Package Details: openwsman 2.6.9-1

Git Clone URL: https://aur.archlinux.org/openwsman.git (read-only)
Package Base: openwsman
Description: Opensource Implementation of WS-Management
Upstream URL: https://openwsman.github.io/
Licenses: custom:BSD
Submitter: larchunix
Maintainer: larchunix
Last Packager: larchunix
Votes: 1
Popularity: 0.000000
First Submitted: 2015-02-22 17:52
Last Updated: 2018-11-23 07:51

Latest Comments

hardfalcon commented on 2019-04-03 08:24

OpenWSMAN >= 2.6.9 is affected by two CVEs:

CVE-2019-3816: "Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server."

https://nvd.nist.gov/vuln/detail/CVE-2019-3816

CVE-2019-3833: "Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server."

https://nvd.nist.gov/vuln/detail/CVE-2019-3833

Patches are available through in the above CVE reports, or as a pull request on Github (which upstream couldn't be bothered to look at in almost three weeks): https://github.com/Openwsman/openwsman/pull/118

On top of that, there seem to be a few buffer overflows with an easy patch available, which upstream, again, couldn't be bothered to even look at since December 2018: https://github.com/Openwsman/openwsman/pull/117

So basically, this looks like abandonware.

Anonymous comment on 2018-12-15 06:59

Thanks for this post if you were looking for the tutorial to enable chrome cookies then from our website https://windowsclassroom.com/enable-cookies-chrome get the tutorial to change chrome cookies in few steps without facing any trouble.

larchunix commented on 2018-05-07 20:22

@mattski: PKGBUILD updated, thanks!

mattski commented on 2018-05-07 10:40

I am getting a build error (below) it seems you need to add ruby-rdoc as a dependency. It was split from ruby earlier this year.

============================

Scanning dependencies of target ruby_rdoc [ 35%] Generating html Creating rdoc documentation ...Traceback (most recent call last): 2: from ./rdoc:45:in <main>' 1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:inrequire' /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- rdoc/encoding (LoadError) make[2]: [bindings/ruby/CMakeFiles/ruby_rdoc.dir/build.make:64: bindings/ruby/html] Error 1 make[1]: [CMakeFiles/Makefile2:1151: bindings/ruby/CMakeFiles/ruby_rdoc.dir/all] Error 2 make: *** [Makefile:163: all] Error 2 ==> ERROR: A failure occurred in build(). Aborting...

larchunix commented on 2017-06-14 20:26

@Megatonna: It doesn't seem to be supported (yet) without patching CMakeLists.txt. I get the following error when using python3:

=====
CMake Error at /usr/share/cmake-3.8/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find PythonLibs (missing: PYTHON_LIBRARIES PYTHON_INCLUDE_DIRS)
(Required is at least version "2.6")
Call Stack (most recent call first):
/usr/share/cmake-3.8/Modules/FindPackageHandleStandardArgs.cmake:377 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake-3.8/Modules/FindPythonLibs.cmake:262 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
CMakeLists.txt:180 (FIND_PACKAGE)

Megatonna commented on 2017-06-13 14:13

Could you add bindings for python3?

larchunix commented on 2017-05-08 19:46

@dankles: PKGBUILD updated to use openssl-1.0, it should be ok now.

dankles commented on 2017-05-08 17:50

I'm getting a build error:
====
Scanning dependencies of target wsman_curl_client_transport
[ 1%] Building C object src/lib/CMakeFiles/wsman_curl_client_transport.dir/wsman-client-transport.o
[ 2%] Building C object src/lib/CMakeFiles/wsman_curl_client_transport.dir/wsman-curl-client-transport.o
/home/dankles/.cache/pacaur/openwsman/src/openwsman-2.6.3/src/lib/wsman-curl-client-transport.c: In function ‘ssl_certificate_thumbprint_verify_callback’:
/home/dankles/.cache/pacaur/openwsman/src/openwsman-2.6.3/src/lib/wsman-curl-client-transport.c:244:18: error: dereferencing pointer to incomplete type ‘X509_STORE_CTX {aka struct x509_store_ctx_st}’
X509 *cert = ctx->cert;
^~
make[2]: *** [src/lib/CMakeFiles/wsman_curl_client_transport.dir/build.make:87: src/lib/CMakeFiles/wsman_curl_client_transport.dir/wsman-curl-client-transport.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:1549: src/lib/CMakeFiles/wsman_curl_client_transport.dir/all] Error 2
make: *** [Makefile:163: all] Error 2
==> ERROR: A failure occurred in build().
Aborting...
:: failed to build openwsman package(s)
====

Anyone else seeing this?