diff -Nru openfortivpn-1.19.0/debian/changelog openfortivpn-1.19.0/debian/changelog --- openfortivpn-1.19.0/debian/changelog 2023-02-08 17:59:57.000000000 +0000 +++ openfortivpn-1.19.0/debian/changelog 2023-02-09 08:47:02.000000000 +0000 @@ -1,14 +1,18 @@ -openfortivpn (1.19.0-2ubuntu1~ubuntu18.04.1) bionic; urgency=medium +openfortivpn (1.19.0-2ubuntu3~ubuntu18.04.1) bionic; urgency=medium * No change backport to bionic - -- Gianfranco Costamagna Wed, 08 Feb 2023 18:59:57 +0100 + -- Gianfranco Costamagna Thu, 09 Feb 2023 09:47:02 +0100 -openfortivpn (1.19.0-2ubuntu1) lunar; urgency=medium +openfortivpn (1.19.0-2ubuntu2) lunar; urgency=medium - * debian/patches/3.patch: - - Add upstream proposed patch (new-saml branch) to handle saml authentication - -- Gianfranco Costamagna Wed, 08 Feb 2023 18:57:54 +0100 + * debian/patches/1061.patch: + * debian/patches/2b1ea015a2cc4470ee53aeb450026e360788d52f.patch: + * debian/patches/51538ee02b75477d4320ccd7305907c104c9d1d0.patch: + * debian/patches/6bfe90ceebcff978b84d0deef0b2c5f66f1e0c44.patch: + - move to upstream fixes and branches + + -- Gianfranco Costamagna Thu, 09 Feb 2023 09:37:42 +0100 openfortivpn (1.19.0-2) unstable; urgency=medium diff -Nru openfortivpn-1.19.0/debian/patches/1035.patch openfortivpn-1.19.0/debian/patches/1035.patch --- openfortivpn-1.19.0/debian/patches/1035.patch 1970-01-01 00:00:00.000000000 +0000 +++ openfortivpn-1.19.0/debian/patches/1035.patch 2023-02-09 08:46:20.000000000 +0000 @@ -0,0 +1,62 @@ +From a3eb4e069d40823dda9e81a5dcfeb90b5914619f Mon Sep 17 00:00:00 2001 +From: Gabriele Mazzotta +Date: Sun, 30 Oct 2022 18:27:08 +0100 +Subject: [PATCH 01/10] Prepend "SVPNCOOKIE=" to the given cookie if missing + +It is maybe not obvious that currently the cookie is only accepted +if it has "SVPNCOOKIE=", so add it when it is missing. +--- + src/main.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 52 insertions(+), 3 deletions(-) + +Index: openfortivpn-1.19.0/src/main.c +=================================================================== +--- openfortivpn-1.19.0.orig/src/main.c ++++ openfortivpn-1.19.0/src/main.c +@@ -186,6 +186,27 @@ + " trusted-cert = othercertificatedigest6631bf...\n" \ + " For a full-featured configuration see man openfortivpn(1).\n" + ++/** ++ * Returns the given "input" prefixed with "prefix" in a dynamically ++ * allocated string. This behaves exactly like "strdup" if "input" already ++ * starts with "prefix". ++ */ ++static char *strdup_with_prefix(const char *input, const char *prefix) ++{ ++ size_t prefix_len = strlen(prefix); ++ char *output; ++ ++ if (memcmp(prefix, input, prefix_len) == 0) ++ return strdup(input); ++ ++ output = malloc(prefix_len + strlen(input)); ++ if (output) { ++ strcpy(output, prefix); ++ strcpy(output + prefix_len, input); ++ } ++ return output; ++} ++ + int main(int argc, char **argv) + { + int ret = EXIT_FAILURE; +@@ -517,7 +538,7 @@ + } + if (strcmp(long_options[option_index].name, + "cookie") == 0) { +- cli_cfg.cookie = strdup(optarg); ++ cli_cfg.cookie = strdup_with_prefix(optarg, "SVPNCOOKIE="); + break; + } + if (strcmp(long_options[option_index].name, +@@ -529,7 +550,8 @@ + break; + } + free(cli_cfg.cookie); +- cli_cfg.cookie = cookie; ++ cli_cfg.cookie = strdup_with_prefix(cookie, "SVPNCOOKIE="); ++ free(cookie); + break; + } + goto user_error; diff -Nru openfortivpn-1.19.0/debian/patches/1061.patch openfortivpn-1.19.0/debian/patches/1061.patch --- openfortivpn-1.19.0/debian/patches/1061.patch 1970-01-01 00:00:00.000000000 +0000 +++ openfortivpn-1.19.0/debian/patches/1061.patch 2023-02-09 08:46:29.000000000 +0000 @@ -0,0 +1,82 @@ +From e1ba83858ad259f4b9db571ab3eff424fe96de17 Mon Sep 17 00:00:00 2001 +From: Gianfranco Costamagna +Date: Thu, 9 Feb 2023 09:32:41 +0100 +Subject: [PATCH] Cherry-pick and adapt to new codebase the following commit on + saml branch + +commit 258c4346d2a882dacc976afb7e4890488450d4ba +Author: Gabriele Mazzotta +Date: Sat Mar 26 12:05:41 2022 +0100 + + Add rudimentary support for SAML + + This works by letting the user login through a browser and provide + the SVPNCOOKIE. +--- + src/config.h | 1 + + src/main.c | 26 +++++++++++++++++--------- + 2 files changed, 18 insertions(+), 9 deletions(-) + +Index: openfortivpn-1.19.0/src/config.h +=================================================================== +--- openfortivpn-1.19.0.orig/src/config.h ++++ openfortivpn-1.19.0/src/config.h +@@ -91,6 +91,7 @@ + int password_set; + char otp[OTP_SIZE + 1]; + char *cookie; ++ int cookie_on_stdin; + char *otp_prompt; + unsigned int otp_delay; + int no_ftm_push; +Index: openfortivpn-1.19.0/src/main.c +=================================================================== +--- openfortivpn-1.19.0.orig/src/main.c ++++ openfortivpn-1.19.0/src/main.c +@@ -221,6 +221,7 @@ + .password = {'\0'}, + .password_set = 0, + .cookie = NULL, ++ .cookie_on_stdin = 0, + .otp = {'\0'}, + .otp_prompt = NULL, + .otp_delay = 0, +@@ -557,15 +558,7 @@ + } + if (strcmp(long_options[option_index].name, + "cookie-on-stdin") == 0) { +- char *cookie = read_from_stdin(COOKIE_SIZE); +- +- if (cookie == NULL) { +- log_error("Could not read the cookie from stdin\n"); +- break; +- } +- free(cli_cfg.cookie); +- cli_cfg.cookie = strdup_with_prefix(cookie, "SVPNCOOKIE="); +- free(cookie); ++ cli_cfg.cookie_on_stdin = 1; + break; + } + goto user_error; +@@ -693,6 +686,21 @@ + if (cfg.username[0] != '\0') + log_debug("Configuration username = \"%s\"\n", cfg.username); + log_debug_all("Configuration password = \"%s\"\n", cfg.password); ++ ++ if (cli_cfg.cookie_on_stdin == 1) { ++ printf("\nLogin at https://%s:%d/remote/saml/start\n", cfg.gateway_host, cfg.gateway_port); ++ printf("Copy 'SVPNCOOKIE' and paste it here, including or not 'SVPNCOOKIE='\n"); ++ ++ char *cookie = read_from_stdin(COOKIE_SIZE); ++ if (cookie == NULL) { ++ log_error("Could not read the cookie from stdin\n"); ++ } else { ++ free(cfg.cookie); ++ cfg.cookie = strdup_with_prefix(cookie, "SVPNCOOKIE="); ++ free(cookie); ++ } ++ } ++ + if (cfg.otp[0] != '\0') + log_debug("One-time password = \"%s\"\n", cfg.otp); + diff -Nru openfortivpn-1.19.0/debian/patches/2b1ea015a2cc4470ee53aeb450026e360788d52f.patch openfortivpn-1.19.0/debian/patches/2b1ea015a2cc4470ee53aeb450026e360788d52f.patch --- openfortivpn-1.19.0/debian/patches/2b1ea015a2cc4470ee53aeb450026e360788d52f.patch 1970-01-01 00:00:00.000000000 +0000 +++ openfortivpn-1.19.0/debian/patches/2b1ea015a2cc4470ee53aeb450026e360788d52f.patch 2023-02-09 08:46:36.000000000 +0000 @@ -0,0 +1,116 @@ +From 2b1ea015a2cc4470ee53aeb450026e360788d52f Mon Sep 17 00:00:00 2001 +From: Dimitri Papadopoulos + <3234522+DimitriPapadopoulos@users.noreply.github.com> +Date: Tue, 29 Nov 2022 08:53:43 +0100 +Subject: [PATCH] Free `cli_cfg` items prior to assigning + +Free items prior to assigning again with `strdup()`, just in case the +same option is passed multiple times. +--- + src/main.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +Index: openfortivpn-1.19.0/src/main.c +=================================================================== +--- openfortivpn-1.19.0.orig/src/main.c ++++ openfortivpn-1.19.0/src/main.c +@@ -357,26 +357,31 @@ + } + if (strcmp(long_options[option_index].name, + "pppd-log") == 0) { ++ free(cli_cfg.pppd_log); + cli_cfg.pppd_log = strdup(optarg); + break; + } + if (strcmp(long_options[option_index].name, + "pppd-plugin") == 0) { ++ free(cli_cfg.pppd_plugin); + cli_cfg.pppd_plugin = strdup(optarg); + break; + } + if (strcmp(long_options[option_index].name, + "pppd-ifname") == 0) { ++ free(cli_cfg.pppd_ifname); + cli_cfg.pppd_ifname = strdup(optarg); + break; + } + if (strcmp(long_options[option_index].name, + "pppd-ipparam") == 0) { ++ free(cli_cfg.pppd_ipparam); + cli_cfg.pppd_ipparam = strdup(optarg); + break; + } + if (strcmp(long_options[option_index].name, + "pppd-call") == 0) { ++ free(cli_cfg.pppd_call); + cli_cfg.pppd_call = strdup(optarg); + break; + } +@@ -384,6 +389,7 @@ + if (cli_cfg.pppd_plugin == NULL && + strcmp(long_options[option_index].name, + "plugin") == 0) { ++ free(cli_cfg.pppd_plugin); + cli_cfg.pppd_plugin = strdup(optarg); + break; + } +@@ -391,6 +397,7 @@ + #if HAVE_USR_SBIN_PPP + if (strcmp(long_options[option_index].name, + "ppp-system") == 0) { ++ free(cli_cfg.ppp_system); + cfg.ppp_system = strdup(optarg); + break; + } +@@ -411,16 +418,19 @@ + #endif + if (strcmp(long_options[option_index].name, + "ca-file") == 0) { ++ free(cli_cfg.ca_file); + cli_cfg.ca_file = strdup(optarg); + break; + } + if (strcmp(long_options[option_index].name, + "user-cert") == 0) { ++ free(cli_cfg.user_cert); + cli_cfg.user_cert = strdup(optarg); + break; + } + if (strcmp(long_options[option_index].name, + "user-key") == 0) { ++ free(cli_cfg.user_key); + cli_cfg.user_key = strdup(optarg); + break; + } +@@ -434,6 +444,7 @@ + } + if (strcmp(long_options[option_index].name, + "pinentry") == 0) { ++ free(cli_cfg.pinentry); + cli_cfg.pinentry = strdup(optarg); + break; + } +@@ -451,6 +462,7 @@ + } + if (strcmp(long_options[option_index].name, + "cipher-list") == 0) { ++ free(cli_cfg.cipher_list); + cli_cfg.cipher_list = strdup(optarg); + break; + } +@@ -468,6 +480,7 @@ + } + if (strcmp(long_options[option_index].name, + "otp-prompt") == 0) { ++ free(cli_cfg.otp_prompt); + cli_cfg.otp_prompt = strdup(optarg); + break; + } +@@ -538,6 +551,7 @@ + } + if (strcmp(long_options[option_index].name, + "cookie") == 0) { ++ free(cli_cfg.cookie); + cli_cfg.cookie = strdup_with_prefix(optarg, "SVPNCOOKIE="); + break; + } diff -Nru openfortivpn-1.19.0/debian/patches/51538ee02b75477d4320ccd7305907c104c9d1d0.patch openfortivpn-1.19.0/debian/patches/51538ee02b75477d4320ccd7305907c104c9d1d0.patch --- openfortivpn-1.19.0/debian/patches/51538ee02b75477d4320ccd7305907c104c9d1d0.patch 1970-01-01 00:00:00.000000000 +0000 +++ openfortivpn-1.19.0/debian/patches/51538ee02b75477d4320ccd7305907c104c9d1d0.patch 2023-02-09 08:46:26.000000000 +0000 @@ -0,0 +1,29 @@ +From 51538ee02b75477d4320ccd7305907c104c9d1d0 Mon Sep 17 00:00:00 2001 +From: Dimitri Papadopoulos + <3234522+DimitriPapadopoulos@users.noreply.github.com> +Date: Sat, 10 Dec 2022 11:47:32 +0100 +Subject: [PATCH] Fix recent bugs + +* Fix the error I introduced in 9b990e7. Sorry about that. +* Fix allocation size, take into account terminating null. +--- + src/main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: openfortivpn-1.19.0/src/main.c +=================================================================== +--- openfortivpn-1.19.0.orig/src/main.c ++++ openfortivpn-1.19.0/src/main.c +@@ -196,10 +196,10 @@ + size_t prefix_len = strlen(prefix); + char *output; + +- if (memcmp(prefix, input, prefix_len) == 0) ++ if (strncmp(prefix, input, prefix_len) == 0) + return strdup(input); + +- output = malloc(prefix_len + strlen(input)); ++ output = malloc(prefix_len + strlen(input) + 1); + if (output) { + strcpy(output, prefix); + strcpy(output + prefix_len, input); diff -Nru openfortivpn-1.19.0/debian/patches/6bfe90ceebcff978b84d0deef0b2c5f66f1e0c44.patch openfortivpn-1.19.0/debian/patches/6bfe90ceebcff978b84d0deef0b2c5f66f1e0c44.patch --- openfortivpn-1.19.0/debian/patches/6bfe90ceebcff978b84d0deef0b2c5f66f1e0c44.patch 1970-01-01 00:00:00.000000000 +0000 +++ openfortivpn-1.19.0/debian/patches/6bfe90ceebcff978b84d0deef0b2c5f66f1e0c44.patch 2023-02-09 08:46:28.000000000 +0000 @@ -0,0 +1,23 @@ +From 6bfe90ceebcff978b84d0deef0b2c5f66f1e0c44 Mon Sep 17 00:00:00 2001 +From: Dimitri Papadopoulos + <3234522+DimitriPapadopoulos@users.noreply.github.com> +Date: Sat, 10 Dec 2022 12:16:12 +0100 +Subject: [PATCH] This message reports an error, not a mere warning + +--- + src/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: openfortivpn-1.19.0/src/main.c +=================================================================== +--- openfortivpn-1.19.0.orig/src/main.c ++++ openfortivpn-1.19.0/src/main.c +@@ -560,7 +560,7 @@ + char *cookie = read_from_stdin(COOKIE_SIZE); + + if (cookie == NULL) { +- log_warn("Could not read the cookie from stdin\n"); ++ log_error("Could not read the cookie from stdin\n"); + break; + } + free(cli_cfg.cookie); diff -Nru openfortivpn-1.19.0/debian/patches/a6c0c6042dff704b668dc31eb4ecc26dc683caf1.patch openfortivpn-1.19.0/debian/patches/a6c0c6042dff704b668dc31eb4ecc26dc683caf1.patch --- openfortivpn-1.19.0/debian/patches/a6c0c6042dff704b668dc31eb4ecc26dc683caf1.patch 1970-01-01 00:00:00.000000000 +0000 +++ openfortivpn-1.19.0/debian/patches/a6c0c6042dff704b668dc31eb4ecc26dc683caf1.patch 2023-02-09 08:46:24.000000000 +0000 @@ -0,0 +1,46 @@ +From a6c0c6042dff704b668dc31eb4ecc26dc683caf1 Mon Sep 17 00:00:00 2001 +From: Dimitri Papadopoulos + <3234522+DimitriPapadopoulos@users.noreply.github.com> +Date: Sat, 10 Dec 2022 12:15:04 +0100 +Subject: [PATCH] log_* functions require the message ends with '\n' + +--- + src/main.c | 2 +- + src/tunnel.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +Index: openfortivpn-1.19.0/src/main.c +=================================================================== +--- openfortivpn-1.19.0.orig/src/main.c ++++ openfortivpn-1.19.0/src/main.c +@@ -560,7 +560,7 @@ + char *cookie = read_from_stdin(COOKIE_SIZE); + + if (cookie == NULL) { +- log_warn("Could not read the cookie from stdin"); ++ log_warn("Could not read the cookie from stdin\n"); + break; + } + free(cli_cfg.cookie); +Index: openfortivpn-1.19.0/src/tunnel.c +=================================================================== +--- openfortivpn-1.19.0.orig/src/tunnel.c ++++ openfortivpn-1.19.0/src/tunnel.c +@@ -987,7 +987,7 @@ + PEM_PASSPHRASE_SIZE + 1); + cfg->pem_passphrase_set = 1; + } else { +- log_error("Buffer too small for PEM pass phrase: %d.", ++ log_error("Buffer too small for PEM pass phrase: %d.\n", + size); + } + } +@@ -998,7 +998,7 @@ + return strlen(buf); + } + } else { +- log_error("We refuse to write PEM pass phrases!"); ++ log_error("We refuse to write PEM pass phrases!\n"); + } + + return -1; diff -Nru openfortivpn-1.19.0/debian/patches/series openfortivpn-1.19.0/debian/patches/series --- openfortivpn-1.19.0/debian/patches/series 2023-02-08 17:57:54.000000000 +0000 +++ openfortivpn-1.19.0/debian/patches/series 2023-02-09 08:41:39.000000000 +0000 @@ -1 +1,6 @@ -3.patch +1035.patch +2b1ea015a2cc4470ee53aeb450026e360788d52f.patch +a6c0c6042dff704b668dc31eb4ecc26dc683caf1.patch +51538ee02b75477d4320ccd7305907c104c9d1d0.patch +6bfe90ceebcff978b84d0deef0b2c5f66f1e0c44.patch +1061.patch diff -Nru openfortivpn-1.19.0/debian/source/include-binaries openfortivpn-1.19.0/debian/source/include-binaries --- openfortivpn-1.19.0/debian/source/include-binaries 2023-02-08 17:10:58.000000000 +0000 +++ openfortivpn-1.19.0/debian/source/include-binaries 1970-01-01 00:00:00.000000000 +0000 @@ -1,12 +0,0 @@ -openfortivpn -src/openfortivpn-config.o -src/openfortivpn-hdlc.o -src/openfortivpn-http.o -src/openfortivpn-io.o -src/openfortivpn-ipv4.o -src/openfortivpn-log.o -src/openfortivpn-main.o -src/openfortivpn-openssl_hostname_validation.o -src/openfortivpn-tunnel.o -src/openfortivpn-userinput.o -src/openfortivpn-xml.o