Package Details: openswan 2.6.51.5-1

Git Clone URL: https://aur.archlinux.org/openswan.git (read-only, click to copy)
Package Base: openswan
Description: Open Source implementation of IPsec for Linux
Upstream URL: https://www.openswan.org
Licenses: GPL, custom
Conflicts: ipsec-tools, strongswan
Submitter: Allan
Maintainer: severach
Last Packager: severach
Votes: 143
Popularity: 0.009402
First Submitted: 2009-11-07 14:39
Last Updated: 2019-08-10 00:57

Latest Comments

1 2 3 4 5 6 ... Next › Last »

lineage commented on 2020-01-30 19:24

One of the makefiles tries to remove a real system file during packaging. Non-root builds where a version is already installed barf. root builds would silently remove the file. This will fix it


--- programs/Makefile.program.orig      2019-06-14 20:35:45.000000000 +0100
+++ programs/Makefile.program   2020-01-30 18:54:31.226501106 +0000
@@ -112,7 +112,7 @@

 # note: remove any old vendor file installed previously
 doinstall:: $(PROGRAM) $(CONFFILES) $(EXTRA8MAN) $(EXTRA5MAN) $(EXTRA5PROC) $(LIBFILES) $(CONFDFILES)
-       @rm -f $(FINALLIBEXECDIR)/vendor
+       @rm -f $(LIBEXECDIR)/vendor
        @mkdir -p $(PROGRAMDIR) $(MANDIR8) $(MANDIR5) $(LIBDIR) $(CONFDIR) $(CONFDDIR) $(CONFDDIR)/$(CONFDSUBDIR) $(EXAMPLECONFDIR)
        @if [ -n "$(PROGRAM)" ]; then $(INSTALL) $(INSTBINFLAGS) $(PROGRAM) $(PROGRAMDIR); fi
        @$(foreach f, $(addsuffix .8, $(PROGRAM)), \

amdg commented on 2020-01-21 09:26

This package is missing the following build dependencies:

  • inetutils (hostname command used during build)
  • xmlto (used to generate man pages)
  • docbook-xsl (required to have xmlto working correctly)

severach commented on 2019-08-10 01:04

The "normal" diff format isn't very good. It won't apply if everything isn't exact. The context and unified will apply. Unified are the easiest to read.

Subtracting 1 isn't enough. That may shut the compiler up but it will earn us a CVE. strncpy() does not guarantee a nul end of string. The referenced patch has a decent way to guarantee a nul but I like my way better because it also guarantees no random text can appear after the nul.

The real answer is to write a custom strncpy() that has all the behavior we want, guaranteed nul and all nul to end of buffer.

mickybart commented on 2019-08-09 19:26

@stramaz

I have the same issue when I copy/paste it from my comment.

Here is base64 version to avoid that as I don't know how to share it in a proper way.

echo "MjMzYzIzMwo8IAkJCXN0cm5jcHkoaWZyLmlmcl9uYW1lLCBvcHRhcmcsIHNpemVvZihpZnIuaWZyX25hbWUpKTsKLS0tCj4gCQkJc3RybmNweShpZnIuaWZyX25hbWUsIG9wdGFyZywgc2l6ZW9mKGlmci5pZnJfbmFtZSktMSk7CjIzNmMyMzYKPCAJCQlzdHJuY3B5KHNoYy5jZl9uYW1lLCBvcHRhcmcsIHNpemVvZihzaGMuY2ZfbmFtZSkpOwotLS0KPiAJCQlzdHJuY3B5KHNoYy5jZl9uYW1lLCBvcHRhcmcsIHNpemVvZihzaGMuY2ZfbmFtZSktMSk7Cg==" | base64 -d > gcc9-fix.patch

the sha512sum is d4b5c8418cb623fc720d9e401cbbaf1668c172af8b5c658f95efadcce165840fd35c3f4dbb62925de73c1c3e212093e2cb427424b0db4e92ff96eb1c83cd84c4

stramaz commented on 2019-08-09 14:35

Unfortunately the patch of @mickybart doesn't work for me...: 


==> Starting prepare()...
patching file programs/tncfg/tncfg.c
Hunk #1 FAILED at 233.
Hunk #2 FAILED at 236.
2 out of 2 hunks FAILED -- saving rejects to file programs/tncfg/tncfg.c.rej
==> ERROR: A failure occurred in prepare().
    Aborting...
:: Unable to build openswan - makepkg exited with code: 4

mickybart commented on 2019-07-17 14:50

That need to be fixed upstream but the patch should look something like that to fix the compilation:

# cat gcc9-fix.patch 
233c233
<                       strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name));
---
>                       strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name)-1);
236c236
<                       strncpy(shc.cf_name, optarg, sizeof(shc.cf_name));
---
>                       strncpy(shc.cf_name, optarg, sizeof(shc.cf_name)-1);

You can add the patch in PKGBUILD/prepare():

  # GCC 9 fix
  patch "programs/tncfg/tncfg.c" "$srcdir/gcc9-fix.patch"

It works for me but that need to be discussed with upstream team.

EDIT: similar code issue: https://github.com/intel/openlldp/issues/23

gally commented on 2019-07-10 13:32

downgrading gcc to 8.3.0 didn't work at all for me. Same result as before.

elgs commented on 2019-07-05 06:28

Thank you!! Downgrading both gcc and gcc-libs to 8.3.0 and it worked!!

GPereira commented on 2019-07-04 19:17

Thank you for sending me reports but since I am not able to solve it and I am not using Arch Linux as my daily driver currently it's only logical I orphan this package. PS: Maybe something to do with glibc or gcc version? Try downgrading to GCC 8.2.x and try to compile just to check if that's the issue.

elgs commented on 2019-07-04 09:05

Building failed with the following message:

In function 'strncpy',
    inlined from 'main' at /home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/programs/tncfg/tncfg.c:233:4:
/usr/include/bits/string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'strncpy',
    inlined from 'main' at /home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/programs/tncfg/tncfg.c:236:4:
/usr/include/bits/string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 12 equals destination size [-Werror=stringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[3]: *** [/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/Makefile.common:21: tncfg.o] Error 1
make[3]: Leaving directory '/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/OBJ.linux.x86_64/programs/tncfg'
make[2]: *** [/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/programs/Makefile:59: programs] Error 1
make[2]: Leaving directory '/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/OBJ.linux.x86_64/programs'
make[1]: *** [Makefile:10: programs] Error 1
make[1]: Leaving directory '/home/elgs/.cache/yay/openswan/src/openswan-2.6.51.5/OBJ.linux.x86_64'
make: *** [Makefile:186: programs] Error 2
==> ERROR: A failure occurred in build().
    Aborting...
Error making: openswan