_info($orig_commit, $id,
+ $title);
+
+ if ($ctitle ne $title || $tag_case || $tag_space ||
+ $id_length || $id_case || !$title_has_quotes) {
+ if (WARN("BAD_FIXES_TAG",
+ "Please use correct Fixes: style 'Fixes:
<12 chars of sha1> (\"<title line>\")' - ie: 'Fixes: $cid (\"$ctitle\")'\n" .
$herecurr) &&
+ $fix) {
+ $fixed[$fixlinenr] = "Fixes: $cid
(\"$ctitle\")";
+ }
+ }
+ }
+
# Check email subject for common tools that don't need to be mentioned
if ($in_header_lines &&
$line =~
/^Subject:.*\b(?:checkpatch|sparse|smatch)\b[^:]/i) {
@@ -3274,6 +3335,12 @@
$last_git_commit_id_linenr = $linenr if ($line =~
/\bcommit\s*$/i);
}
+# Check for mailing list archives other than lore.kernel.org
+ if ($rawline =~ m{http.*\b$obsolete_archives}) {
+ WARN("PREFER_LORE_ARCHIVE",
+ "Use lore.kernel.org archive links when possible -
see https://lore.kernel.org/lists.html\n"; . $herecurr);
+ }
+
# Check for added, moved or deleted files
if (!$reported_maintainer_file && !$in_commit_log &&
($line =~ /^(?:new|deleted) file mode\s*\d+\s*$/ ||
@@ -3616,7 +3683,7 @@
my $comment = "";
if ($realfile =~ /\.(h|s|S)$/) {
$comment = '/*';
- } elsif ($realfile =~ /\.(c|dts|dtsi)$/) {
+ } elsif ($realfile =~ /\.(c|rs|dts|dtsi)$/) {
$comment = '//';
} elsif (($checklicenseline == 2) || $realfile
=~ /\.(sh|pl|py|awk|tc|yaml)$/) {
$comment = '#';
@@ -3664,7 +3731,7 @@
}
# check we are in a valid source file if not then ignore this hunk
- next if ($realfile !~ /\.(h|c|s|S|sh|dtsi|dts)$/);
+ next if ($realfile !~ /\.(h|c|rs|s|S|sh|dtsi|dts)$/);
# check for using SPDX-License-Identifier on the wrong line number
if ($realline != $checklicenseline &&
@@ -3751,7 +3818,7 @@
if ($realfile =~ /\.S$/ &&
$line =~
/^\+\s*(?:[A-Z]+_)?SYM_[A-Z]+_(?:START|END)(?:_[A-Z_]+)?\s*\(\s*\.L/) {
WARN("AVOID_L_PREFIX",
- "Avoid using '.L' prefixed local symbol names for
denoting a range of code via 'SYM_*_START/END' annotations; see
Documentation/asm-annotations.rst\n" . $herecurr);
+ "Avoid using '.L' prefixed local symbol names for
denoting a range of code via 'SYM_*_START/END' annotations; see
Documentation/core-api/asm-annotations.rst\n" . $herecurr);
}
# check we are in a valid source file C or perl if not then ignore this hunk
@@ -4695,12 +4762,12 @@
}
}
-# avoid BUG() or BUG_ON()
- if ($line =~ /\b(?:BUG|BUG_ON)\b/) {
+# do not use BUG() or variants
+ if ($line =~
/\b(?!AA_|BUILD_|DCCP_|IDA_|KVM_|RWLOCK_|snd_|SPIN_)(?:[a-zA-Z_]*_)?BUG(?:_ON)?(?:_[A-Z_]+)?\s*\(/)
{
my $msg_level = \&WARN;
$msg_level = \&CHK if ($file);
&{$msg_level}("AVOID_BUG",
- "Avoid crashing the kernel - try using
WARN_ON & recovery code rather than BUG() or BUG_ON()\n" . $herecurr);
+ "Do not crash the kernel unless it is
absolutely unavoidable--use WARN_ON_ONCE() plus recovery code (if feasible)
instead of BUG() or variants\n" . $herecurr);
}
# avoid LINUX_VERSION_CODE
@@ -5851,6 +5918,7 @@
$dstat !~ /$exceptions/ &&
$dstat !~ /^\.$Ident\s*=/ &&
# .foo =
$dstat !~ /^(?:\#\s*$Ident|\#\s*$Constant)\s*$/ &&
# stringification #foo
+ $dstat !~ /^case\b/ &&
# case ...
$dstat !~ /^do\s*$Constant\s*while\s*$Constant;?$/
&& # do {...} while (...); // do {...} while (...)
$dstat !~ /^while\s*$Constant\s*$Constant\s*$/ &&
# while (...) {...}
$dstat !~ /^for\s*$Constant$/ &&
# for (...)
@@ -6783,15 +6851,19 @@
}
if ($bad_specifier ne "") {
my $stat_real = get_stat_real($linenr,
$lc);
+ my $msg_level = \&WARN;
my $ext_type = "Invalid";
my $use = "";
if ($bad_specifier =~ /p[Ff]/) {
$use = " - use %pS instead";
$use =~ s/pS/ps/ if
($bad_specifier =~ /pf/);
+ } elsif ($bad_specifier =~ /pA/) {
+ $use = " - '%pA' is only
intended to be used from Rust code";
+ $msg_level = \&ERROR;
}
- WARN("VSPRINTF_POINTER_EXTENSION",
- "$ext_type vsprintf pointer
extension '$bad_specifier'$use\n" . "$here\n$stat_real\n");
+
&{$msg_level}("VSPRINTF_POINTER_EXTENSION",
+ "$ext_type vsprintf
pointer extension '$bad_specifier'$use\n" . "$here\n$stat_real\n");
}
}
}
@@ -7074,7 +7146,7 @@
}
# check for alloc argument mismatch
- if ($line =~
/\b((?:devm_)?(?:kcalloc|kmalloc_array))\s*\(\s*sizeof\b/) {
+ if ($line =~
/\b((?:devm_)?((?:k|kv)?(calloc|malloc_array)(?:_node)?))\s*\(\s*sizeof\b/) {
WARN("ALLOC_ARRAY_ARGS",
"$1 uses number as first arg, sizeof is generally
wrong\n" . $herecurr);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/tests/ci/checkpatch/spelling.txt
new/openfortivpn-1.20.1/tests/ci/checkpatch/spelling.txt
--- old/openfortivpn-1.19.0/tests/ci/checkpatch/spelling.txt 2022-10-10
17:44:34.000000000 +0200
+++ new/openfortivpn-1.20.1/tests/ci/checkpatch/spelling.txt 2023-02-25
15:38:02.000000000 +0100
@@ -23,6 +23,7 @@
acccess||access
acceess||access
accelaration||acceleration
+accelearion||acceleration
acceleratoin||acceleration
accelleration||acceleration
accesing||accessing
@@ -58,11 +59,13 @@
activete||activate
actived||activated
actualy||actually
+actvie||active
acumulating||accumulating
acumulative||accumulative
acumulator||accumulator
acutally||actually
adapater||adapter
+adderted||asserted
addional||additional
additionaly||additionally
additonal||additional
@@ -120,6 +123,7 @@
ambigious||ambiguous
ambigous||ambiguous
amoung||among
+amount of times||number of times
amout||amount
amplifer||amplifier
amplifyer||amplifier
@@ -253,6 +257,7 @@
broadcase||broadcast
broadcat||broadcast
bufer||buffer
+bufferred||buffered
bufufer||buffer
cacluated||calculated
caculate||calculate
@@ -273,6 +278,7 @@
cant'||can't
canot||cannot
cann't||can't
+cannnot||cannot
capabilites||capabilities
capabilties||capabilities
capabilty||capability
@@ -283,6 +289,7 @@
caputure||capture
carefuly||carefully
cariage||carriage
+casued||caused
catagory||category
cehck||check
challange||challenge
@@ -309,6 +316,7 @@
chked||checked
chnage||change
chnages||changes
+chnange||change
chnnel||channel
choosen||chosen
chouse||chose
@@ -365,6 +373,7 @@
conditionaly||conditionally
conditon||condition
condtion||condition
+condtional||conditional
conected||connected
conector||connector
configration||configuration
@@ -418,6 +427,7 @@
couter||counter
coutner||counter
cryptocraphic||cryptographic
+cummulative||cumulative
cunter||counter
curently||currently
cylic||cyclic
@@ -439,6 +449,7 @@
definate||definite
definately||definitely
definiation||definition
+definiton||definition
defintion||definition
defintions||definitions
defualt||default
@@ -452,6 +463,7 @@
delares||declares
delaring||declaring
delemiter||delimiter
+delibrately||deliberately
delievered||delivered
demodualtor||demodulator
demension||dimension
@@ -481,6 +493,7 @@
detabase||database
deteced||detected
detectt||detect
+detroyed||destroyed
develope||develop
developement||development
developped||developed
@@ -507,6 +520,7 @@
dimesions||dimensions
diconnected||disconnected
disabed||disabled
+disasembler||disassembler
disble||disable
disgest||digest
disired||desired
@@ -616,8 +630,10 @@
existance||existence
existant||existent
exixt||exist
+exsits||exists
exlcude||exclude
exlcusive||exclusive
+exlusive||exclusive
exmaple||example
expecially||especially
experies||expires
@@ -655,17 +671,20 @@
feautures||features
fetaure||feature
fetaures||features
+fetcing||fetching
fileystem||filesystem
fimrware||firmware
fimware||firmware
firmare||firmware
firmaware||firmware
+firtly||firstly
firware||firmware
firwmare||firmware
finanize||finalize
findn||find
finilizes||finalizes
finsih||finish
+fliter||filter
flusing||flushing
folloing||following
followign||following
@@ -725,6 +744,7 @@
happend||happened
hardare||hardware
harware||hardware
+hardward||hardware
havind||having
heirarchically||hierarchically
heirarchy||hierarchy
@@ -740,6 +760,7 @@
hsould||should
hypervior||hypervisor
hypter||hyper
+idel||idle
identidier||identifier
iligal||illegal
illigal||illegal
@@ -826,6 +847,7 @@
integrey||integrity
intendet||intended
intented||intended
+interal||internal
interanl||internal
interchangable||interchangeable
interferring||interfering
@@ -931,9 +953,11 @@
mathimatical||mathematical
mathimatic||mathematic
mathimatics||mathematics
+maxmium||maximum
maximium||maximum
maxium||maximum
mechamism||mechanism
+mechanim||mechanism
meetign||meeting
memeory||memory
memmber||member
@@ -942,6 +966,7 @@
ment||meant
mergable||mergeable
mesage||message
+mesages||messages
messags||messages
messgaes||messages
messsage||message
@@ -983,8 +1008,9 @@
monocrome||monochrome
mopdule||module
mroe||more
-multipler||multiplier
mulitplied||multiplied
+muliple||multiple
+multipler||multiplier
multidimensionnal||multidimensional
multipe||multiple
multple||multiple
@@ -1007,6 +1033,7 @@
nerver||never
nescessary||necessary
nessessary||necessary
+none existent||non-existent
noticable||noticeable
notication||notification
notications||notifications
@@ -1028,6 +1055,7 @@
occurence||occurrence
occure||occurred
occuring||occurring
+ocurrence||occurrence
offser||offset
offet||offset
offlaod||offload
@@ -1039,6 +1067,7 @@
ommiting||omitting
ommitted||omitted
onself||oneself
+onthe||on the
ony||only
openning||opening
operatione||operation
@@ -1105,10 +1134,12 @@
periperal||peripheral
peripherial||peripheral
permissons||permissions
+permited||permitted
peroid||period
persistance||persistence
persistant||persistent
phoneticly||phonetically
+plaform||platform
plalform||platform
platfoem||platform
platfrom||platform
@@ -1236,6 +1267,7 @@
refernces||references
refernnce||reference
refrence||reference
+regiser||register
registed||registered
registerd||registered
registeration||registration
@@ -1276,6 +1308,7 @@
reseved||reserved
reseverd||reserved
resizeable||resizable
+resotre||restore
resouce||resource
resouces||resources
resoures||resources
@@ -1314,6 +1347,8 @@
sacrifying||sacrificing
safly||safely
safty||safety
+satify||satisfy
+satisifed||satisfied
savable||saveable
scaleing||scaling
scaned||scanned
@@ -1365,10 +1400,12 @@
simlar||similar
simliar||similar
simpified||simplified
+simultaneusly||simultaneously
simultanous||simultaneous
singaled||signaled
singal||signal
singed||signed
+slect||select
sleeped||slept
sliped||slipped
softwade||software
@@ -1438,6 +1475,7 @@
suport||support
supportet||supported
suppored||supported
+supporing||supporting
supportin||supporting
suppoted||supported
suppported||supported
@@ -1475,15 +1513,18 @@
sythesis||synthesis
taht||that
tained||tainted
+tarffic||traffic
tansmit||transmit
targetted||targeted
targetting||targeting
taskelt||tasklet
teh||the
+temeprature||temperature
temorary||temporary
temproarily||temporarily
temperture||temperature
thead||thread
+theads||threads
therfore||therefore
thier||their
threds||threads
@@ -1532,13 +1573,16 @@
ture||true
tyep||type
udpate||update
+updtes||updates
uesd||used
+unknwon||unknown
uknown||unknown
usccess||success
uncommited||uncommitted
uncompatible||incompatible
unconditionaly||unconditionally
undeflow||underflow
+undelying||underlying
underun||underrun
unecessary||unnecessary
unexecpted||unexpected
@@ -1569,11 +1613,14 @@
unnsupported||unsupported
unmached||unmatched
unprecise||imprecise
+unpriviledged||unprivileged
+unpriviliged||unprivileged
unregester||unregister
unresgister||unregister
unrgesiter||unregister
unsinged||unsigned
unstabel||unstable
+unsolicted||unsolicited
unsolicitied||unsolicited
unsuccessfull||unsuccessful
unsuported||unsupported
@@ -1583,6 +1630,7 @@
unvalid||invalid
upate||update
upsupported||unsupported
+upto||up to
useable||usable
usefule||useful
usefull||useful
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/openfortivpn-1.19.0/tests/lint/run.sh
new/openfortivpn-1.20.1/tests/lint/run.sh
--- old/openfortivpn-1.19.0/tests/lint/run.sh 2022-10-10 17:44:34.000000000
+0200
+++ new/openfortivpn-1.20.1/tests/lint/run.sh 2023-02-25 15:38:02.000000000
+0100
@@ -3,12 +3,12 @@
rc=0
-./tests/lint/eol-at-eof.sh $(git ls-files | grep -v
openssl_hostname_validation) || rc=1
+./tests/lint/eol-at-eof.sh $(git ls-files) || rc=1
-./tests/lint/line_length.py $(git ls-files '*.[ch]' | grep -v
openssl_hostname_validation) || rc=1
+./tests/lint/line_length.py $(git ls-files '*.[ch]') || rc=1
-./tests/lint/astyle.sh $(git ls-files '*.[ch]' | grep -v
openssl_hostname_validation) || rc=1
+./tests/lint/astyle.sh $(git ls-files '*.[ch]') || rc=1
-./tests/lint/checkpatch.sh $(git ls-files '*.[ch]' | grep -v
openssl_hostname_validation) || rc=1
+./tests/lint/checkpatch.sh $(git ls-files '*.[ch]') || rc=1
exit $rc
