Arch Linux User Repository

Please consider pulling my fix on the next update. Upstream has merged it, although it not in any release yet.

You may want to include https://github.com/xelerance/Openswan/pull/447. Otherwise "self-proposal" errors may occur as seen in https://bbs.archlinux.org/viewtopic.php?id=253434.

Could you support aarch64?

I successfully compiled for this architecture by adding aarch64 to arch in PKGINFO.

Thank you

The package does not build on gcc 10-1. A workaround is to downgrade to gcc 9.2 and then build it.

$ yay -S downgrade # downgrade gcc gcc-libs

There are also issues with xmlto, is better to remove it: # pacman -R xmlto

One of the makefiles tries to remove a real system file during packaging. Non-root builds where a version is already installed barf. root builds would silently remove the file. This will fix it

--- programs/Makefile.program.orig      2019-06-14 20:35:45.000000000 +0100
+++ programs/Makefile.program   2020-01-30 18:54:31.226501106 +0000
@@ -112,7 +112,7 @@

 # note: remove any old vendor file installed previously
 doinstall:: $(PROGRAM) $(CONFFILES) $(EXTRA8MAN) $(EXTRA5MAN) $(EXTRA5PROC) $(LIBFILES) $(CONFDFILES)
-       @rm -f $(FINALLIBEXECDIR)/vendor
+       @rm -f $(LIBEXECDIR)/vendor
        @mkdir -p $(PROGRAMDIR) $(MANDIR8) $(MANDIR5) $(LIBDIR) $(CONFDIR) $(CONFDDIR) $(CONFDDIR)/$(CONFDSUBDIR) $(EXAMPLECONFDIR)
        @if [ -n "$(PROGRAM)" ]; then $(INSTALL) $(INSTBINFLAGS) $(PROGRAM) $(PROGRAMDIR); fi
        @$(foreach f, $(addsuffix .8, $(PROGRAM)), \

This package is missing the following build dependencies:

• inetutils (hostname command used during build)
• xmlto (used to generate man pages)
• docbook-xsl (required to have xmlto working correctly)

The "normal" diff format isn't very good. It won't apply if everything isn't exact. The context and unified will apply. Unified are the easiest to read.

Subtracting 1 isn't enough. That may shut the compiler up but it will earn us a CVE. strncpy() does not guarantee a nul end of string. The referenced patch has a decent way to guarantee a nul but I like my way better because it also guarantees no random text can appear after the nul.

The real answer is to write a custom strncpy() that has all the behavior we want, guaranteed nul and all nul to end of buffer.

@stramaz

I have the same issue when I copy/paste it from my comment.

Here is base64 version to avoid that as I don't know how to share it in a proper way.

echo "MjMzYzIzMwo8IAkJCXN0cm5jcHkoaWZyLmlmcl9uYW1lLCBvcHRhcmcsIHNpemVvZihpZnIuaWZyX25hbWUpKTsKLS0tCj4gCQkJc3RybmNweShpZnIuaWZyX25hbWUsIG9wdGFyZywgc2l6ZW9mKGlmci5pZnJfbmFtZSktMSk7CjIzNmMyMzYKPCAJCQlzdHJuY3B5KHNoYy5jZl9uYW1lLCBvcHRhcmcsIHNpemVvZihzaGMuY2ZfbmFtZSkpOwotLS0KPiAJCQlzdHJuY3B5KHNoYy5jZl9uYW1lLCBvcHRhcmcsIHNpemVvZihzaGMuY2ZfbmFtZSktMSk7Cg==" | base64 -d > gcc9-fix.patch

the sha512sum is d4b5c8418cb623fc720d9e401cbbaf1668c172af8b5c658f95efadcce165840fd35c3f4dbb62925de73c1c3e212093e2cb427424b0db4e92ff96eb1c83cd84c4

Unfortunately the patch of @mickybart doesn't work for me...:

==> Starting prepare()...
patching file programs/tncfg/tncfg.c
Hunk #1 FAILED at 233.
Hunk #2 FAILED at 236.
2 out of 2 hunks FAILED -- saving rejects to file programs/tncfg/tncfg.c.rej
==> ERROR: A failure occurred in prepare().
    Aborting...
:: Unable to build openswan - makepkg exited with code: 4

That need to be fixed upstream but the patch should look something like that to fix the compilation:

# cat gcc9-fix.patch 
233c233
<                       strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name));
---
>                       strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name)-1);
236c236
<                       strncpy(shc.cf_name, optarg, sizeof(shc.cf_name));
---
>                       strncpy(shc.cf_name, optarg, sizeof(shc.cf_name)-1);

You can add the patch in PKGBUILD/prepare():

  # GCC 9 fix
  patch "programs/tncfg/tncfg.c" "$srcdir/gcc9-fix.patch"

It works for me but that need to be discussed with upstream team.

EDIT: similar code issue: https://github.com/intel/openlldp/issues/23