Package Details: openswan

Git Clone URL: (read-only, click to copy)
Package Base: openswan
Description: Open Source implementation of IPsec for Linux
Upstream URL:
Licenses: GPL, custom
Conflicts: ipsec-tools, strongswan
Submitter: Allan
Maintainer: severach
Last Packager: severach
Votes: 143
Popularity: 0.000005
First Submitted: 2009-11-07 14:39
Last Updated: 2020-12-20 00:35

Latest Comments

1 2 3 4 5 6 ... Next › Last »

xexaxo commented on 2020-12-01 05:04

Please consider pulling my fix on the next update. Upstream has merged it, although it not in any release yet.

Edit: fix has been included in

xexaxo commented on 2020-09-28 16:43

You may want to include Otherwise "self-proposal" errors may occur as seen in

buzz commented on 2020-07-09 17:59

Could you support aarch64?

I successfully compiled for this architecture by adding aarch64 to arch in PKGINFO.

Thank you

greenlean commented on 2020-05-21 09:40

The package does not build on gcc 10-1. A workaround is to downgrade to gcc 9.2 and then build it.

$ yay -S downgrade # downgrade gcc gcc-libs

There are also issues with xmlto, is better to remove it: # pacman -R xmlto

lineage commented on 2020-01-30 19:24

One of the makefiles tries to remove a real system file during packaging. Non-root builds where a version is already installed barf. root builds would silently remove the file. This will fix it

--- programs/Makefile.program.orig      2019-06-14 20:35:45.000000000 +0100
+++ programs/Makefile.program   2020-01-30 18:54:31.226501106 +0000
@@ -112,7 +112,7 @@

 # note: remove any old vendor file installed previously
-       @rm -f $(FINALLIBEXECDIR)/vendor
+       @rm -f $(LIBEXECDIR)/vendor
        @if [ -n "$(PROGRAM)" ]; then $(INSTALL) $(INSTBINFLAGS) $(PROGRAM) $(PROGRAMDIR); fi
        @$(foreach f, $(addsuffix .8, $(PROGRAM)), \

amdg commented on 2020-01-21 09:26

This package is missing the following build dependencies:

  • inetutils (hostname command used during build)
  • xmlto (used to generate man pages)
  • docbook-xsl (required to have xmlto working correctly)

severach commented on 2019-08-10 01:04

The "normal" diff format isn't very good. It won't apply if everything isn't exact. The context and unified will apply. Unified are the easiest to read.

Subtracting 1 isn't enough. That may shut the compiler up but it will earn us a CVE. strncpy() does not guarantee a nul end of string. The referenced patch has a decent way to guarantee a nul but I like my way better because it also guarantees no random text can appear after the nul.

The real answer is to write a custom strncpy() that has all the behavior we want, guaranteed nul and all nul to end of buffer.

mickybart commented on 2019-08-09 19:26


I have the same issue when I copy/paste it from my comment.

Here is base64 version to avoid that as I don't know how to share it in a proper way.

echo "MjMzYzIzMwo8IAkJCXN0cm5jcHkoaWZyLmlmcl9uYW1lLCBvcHRhcmcsIHNpemVvZihpZnIuaWZyX25hbWUpKTsKLS0tCj4gCQkJc3RybmNweShpZnIuaWZyX25hbWUsIG9wdGFyZywgc2l6ZW9mKGlmci5pZnJfbmFtZSktMSk7CjIzNmMyMzYKPCAJCQlzdHJuY3B5KHNoYy5jZl9uYW1lLCBvcHRhcmcsIHNpemVvZihzaGMuY2ZfbmFtZSkpOwotLS0KPiAJCQlzdHJuY3B5KHNoYy5jZl9uYW1lLCBvcHRhcmcsIHNpemVvZihzaGMuY2ZfbmFtZSktMSk7Cg==" | base64 -d > gcc9-fix.patch

the sha512sum is d4b5c8418cb623fc720d9e401cbbaf1668c172af8b5c658f95efadcce165840fd35c3f4dbb62925de73c1c3e212093e2cb427424b0db4e92ff96eb1c83cd84c4

stramaz commented on 2019-08-09 14:35

Unfortunately the patch of @mickybart doesn't work for me...:

==> Starting prepare()...
patching file programs/tncfg/tncfg.c
Hunk #1 FAILED at 233.
Hunk #2 FAILED at 236.
2 out of 2 hunks FAILED -- saving rejects to file programs/tncfg/tncfg.c.rej
==> ERROR: A failure occurred in prepare().
:: Unable to build openswan - makepkg exited with code: 4

mickybart commented on 2019-07-17 14:50

That need to be fixed upstream but the patch should look something like that to fix the compilation:

# cat gcc9-fix.patch 
<                       strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name));
>                       strncpy(ifr.ifr_name, optarg, sizeof(ifr.ifr_name)-1);
<                       strncpy(shc.cf_name, optarg, sizeof(shc.cf_name));
>                       strncpy(shc.cf_name, optarg, sizeof(shc.cf_name)-1);

You can add the patch in PKGBUILD/prepare():

  # GCC 9 fix
  patch "programs/tncfg/tncfg.c" "$srcdir/gcc9-fix.patch"

It works for me but that need to be discussed with upstream team.

EDIT: similar code issue: