Search Criteria
Package Details: openwsman 2.7.2-1.2
Package Actions
| Git Clone URL: | https://aur.archlinux.org/openwsman.git (read-only, click to copy) |
|---|---|
| Package Base: | openwsman |
| Description: | Opensource Implementation of WS-Management |
| Upstream URL: | https://openwsman.github.io/ |
| Licenses: | custom:BSD |
| Submitter: | larchunix |
| Maintainer: | bidulock |
| Last Packager: | bidulock |
| Votes: | 1 |
| Popularity: | 0.000000 |
| First Submitted: | 2015-02-22 17:52 (UTC) |
| Last Updated: | 2024-09-14 08:31 (UTC) |
Dependencies (16)
- curl (curl-quiche-gitAUR, curl-http3-ngtcp2AUR, curl-gitAUR, curl-c-aresAUR)
- libxml2 (libxml2-gitAUR, libxml2-2.9AUR)
- openssl (openssl-gitAUR, openssl-staticAUR)
- sblim-sfccAUR
- cmake (cmake-gitAUR) (make)
- perl (perl-gitAUR) (make)
- python (python37AUR, python311AUR, python310AUR) (make)
- python-distutils-extra (make)
- ruby (make)
- ruby-docs (make)
- ruby-rdoc (make)
- rubygems (rubygems-userAUR) (make)
- swig (swig-gitAUR) (make)
- perl (perl-gitAUR) (optional) – for perl bindings
- python (python37AUR, python311AUR, python310AUR) (optional) – for python bindings
- ruby (optional) – for ruby bindings
Latest Comments
hardfalcon commented on 2019-04-03 08:24 (UTC)
OpenWSMAN >= 2.6.9 is affected by two CVEs:
CVE-2019-3816: "Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server."
https://nvd.nist.gov/vuln/detail/CVE-2019-3816
CVE-2019-3833: "Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server."
https://nvd.nist.gov/vuln/detail/CVE-2019-3833
Patches are available through in the above CVE reports, or as a pull request on Github (which upstream couldn't be bothered to look at in almost three weeks): https://github.com/Openwsman/openwsman/pull/118
On top of that, there seem to be a few buffer overflows with an easy patch available, which upstream, again, couldn't be bothered to even look at since December 2018: https://github.com/Openwsman/openwsman/pull/117
So basically, this looks like abandonware.
larchunix commented on 2018-05-07 20:22 (UTC)
@mattski: PKGBUILD updated, thanks!
mattski commented on 2018-05-07 10:40 (UTC)
I am getting a build error (below) it seems you need to add ruby-rdoc as a dependency. It was split from ruby earlier this year.
============================
Scanning dependencies of target ruby_rdoc [ 35%] Generating html Creating rdoc documentation ...Traceback (most recent call last): 2: from ./rdoc:45:in
<main>' 1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:inrequire' /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- rdoc/encoding (LoadError) make[2]: [bindings/ruby/CMakeFiles/ruby_rdoc.dir/build.make:64: bindings/ruby/html] Error 1 make[1]: [CMakeFiles/Makefile2:1151: bindings/ruby/CMakeFiles/ruby_rdoc.dir/all] Error 2 make: *** [Makefile:163: all] Error 2 ==> ERROR: A failure occurred in build(). Aborting...larchunix commented on 2017-06-14 20:26 (UTC)
Megaton commented on 2017-06-13 14:13 (UTC)
larchunix commented on 2017-05-08 19:46 (UTC)
dankles commented on 2017-05-08 17:50 (UTC)