OK, I did something (installing new flex, bison, patching source...) apparently and now I get this error when compiling, instead of the Flex error:
------------------------------ -c /opt/libreswan-3.15/programs/pluto/timer.c cc1: warnings being treated as errors /opt/libreswan-3.15/programs/pluto/timer.c: In function 'timer_event_cb': /opt/libreswan-3.15/programs/pluto/timer.c:455: warning: 'last_used_age.delta_secs' is used uninitialized in this function make[3]: *** [timer.o] Error 1 make[3]: Leaving directory `/opt/libreswan-3.15/OBJ.linux.x86_64/programs/pluto' make[2]: *** [local-base] Error 2 make[2]: Leaving directory `/opt/libreswan-3.15/programs/pluto' ------------------------------ What is strange is that it used to be failing at the timer.c compile Yesterday, that I started getting the flex issue. Not sure what this means to be honest. Tomas -----Original Message----- From: Paul Wouters [mailto:[email protected]] Sent: Friday, September 25, 2015 4:45 AM To: Tomas France Cc: [email protected] Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5 On Fri, 25 Sep 2015, Tomas France wrote: > OK, I understand. We are talking about 20+ servers that would need a > full reinstallation by the way... Done by myself... That's not too bad :) > It seems I have been able to compile OpenSwan 2.6.45 on the CentOS 5 > (test) server though, although with some nasty makefile modifications. Obviously I am biased, but I would not use openswan. They haven't properly fixed some of the earlier CVE's (the ID one) and their code hasn't seen the amount of FIPS and Common Criteria testing that libreswan went through. Also, if you compiled without NSS, that setup is also vulnerable private RSA key leak as described at: https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfe ct-forward-secrecy/ > I'd really > prefer Libreswan as it works really well on one of our CentOS 6 > servers already (well, too early to say really but so far so good). > > Also, if someone would consider modifying the patch from 3.14 to 3.13, > I'd be willing to send a small donation for that :) I think it would be more useful to see about pulling in nss from centos6 and going with the latest libreswan. The 3.15-3 build that will go into RHEL6 extras and RHEL-7.1.z probably has all the fixes for the flex/bison issues you reported. The pre-release of 3.15-3 can be found at ftp://ftp.nohats.ca/rhel6/ Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
