Package Details: openswan 2.6.51.5-1

Git Clone URL: https://aur.archlinux.org/openswan.git (read-only)
Package Base: openswan
Description: Open Source implementation of IPsec for Linux
Upstream URL: https://www.openswan.org
Licenses: GPL, custom
Conflicts: ipsec-tools, strongswan
Submitter: Allan
Maintainer: severach
Last Packager: severach
Votes: 143
Popularity: 0.041018
First Submitted: 2009-11-07 14:39
Last Updated: 2019-08-10 00:57

Latest Comments

1 2 3 4 5 6 ... Next › Last »

severach commented on 2019-08-10 01:04

The "normal" diff format isn't very good. It won't apply if everything isn't exact. The context and unified will apply. Unified are the easiest to read.

Subtracting 1 isn't enough. That may shut the compiler up but it will earn us a CVE. strncpy() does not guarantee a nul end of string. The referenced patch has a decent way to guarantee a nul but I like my way better because it also guarantees no random text can appear after the nul.

The real answer is to write a custom strncpy() that has all the behavior we want, guaranteed nul and all nul to end of buffer.

mickybart commented on 2019-08-09 19:26

@stramaz

I have the same issue when I copy/paste it from my comment.

Here is base64 version to avoid that as I don't know how to share it in a proper way.

echo "MjMzYzIzMwo8IAkJCXN0cm5jcHkoaWZyLmlmcl9uYW1lLCBvcHRhcmcsIHNpemVvZihpZnIuaWZyX25hbWUpKTsKLS0tCj4gCQkJc3RybmNweShpZnIuaWZyX25hbWUsIG9wdGFyZywgc2l6ZW9mKGlmci5pZnJfbmFtZSktMSk7CjIzNmMyMzYKPCAJCQlzdHJuY3B5KHNoYy5jZl9uYW1lLCBvcHRhcmcsIHNpemVvZihzaGMuY2ZfbmFtZSkpOwotLS0KPiAJCQlzdHJuY3B5KHNoYy5jZl9uYW1lLCBvcHRhcmcsIHNpemVvZihzaGMuY2ZfbmFtZSktMSk7Cg==" | base64 -d > gcc9-fix.patch

the sha512sum is d4b5c8418cb623fc720d9e401cbbaf1668c172af8b5c658f95efadcce165840fd35c3f4dbb62925de73c1c3e212093e2cb427424b0db4e92ff96eb1c83cd84c4

stramaz commented on 2019-08-09 14:35

Unfortunately the patch of @mickybart doesn't work for me...: 


==> Starting prepare()...
patching file programs/tncfg/tncfg.c
Hunk #1 FAILED at 233.
Hunk #2 FAILED at 236.
2 out of 2 hunks FAILED -- saving rejects to file programs/tncfg/tncfg.c.rej
==> ERROR: A failure occurred in prepare().
    Aborting...
:: Unable to build openswan - makepkg exited with code: 4

mickybart commented on 2019-07-17 14:50

That need to be fixed upstream but the patch should look something like that to fix the compilation:

# cat gcc9-fix.patch 
233c233
<                       strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name));
---
>                       strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name)-1);
236c236
<                       strncpy(shc.cf_name, optarg, sizeof(shc.cf_name));
---
>                       strncpy(shc.cf_name, optarg, sizeof(shc.cf_name)-1);

You can add the patch in PKGBUILD/prepare():

  # GCC 9 fix
  patch "programs/tncfg/tncfg.c" "$srcdir/gcc9-fix.patch"

It works for me but that need to be discussed with upstream team.

EDIT: similar code issue: https://github.com/intel/openlldp/issues/23

gally commented on 2019-07-10 13:32

downgrading gcc to 8.3.0 didn't work at all for me. Same result as before.

elgs commented on 2019-07-05 06:28

Thank you!! Downgrading both gcc and gcc-libs to 8.3.0 and it worked!!

GPereira commented on 2019-07-04 19:17

Thank you for sending me reports but since I am not able to solve it and I am not using Arch Linux as my daily driver currently it's only logical I orphan this package. PS: Maybe something to do with glibc or gcc version? Try downgrading to GCC 8.2.x and try to compile just to check if that's the issue.

elgs commented on 2019-07-04 09:05

Building failed with the following message:

In function 'strncpy',
    inlined from 'main' at /home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/programs/tncfg/tncfg.c:233:4:
/usr/include/bits/string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'strncpy',
    inlined from 'main' at /home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/programs/tncfg/tncfg.c:236:4:
/usr/include/bits/string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 12 equals destination size [-Werror=stringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[3]: *** [/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/Makefile.common:21: tncfg.o] Error 1
make[3]: Leaving directory '/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/OBJ.linux.x86_64/programs/tncfg'
make[2]: *** [/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/programs/Makefile:59: programs] Error 1
make[2]: Leaving directory '/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/OBJ.linux.x86_64/programs'
make[1]: *** [Makefile:10: programs] Error 1
make[1]: Leaving directory '/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/OBJ.linux.x86_64'
make: *** [Makefile:186: programs] Error 2
==> ERROR: A failure occurred in build().
    Aborting...
Error making: openswan

skawikk commented on 2019-07-03 15:11

@GPereira Tried this, still it didn't work.

GPereira commented on 2019-06-28 08:02

Can you try to downgrade python to the version arch Linux had in 14th of June and check if the problem is still there?