[gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/
commit: 58f23370c5f39898121cd8bbb05638cd288eba37 Author: Pacho Ramos gentoo org> AuthorDate: Sun Feb 24 09:33:30 2019 + Commit: Pacho Ramos gentoo org> CommitDate: Sun Feb 24 10:52:58 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58f23370 net-misc/tn5250: Fix openssl-1.1 compat Closes: https://bugs.gentoo.org/676654 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Pacho Ramos gentoo.org> .../files/tn5250-0.17.4-duplicate-definition.patch | 115 ++ net-misc/tn5250/files/tn5250-0.17.4-fedora.patch | 167 + .../tn5250/files/tn5250-0.17.4-openssl11.patch | 49 ++ net-misc/tn5250/tn5250-0.17.4-r3.ebuild| 58 +++ 4 files changed, 389 insertions(+) diff --git a/net-misc/tn5250/files/tn5250-0.17.4-duplicate-definition.patch b/net-misc/tn5250/files/tn5250-0.17.4-duplicate-definition.patch new file mode 100644 index 000..39b3ccb4555 --- /dev/null +++ b/net-misc/tn5250/files/tn5250-0.17.4-duplicate-definition.patch @@ -0,0 +1,115 @@ +From 66e1a2f80091e9ee9b99156ae23e5faaf9f24fe0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dan=20Hor=C3=A1k?= +Date: Mon, 20 Feb 2017 15:06:36 +0100 +Subject: [PATCH 3/4] remove duplicate definition for tn3270_ssl_stream_init() + +--- + lib5250/sslstream.c | 93 - + 1 file changed, 93 deletions(-) + +diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c +index f4353a9..86d38cf 100644 +--- a/lib5250/sslstream.c b/lib5250/sslstream.c +@@ -477,99 +477,6 @@ int tn5250_ssl_stream_init (Tn5250Stream *This) +return 0; /* Ok */ + } + +-/f* lib5250/tn3270_ssl_stream_init +- * NAME +- *tn3270_ssl_stream_init +- * SYNOPSIS +- *ret = tn3270_ssl_stream_init (This); +- * INPUTS +- *Tn5250Stream * This - +- * DESCRIPTION +- *DOCUMENT ME!!! +- */ +-int tn3270_ssl_stream_init (Tn5250Stream *This) +-{ +- int len; +- +-/* initialize SSL library */ +- +- SSL_load_error_strings(); +- SSL_library_init(); +- +-/* create a new SSL context */ +- +- This->ssl_context = SSL_CTX_new(SSLv23_client_method()); +- if (This->ssl_context==NULL) { +-DUMP_ERR_STACK (); +-return -1; +- } +- +-/* if a certificate authority file is defined, load it into this context */ +- +- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) { +-if (SSL_CTX_load_verify_locations(This->ssl_context, +- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) { +-DUMP_ERR_STACK (); +-return -1; +-} +- } +- +-/* if a certificate authority file is defined, load it into this context */ +- +- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) { +-if (SSL_CTX_load_verify_locations(This->ssl_context, +- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) { +-DUMP_ERR_STACK (); +-return -1; +-} +- } +- +- This->userdata = NULL; +- +-/* if a PEM passphrase is defined, set things up so that it can be used */ +- +- if (This->config!=NULL && tn5250_config_get (This->config,"ssl_pem_pass")){ +-TN5250_LOG(("SSL: Setting password callback\n")); +-len = strlen(tn5250_config_get (This->config, "ssl_pem_pass")); +-This->userdata = malloc(len+1); +-strncpy(This->userdata, +-tn5250_config_get (This->config, "ssl_pem_pass"), len); +-SSL_CTX_set_default_passwd_cb(This->ssl_context, +-(pem_password_cb *)ssl_stream_passwd_cb); +-SSL_CTX_set_default_passwd_cb_userdata(This->ssl_context, (void *)This); +- +- } +- +-/* If a certificate file has been defined, load it into this context as well */ +- +- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_cert_file")){ +-TN5250_LOG(("SSL: Loading certificates from certificate file\n")); +-if (SSL_CTX_use_certificate_file(This->ssl_context, +-tn5250_config_get (This->config, "ssl_cert_file"), +-SSL_FILETYPE_PEM) <= 0) { +-DUMP_ERR_STACK (); +-return -1; +-} +-TN5250_LOG(("SSL: Loading private keys from certificate file\n")); +-if (SSL_CTX_use_PrivateKey_file(This->ssl_context, +-tn5250_config_get (This->config, "ssl_cert_file"), +-SSL_FILETYPE_PEM) <= 0) { +-DUMP_ERR_STACK (); +-return -1; +-} +- } +- +- This->ssl_handle = NULL; +- This->connect = ssl_stream_connect; +- This->accept = ssl_stream_accept; +- This->disconnect = ssl_stream_disconnect; +- This->handle_receive = ssl_stream_handle_receive; +- This->send_packet = tn3270_ssl_stream_send_packet; +- This->destroy = ssl_stream_destroy; +- This->streamtype = TN3270E_STREAM; +- return 0; /* Ok */ +-} +- + /i* lib5250/ssl_stream_connect + * NAME + *
[gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/
commit: 2ee9d26b29e4b530359ed0cd793334f5fd0bab0f Author: Jeroen Roovers gentoo org> AuthorDate: Fri Mar 2 10:49:00 2018 + Commit: Jeroen Roovers gentoo org> CommitDate: Fri Mar 2 10:49:20 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ee9d26b net-misc/tn5250: Fix building against sys-libs/ncurses[tinfo] (bug #596314). - Drop USE=X (configure: WARNING: unrecognized options: --with-x) - Drop weird build-time only dependency on x11-libs/libXt - Name patches properly. - Add IUSE=static-libs instead of --disable-static - Add linux/Makefile.am patch instead of sedding Makefile.in - Use ltprune.eclass instead of eutils.eclass Package-Manager: Portage-2.3.24, Repoman-2.3.6 ...=> tn5250-0.17.4-disable-sslv2-and-sslv3.patch} | 0 ...250-0.17.4-fix-Wformat-security-warnings.patch} | 0 net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch| 10 +++ net-misc/tn5250/files/tn5250-0.17.4-whoami.patch | 13 + net-misc/tn5250/tn5250-0.17.4-r2.ebuild| 31 +- 5 files changed, 36 insertions(+), 18 deletions(-) diff --git a/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch b/net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch similarity index 100% rename from net-misc/tn5250/files/disable-sslv2-and-sslv3.patch rename to net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch diff --git a/net-misc/tn5250/files/fix-Wformat-security-warnings.patch b/net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch similarity index 100% rename from net-misc/tn5250/files/fix-Wformat-security-warnings.patch rename to net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch diff --git a/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch b/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch new file mode 100644 index 000..46469c4def8 --- /dev/null +++ b/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch @@ -0,0 +1,10 @@ +--- a/configure.ac b/configure.ac +@@ -64,6 +64,7 @@ + AC_MSG_ERROR([** You need a curses-compatible library installed.]) + fi + fi ++ AC_SEARCH_LIBS(stdscr, tinfo, [CURSES_LIB="$CURSES_LIB -ltinfo"]) + AC_SUBST([CURSES_LIB]) + if test "$ac_cv_use_old_keys" != "yes"; + then diff --git a/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch b/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch new file mode 100644 index 000..fbcece25af2 --- /dev/null +++ b/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch @@ -0,0 +1,13 @@ +--- a/linux/Makefile.am b/linux/Makefile.am +@@ -18,10 +18,6 @@ + if [ "$$(uname -s)" = "Linux" ]; then \ + if which tic >/dev/null 2>&1 ; then \ + if [ "`whoami`" = "root" ]; then \ +- rm -f /usr/share/terminfo/x/xterm-5250 ; \ +- rm -f /usr/share/terminfo/5/5250 ; \ +- rm -f /usr/lib/terminfo/x/xterm-5250 ; \ +- rm -f /usr/lib/terminfo/5/5250 ; \ + good=yes ; \ + tic $(srcdir)/5250.terminfo || good=no ; \ + else \ diff --git a/net-misc/tn5250/tn5250-0.17.4-r2.ebuild b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild index 3bcbdbd72cb..f3cfbf0f617 100644 --- a/net-misc/tn5250/tn5250-0.17.4-r2.ebuild +++ b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild @@ -1,8 +1,8 @@ -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=6 -inherit eutils +inherit autotools ltprune DESCRIPTION="IBM AS/400 telnet client which emulates 5250 terminals/printers" HOMEPAGE="http://tn5250.sourceforge.net/; @@ -11,7 +11,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" LICENSE="LGPL-2.1" SLOT="0" KEYWORDS="~amd64 ~ppc ~sparc ~x86" -IUSE="X libressl ssl" +IUSE="libressl ssl static-libs" RDEPEND=" sys-libs/ncurses:= @@ -21,32 +21,27 @@ RDEPEND=" ) " -DEPEND="${RDEPEND} - X? ( x11-libs/libXt ) +DEPEND=" + ${RDEPEND} " PATCHES=( - "${FILESDIR}/disable-sslv2-and-sslv3.patch" - "${FILESDIR}/fix-Wformat-security-warnings.patch" + "${FILESDIR}"/${PN}-0.17.4-disable-sslv2-and-sslv3.patch + "${FILESDIR}"/${PN}-0.17.4-fix-Wformat-security-warnings.patch + "${FILESDIR}"/${PN}-0.17.4-tinfo.patch + "${FILESDIR}"/${PN}-0.17.4-whoami.patch ) src_prepare() { default - - # Next, the Makefile for the terminfo settings tries to remove - # some files it doesn't have access to. We can just remove those - # lines. - sed -i \ - -e "/rm -f \/usr\/.*\/terminfo.*5250/d" linux/Makefile.in \ - || die "sed Makefile.in failed" + eautoreconf } src_configure() { econf \ - --disable-static \ - --without-python \ - $(use_with X x) \ - $(use_with ssl) + $(use_enable static-libs static)
[gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/
commit: b986809e95f5466c28c66132dac475c5b04884ba Author: Michael Orlitzky gentoo org> AuthorDate: Wed Aug 24 00:29:01 2016 + Commit: Michael Orlitzky gentoo org> CommitDate: Wed Aug 24 00:32:55 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b986809e net-misc/tn5250: new revision sans SSLv2/SSLv3 support. This new revision adds two custom patches. The first drops SSLv2/SSLv3 support by disabling the user's ability to specify "ssl2" or "ssl3" as his "ssl_method". The fallback "auto" should still work and choose something secure. The second patch fixes the build with -Werror=format-security and consists of trivial format string additions. Gentoo-Bug: 591940 Package-Manager: portage-2.2.28 .../tn5250/files/disable-sslv2-and-sslv3.patch | 61 + .../files/fix-Wformat-security-warnings.patch | 62 ++ net-misc/tn5250/tn5250-0.17.4-r2.ebuild| 62 ++ 3 files changed, 185 insertions(+) diff --git a/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch b/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch new file mode 100644 index ..9c8d04f --- /dev/null +++ b/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch @@ -0,0 +1,61 @@ +From 1acfebd966e8804e6573cbe9287b8b6f028a646c Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky+Date: Tue, 23 Aug 2016 18:13:47 -0400 +Subject: [PATCH 1/1] sslstream.c: ignore the user's choice of ssl_method. + +The SSLv2 and SSLv3 protocols are insecure, and people have begun to +operate without them. LibreSSL, for example, does not have them +enabled, and it is possible to build OpenSSL in the same manner. + +If SSLv[23] are disabled, the user would not be able to choose "ssl2" +or "ssl3" as his "ssl_method", an option that was undocumented +anywhere. Therefore there is not much lost, and some security to gain, +by removing the option completely. This commit does that, and uses the +automatic protocol choice that is capable of negotiating TLSv1, +TLSv1.1 and TLSv1.2. + +Gentoo-Bug: 591940 +--- + lib5250/sslstream.c | 26 ++ + 1 file changed, 10 insertions(+), 16 deletions(-) + +diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c +index 7181566..2f91d1a 100644 +--- a/lib5250/sslstream.c b/lib5250/sslstream.c +@@ -362,22 +362,16 @@ int tn5250_ssl_stream_init (Tn5250Stream *This) + + /* which SSL method do we use? */ + +- strcpy(methstr,"auto"); +- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_method")) { +-strncpy(methstr, tn5250_config_get (This->config, "ssl_method"), 4); +-methstr[4] = '\0'; +- } +- +- if (!strcmp(methstr, "ssl2")) { +-meth = SSLv2_client_method(); +-TN5250_LOG(("SSL Method = SSLv2_client_method()\n")); +- } else if (!strcmp(methstr, "ssl3")) { +-meth = SSLv3_client_method(); +-TN5250_LOG(("SSL Method = SSLv3_client_method()\n")); +- } else { +-meth = SSLv23_client_method(); +-TN5250_LOG(("SSL Method = SSLv23_client_method()\n")); +- } ++/* Ignore the user's choice of ssl_method (which isn't documented ++ * anyway...) if it was either "ssl2" or "ssl3". Both are insecure, ++ * and this is only safe supported method left. ++ * ++ * This is a Gentoo-specific modification that lets us build ++ * against LibreSSL and newer OpenSSL with its insecure protocols ++ * disabled. ++ */ ++meth = SSLv23_client_method(); ++TN5250_LOG(("SSL Method = SSLv23_client_method()\n")); + + /* create a new SSL context */ + +-- +2.7.3 + diff --git a/net-misc/tn5250/files/fix-Wformat-security-warnings.patch b/net-misc/tn5250/files/fix-Wformat-security-warnings.patch new file mode 100644 index ..4927bce --- /dev/null +++ b/net-misc/tn5250/files/fix-Wformat-security-warnings.patch @@ -0,0 +1,62 @@ +From 1bc9cac45be4bac46f58e325779bdb8c7b7bf502 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Tue, 23 Aug 2016 20:20:15 -0400 +Subject: [PATCH 1/1] Fix format-security warnings. + +Newer versions of GCC have the ability to warn you (or throw errors) +about insecure format strings. Generally this is due to an omitted +format string in the printf family of functions, and a few of those +issues existed in the code base. They were all fixed by adding a +trivial "%s" format string. The project now builds with +-Werror=format-security. +--- + curses/cursesterm.c | 4 ++-- + lib5250/sslstream.c | 2 +- + lib5250/telnetstr.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/curses/cursesterm.c b/curses/cursesterm.c +index bf20f05..3032966 100644 +--- a/curses/cursesterm.c b/curses/cursesterm.c +@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, Tn5250Display *display + if(This->data->is_xterm) { + if (This->data->font_132!=NULL) { +