Package Details: openwsman 2.7.2-1

Git Clone URL: https://aur.archlinux.org/openwsman.git (read-only, click to copy)
Package Base: openwsman
Description: Opensource Implementation of WS-Management
Upstream URL: https://openwsman.github.io/
Licenses: custom:BSD
Submitter: larchunix
Maintainer: larchunix
Last Packager: larchunix
Votes: 1
Popularity: 0.000000
First Submitted: 2015-02-22 17:52 (UTC)
Last Updated: 2023-01-08 17:39 (UTC)

Dependencies (13)

Sources (1)

Latest Comments

hardfalcon commented on 2019-04-03 08:24 (UTC)

OpenWSMAN >= 2.6.9 is affected by two CVEs:

CVE-2019-3816: "Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server."

https://nvd.nist.gov/vuln/detail/CVE-2019-3816

CVE-2019-3833: "Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server."

https://nvd.nist.gov/vuln/detail/CVE-2019-3833

Patches are available through in the above CVE reports, or as a pull request on Github (which upstream couldn't be bothered to look at in almost three weeks): https://github.com/Openwsman/openwsman/pull/118

On top of that, there seem to be a few buffer overflows with an easy patch available, which upstream, again, couldn't be bothered to even look at since December 2018: https://github.com/Openwsman/openwsman/pull/117

So basically, this looks like abandonware.

larchunix commented on 2018-05-07 20:22 (UTC)

@mattski: PKGBUILD updated, thanks!

mattski commented on 2018-05-07 10:40 (UTC)

I am getting a build error (below) it seems you need to add ruby-rdoc as a dependency. It was split from ruby earlier this year.

============================

Scanning dependencies of target ruby_rdoc [ 35%] Generating html Creating rdoc documentation ...Traceback (most recent call last): 2: from ./rdoc:45:in <main>' 1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:inrequire' /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- rdoc/encoding (LoadError) make[2]: [bindings/ruby/CMakeFiles/ruby_rdoc.dir/build.make:64: bindings/ruby/html] Error 1 make[1]: [CMakeFiles/Makefile2:1151: bindings/ruby/CMakeFiles/ruby_rdoc.dir/all] Error 2 make: *** [Makefile:163: all] Error 2 ==> ERROR: A failure occurred in build(). Aborting...

larchunix commented on 2017-06-14 20:26 (UTC)

@Megatonna: It doesn't seem to be supported (yet) without patching CMakeLists.txt. I get the following error when using python3: ===== CMake Error at /usr/share/cmake-3.8/Modules/FindPackageHandleStandardArgs.cmake:137 (message): Could NOT find PythonLibs (missing: PYTHON_LIBRARIES PYTHON_INCLUDE_DIRS) (Required is at least version "2.6") Call Stack (most recent call first): /usr/share/cmake-3.8/Modules/FindPackageHandleStandardArgs.cmake:377 (_FPHSA_FAILURE_MESSAGE) /usr/share/cmake-3.8/Modules/FindPythonLibs.cmake:262 (FIND_PACKAGE_HANDLE_STANDARD_ARGS) CMakeLists.txt:180 (FIND_PACKAGE)

Megaton commented on 2017-06-13 14:13 (UTC)

Could you add bindings for python3?

larchunix commented on 2017-05-08 19:46 (UTC)

@dankles: PKGBUILD updated to use openssl-1.0, it should be ok now.

dankles commented on 2017-05-08 17:50 (UTC)

I'm getting a build error: ==== Scanning dependencies of target wsman_curl_client_transport [ 1%] Building C object src/lib/CMakeFiles/wsman_curl_client_transport.dir/wsman-client-transport.o [ 2%] Building C object src/lib/CMakeFiles/wsman_curl_client_transport.dir/wsman-curl-client-transport.o /home/dankles/.cache/pacaur/openwsman/src/openwsman-2.6.3/src/lib/wsman-curl-client-transport.c: In function ‘ssl_certificate_thumbprint_verify_callback’: /home/dankles/.cache/pacaur/openwsman/src/openwsman-2.6.3/src/lib/wsman-curl-client-transport.c:244:18: error: dereferencing pointer to incomplete type ‘X509_STORE_CTX {aka struct x509_store_ctx_st}’ X509 *cert = ctx->cert; ^~ make[2]: *** [src/lib/CMakeFiles/wsman_curl_client_transport.dir/build.make:87: src/lib/CMakeFiles/wsman_curl_client_transport.dir/wsman-curl-client-transport.o] Error 1 make[1]: *** [CMakeFiles/Makefile2:1549: src/lib/CMakeFiles/wsman_curl_client_transport.dir/all] Error 2 make: *** [Makefile:163: all] Error 2 ==> ERROR: A failure occurred in build(). Aborting... :: failed to build openwsman package(s) ==== Anyone else seeing this?