Search Criteria
Package Details: openwsman 2.7.0-1
Git Clone URL: | https://aur.archlinux.org/openwsman.git (read-only, click to copy) |
---|---|
Package Base: | openwsman |
Description: | Opensource Implementation of WS-Management |
Upstream URL: | https://openwsman.github.io/ |
Licenses: | |
Submitter: | larchunix |
Maintainer: | larchunix |
Last Packager: | larchunix |
Votes: | 1 |
Popularity: | 0.000000 |
First Submitted: | 2015-02-22 17:52 |
Last Updated: | 2020-05-25 21:44 |
Dependencies (13)
- curl (curl-git, curl-minimal-git)
- libxml2 (libxml2-linenum, libxml2-git)
- openssl (libressl-git, openssl-purify, openssl-zlib, openssl-git, openssl-weak-ciphers, openssl-hardened)
- sblim-sfcc
- cmake (cmake-git) (make)
- perl (perl-git) (make)
- python (python-dbg) (make)
- ruby (ruby1.8, rvm) (make)
- ruby-rdoc (make)
- swig (swig-git) (make)
- perl (perl-git) (optional) – for perl bindings
- python (python-dbg) (optional) – for python bindings
- ruby (ruby1.8, rvm) (optional) – for ruby bindings
Latest Comments
hardfalcon commented on 2019-04-03 08:24
OpenWSMAN >= 2.6.9 is affected by two CVEs:
CVE-2019-3816: "Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server."
https://nvd.nist.gov/vuln/detail/CVE-2019-3816
CVE-2019-3833: "Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server."
https://nvd.nist.gov/vuln/detail/CVE-2019-3833
Patches are available through in the above CVE reports, or as a pull request on Github (which upstream couldn't be bothered to look at in almost three weeks): https://github.com/Openwsman/openwsman/pull/118
On top of that, there seem to be a few buffer overflows with an easy patch available, which upstream, again, couldn't be bothered to even look at since December 2018: https://github.com/Openwsman/openwsman/pull/117
So basically, this looks like abandonware.
larchunix commented on 2018-05-07 20:22
@mattski: PKGBUILD updated, thanks!
mattski commented on 2018-05-07 10:40
I am getting a build error (below) it seems you need to add ruby-rdoc as a dependency. It was split from ruby earlier this year.
============================
Scanning dependencies of target ruby_rdoc [ 35%] Generating html Creating rdoc documentation ...Traceback (most recent call last): 2: from ./rdoc:45:in
<main>' 1: from /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in
require' /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- rdoc/encoding (LoadError) make[2]: [bindings/ruby/CMakeFiles/ruby_rdoc.dir/build.make:64: bindings/ruby/html] Error 1 make[1]: [CMakeFiles/Makefile2:1151: bindings/ruby/CMakeFiles/ruby_rdoc.dir/all] Error 2 make: *** [Makefile:163: all] Error 2 ==> ERROR: A failure occurred in build(). Aborting...larchunix commented on 2017-06-14 20:26
@Megatonna: It doesn't seem to be supported (yet) without patching CMakeLists.txt. I get the following error when using python3:
=====
CMake Error at /usr/share/cmake-3.8/Modules/FindPackageHandleStandardArgs.cmake:137 (message):
Could NOT find PythonLibs (missing: PYTHON_LIBRARIES PYTHON_INCLUDE_DIRS)
(Required is at least version "2.6")
Call Stack (most recent call first):
/usr/share/cmake-3.8/Modules/FindPackageHandleStandardArgs.cmake:377 (_FPHSA_FAILURE_MESSAGE)
/usr/share/cmake-3.8/Modules/FindPythonLibs.cmake:262 (FIND_PACKAGE_HANDLE_STANDARD_ARGS)
CMakeLists.txt:180 (FIND_PACKAGE)
Megatonna commented on 2017-06-13 14:13
Could you add bindings for python3?
larchunix commented on 2017-05-08 19:46
@dankles: PKGBUILD updated to use openssl-1.0, it should be ok now.
dankles commented on 2017-05-08 17:50
I'm getting a build error:
====
Scanning dependencies of target wsman_curl_client_transport
[ 1%] Building C object src/lib/CMakeFiles/wsman_curl_client_transport.dir/wsman-client-transport.o
[ 2%] Building C object src/lib/CMakeFiles/wsman_curl_client_transport.dir/wsman-curl-client-transport.o
/home/dankles/.cache/pacaur/openwsman/src/openwsman-2.6.3/src/lib/wsman-curl-client-transport.c: In function ‘ssl_certificate_thumbprint_verify_callback’:
/home/dankles/.cache/pacaur/openwsman/src/openwsman-2.6.3/src/lib/wsman-curl-client-transport.c:244:18: error: dereferencing pointer to incomplete type ‘X509_STORE_CTX {aka struct x509_store_ctx_st}’
X509 *cert = ctx->cert;
^~
make[2]: *** [src/lib/CMakeFiles/wsman_curl_client_transport.dir/build.make:87: src/lib/CMakeFiles/wsman_curl_client_transport.dir/wsman-curl-client-transport.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:1549: src/lib/CMakeFiles/wsman_curl_client_transport.dir/all] Error 2
make: *** [Makefile:163: all] Error 2
==> ERROR: A failure occurred in build().
Aborting...
:: failed to build openwsman package(s)
====
Anyone else seeing this?