[gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/

2019-02-24 Thread Pacho Ramos 
commit: 58f23370c5f39898121cd8bbb05638cd288eba37
Author: Pacho Ramos  gentoo  org>
AuthorDate: Sun Feb 24 09:33:30 2019 +
Commit: Pacho Ramos  gentoo  org>
CommitDate: Sun Feb 24 10:52:58 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58f23370

net-misc/tn5250: Fix openssl-1.1 compat

Closes: https://bugs.gentoo.org/676654
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Pacho Ramos  gentoo.org>

 .../files/tn5250-0.17.4-duplicate-definition.patch | 115 ++
 net-misc/tn5250/files/tn5250-0.17.4-fedora.patch   | 167 +
 .../tn5250/files/tn5250-0.17.4-openssl11.patch |  49 ++
 net-misc/tn5250/tn5250-0.17.4-r3.ebuild|  58 +++
 4 files changed, 389 insertions(+)

diff --git a/net-misc/tn5250/files/tn5250-0.17.4-duplicate-definition.patch 
b/net-misc/tn5250/files/tn5250-0.17.4-duplicate-definition.patch
new file mode 100644
index 000..39b3ccb4555
--- /dev/null
+++ b/net-misc/tn5250/files/tn5250-0.17.4-duplicate-definition.patch
@@ -0,0 +1,115 @@
+From 66e1a2f80091e9ee9b99156ae23e5faaf9f24fe0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= 
+Date: Mon, 20 Feb 2017 15:06:36 +0100
+Subject: [PATCH 3/4] remove duplicate definition for tn3270_ssl_stream_init()
+
+---
+ lib5250/sslstream.c | 93 -
+ 1 file changed, 93 deletions(-)
+
+diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
+index f4353a9..86d38cf 100644
+--- a/lib5250/sslstream.c
 b/lib5250/sslstream.c
+@@ -477,99 +477,6 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
+return 0; /* Ok */
+ }
+ 
+-/f* lib5250/tn3270_ssl_stream_init
+- * NAME
+- *tn3270_ssl_stream_init
+- * SYNOPSIS
+- *ret = tn3270_ssl_stream_init (This);
+- * INPUTS
+- *Tn5250Stream *   This   - 
+- * DESCRIPTION
+- *DOCUMENT ME!!!
+- */
+-int tn3270_ssl_stream_init (Tn5250Stream *This)
+-{
+-   int len;
+-
+-/* initialize SSL library */
+-
+-   SSL_load_error_strings();
+-   SSL_library_init();
+-
+-/* create a new SSL context */
+-
+-   This->ssl_context = SSL_CTX_new(SSLv23_client_method());
+-   if (This->ssl_context==NULL) {
+-DUMP_ERR_STACK ();
+-return -1;
+-   }
+-
+-/* if a certificate authority file is defined, load it into this context */
+-
+-   if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) 
{
+-if (SSL_CTX_load_verify_locations(This->ssl_context, 
+-  tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
+-DUMP_ERR_STACK ();
+-return -1;
+-}
+-   }
+-
+-/* if a certificate authority file is defined, load it into this context */
+-
+-   if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) 
{
+-if (SSL_CTX_load_verify_locations(This->ssl_context, 
+-  tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
+-DUMP_ERR_STACK ();
+-return -1;
+-}
+-   }
+-
+-   This->userdata = NULL;
+-
+-/* if a PEM passphrase is defined, set things up so that it can be used */
+-
+-   if (This->config!=NULL && tn5250_config_get (This->config,"ssl_pem_pass")){
+-TN5250_LOG(("SSL: Setting password callback\n"));
+-len = strlen(tn5250_config_get (This->config, "ssl_pem_pass"));
+-This->userdata = malloc(len+1);
+-strncpy(This->userdata,
+-tn5250_config_get (This->config, "ssl_pem_pass"), len);
+-SSL_CTX_set_default_passwd_cb(This->ssl_context,
+-(pem_password_cb *)ssl_stream_passwd_cb);
+-SSL_CTX_set_default_passwd_cb_userdata(This->ssl_context, (void 
*)This);
+-
+-   }
+-
+-/* If a certificate file has been defined, load it into this context as well 
*/
+-
+-   if (This->config!=NULL && tn5250_config_get (This->config, 
"ssl_cert_file")){
+-TN5250_LOG(("SSL: Loading certificates from certificate file\n"));
+-if (SSL_CTX_use_certificate_file(This->ssl_context,
+-tn5250_config_get (This->config, "ssl_cert_file"),
+-SSL_FILETYPE_PEM) <= 0) {
+-DUMP_ERR_STACK ();
+-return -1;
+-}
+-TN5250_LOG(("SSL: Loading private keys from certificate file\n"));
+-if (SSL_CTX_use_PrivateKey_file(This->ssl_context,
+-tn5250_config_get (This->config, "ssl_cert_file"),
+-SSL_FILETYPE_PEM) <= 0) {
+-DUMP_ERR_STACK ();
+-return -1;
+-}
+-   }
+-
+-   This->ssl_handle = NULL;
+-   This->connect = ssl_stream_connect;
+-   This->accept = ssl_stream_accept;
+-   This->disconnect = ssl_stream_disconnect;
+-   This->handle_receive = ssl_stream_handle_receive;
+-   This->send_packet = tn3270_ssl_stream_send_packet;
+-   This->destroy = ssl_stream_destroy;
+-   This->streamtype = TN3270E_STREAM;
+-   return 0; /* Ok */
+-}
+-
+ /i* lib5250/ssl_stream_connect
+  * NAME
+  *

[gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/

2018-03-02 Thread Jeroen Roovers 
commit: 2ee9d26b29e4b530359ed0cd793334f5fd0bab0f
Author: Jeroen Roovers  gentoo  org>
AuthorDate: Fri Mar  2 10:49:00 2018 +
Commit: Jeroen Roovers  gentoo  org>
CommitDate: Fri Mar  2 10:49:20 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ee9d26b

net-misc/tn5250: Fix building against sys-libs/ncurses[tinfo] (bug #596314).

- Drop USE=X (configure: WARNING: unrecognized options: --with-x)
- Drop weird build-time only dependency on x11-libs/libXt
- Name patches properly.
- Add IUSE=static-libs instead of --disable-static
- Add linux/Makefile.am patch instead of sedding Makefile.in
- Use ltprune.eclass instead of eutils.eclass

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 ...=> tn5250-0.17.4-disable-sslv2-and-sslv3.patch} |  0
 ...250-0.17.4-fix-Wformat-security-warnings.patch} |  0
 net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch| 10 +++
 net-misc/tn5250/files/tn5250-0.17.4-whoami.patch   | 13 +
 net-misc/tn5250/tn5250-0.17.4-r2.ebuild| 31 +-
 5 files changed, 36 insertions(+), 18 deletions(-)

diff --git a/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch 
b/net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch
similarity index 100%
rename from net-misc/tn5250/files/disable-sslv2-and-sslv3.patch
rename to net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch

diff --git a/net-misc/tn5250/files/fix-Wformat-security-warnings.patch 
b/net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch
similarity index 100%
rename from net-misc/tn5250/files/fix-Wformat-security-warnings.patch
rename to 
net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch

diff --git a/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch 
b/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch
new file mode 100644
index 000..46469c4def8
--- /dev/null
+++ b/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch
@@ -0,0 +1,10 @@
+--- a/configure.ac
 b/configure.ac
+@@ -64,6 +64,7 @@
+   AC_MSG_ERROR([** You need a curses-compatible library 
installed.])
+   fi
+   fi
++  AC_SEARCH_LIBS(stdscr, tinfo, [CURSES_LIB="$CURSES_LIB -ltinfo"])
+   AC_SUBST([CURSES_LIB])
+ if test "$ac_cv_use_old_keys" != "yes";
+ then

diff --git a/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch 
b/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch
new file mode 100644
index 000..fbcece25af2
--- /dev/null
+++ b/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch
@@ -0,0 +1,13 @@
+--- a/linux/Makefile.am
 b/linux/Makefile.am
+@@ -18,10 +18,6 @@
+ if [ "$$(uname -s)" = "Linux" ]; then \
+ if which tic >/dev/null 2>&1 ; then \
+ if [ "`whoami`" = "root" ]; then \
+-  rm -f /usr/share/terminfo/x/xterm-5250 ; \
+-  rm -f /usr/share/terminfo/5/5250 ; \
+-  rm -f /usr/lib/terminfo/x/xterm-5250 ; \
+-  rm -f /usr/lib/terminfo/5/5250 ; \
+   good=yes ; \
+   tic $(srcdir)/5250.terminfo || good=no ; \
+ else \

diff --git a/net-misc/tn5250/tn5250-0.17.4-r2.ebuild 
b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild
index 3bcbdbd72cb..f3cfbf0f617 100644
--- a/net-misc/tn5250/tn5250-0.17.4-r2.ebuild
+++ b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild
@@ -1,8 +1,8 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
-inherit eutils
+inherit autotools ltprune
 
 DESCRIPTION="IBM AS/400 telnet client which emulates 5250 terminals/printers"
 HOMEPAGE="http://tn5250.sourceforge.net/;
@@ -11,7 +11,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
 LICENSE="LGPL-2.1"
 SLOT="0"
 KEYWORDS="~amd64 ~ppc ~sparc ~x86"
-IUSE="X libressl ssl"
+IUSE="libressl ssl static-libs"
 
 RDEPEND="
sys-libs/ncurses:=
@@ -21,32 +21,27 @@ RDEPEND="
)
 "
 
-DEPEND="${RDEPEND}
-   X? ( x11-libs/libXt )
+DEPEND="
+   ${RDEPEND}
 "
 
 PATCHES=(
-   "${FILESDIR}/disable-sslv2-and-sslv3.patch"
-   "${FILESDIR}/fix-Wformat-security-warnings.patch"
+   "${FILESDIR}"/${PN}-0.17.4-disable-sslv2-and-sslv3.patch
+   "${FILESDIR}"/${PN}-0.17.4-fix-Wformat-security-warnings.patch
+   "${FILESDIR}"/${PN}-0.17.4-tinfo.patch
+   "${FILESDIR}"/${PN}-0.17.4-whoami.patch
 )
 
 src_prepare() {
default
-
-   # Next, the Makefile for the terminfo settings tries to remove
-   # some files it doesn't have access to.  We can just remove those
-   # lines.
-   sed -i \
-   -e "/rm -f \/usr\/.*\/terminfo.*5250/d" linux/Makefile.in \
-   || die "sed Makefile.in failed"
+   eautoreconf
 }
 
 src_configure() {
econf \
-   --disable-static \
-   --without-python \
-   $(use_with X x) \
-   $(use_with ssl)
+   $(use_enable static-libs static)

[gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/

2016-08-23 Thread Michael Orlitzky 
commit: b986809e95f5466c28c66132dac475c5b04884ba
Author: Michael Orlitzky  gentoo  org>
AuthorDate: Wed Aug 24 00:29:01 2016 +
Commit: Michael Orlitzky  gentoo  org>
CommitDate: Wed Aug 24 00:32:55 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b986809e

net-misc/tn5250: new revision sans SSLv2/SSLv3 support.

This new revision adds two custom patches. The first drops SSLv2/SSLv3
support by disabling the user's ability to specify "ssl2" or "ssl3" as
his "ssl_method". The fallback "auto" should still work and choose
something secure.

The second patch fixes the build with -Werror=format-security and
consists of trivial format string additions.

Gentoo-Bug: 591940

Package-Manager: portage-2.2.28

 .../tn5250/files/disable-sslv2-and-sslv3.patch | 61 +
 .../files/fix-Wformat-security-warnings.patch  | 62 ++
 net-misc/tn5250/tn5250-0.17.4-r2.ebuild| 62 ++
 3 files changed, 185 insertions(+)

diff --git a/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch 
b/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch
new file mode 100644
index ..9c8d04f
--- /dev/null
+++ b/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch
@@ -0,0 +1,61 @@
+From 1acfebd966e8804e6573cbe9287b8b6f028a646c Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky 
+Date: Tue, 23 Aug 2016 18:13:47 -0400
+Subject: [PATCH 1/1] sslstream.c: ignore the user's choice of ssl_method.
+
+The SSLv2 and SSLv3 protocols are insecure, and people have begun to
+operate without them. LibreSSL, for example, does not have them
+enabled, and it is possible to build OpenSSL in the same manner.
+
+If SSLv[23] are disabled, the user would not be able to choose "ssl2"
+or "ssl3" as his "ssl_method", an option that was undocumented
+anywhere. Therefore there is not much lost, and some security to gain,
+by removing the option completely. This commit does that, and uses the
+automatic protocol choice that is capable of negotiating TLSv1,
+TLSv1.1 and TLSv1.2.
+
+Gentoo-Bug: 591940
+---
+ lib5250/sslstream.c | 26 ++
+ 1 file changed, 10 insertions(+), 16 deletions(-)
+
+diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
+index 7181566..2f91d1a 100644
+--- a/lib5250/sslstream.c
 b/lib5250/sslstream.c
+@@ -362,22 +362,16 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
+ 
+ /*  which SSL method do we use? */
+ 
+-   strcpy(methstr,"auto");
+-   if (This->config!=NULL && tn5250_config_get (This->config, "ssl_method")) {
+-strncpy(methstr, tn5250_config_get (This->config, "ssl_method"), 4);
+-methstr[4] = '\0';
+-   }
+-
+-   if (!strcmp(methstr, "ssl2")) {
+-meth = SSLv2_client_method(); 
+-TN5250_LOG(("SSL Method = SSLv2_client_method()\n"));
+-   } else if (!strcmp(methstr, "ssl3")) {
+-meth = SSLv3_client_method(); 
+-TN5250_LOG(("SSL Method = SSLv3_client_method()\n"));
+-   } else {
+-meth = SSLv23_client_method(); 
+-TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
+-   }
++/* Ignore the user's choice of ssl_method (which isn't documented
++ * anyway...) if it was either "ssl2" or "ssl3". Both are insecure,
++ * and this is only safe supported method left.
++ *
++ * This is a Gentoo-specific modification that lets us build
++ * against LibreSSL and newer OpenSSL with its insecure protocols
++ * disabled.
++ */
++meth = SSLv23_client_method();
++TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
+ 
+ /*  create a new SSL context */
+ 
+-- 
+2.7.3
+

diff --git a/net-misc/tn5250/files/fix-Wformat-security-warnings.patch 
b/net-misc/tn5250/files/fix-Wformat-security-warnings.patch
new file mode 100644
index ..4927bce
--- /dev/null
+++ b/net-misc/tn5250/files/fix-Wformat-security-warnings.patch
@@ -0,0 +1,62 @@
+From 1bc9cac45be4bac46f58e325779bdb8c7b7bf502 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky 
+Date: Tue, 23 Aug 2016 20:20:15 -0400
+Subject: [PATCH 1/1] Fix format-security warnings.
+
+Newer versions of GCC have the ability to warn you (or throw errors)
+about insecure format strings. Generally this is due to an omitted
+format string in the printf family of functions, and a few of those
+issues existed in the code base. They were all fixed by adding a
+trivial "%s" format string. The project now builds with
+-Werror=format-security.
+---
+ curses/cursesterm.c | 4 ++--
+ lib5250/sslstream.c | 2 +-
+ lib5250/telnetstr.c | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/curses/cursesterm.c b/curses/cursesterm.c
+index bf20f05..3032966 100644
+--- a/curses/cursesterm.c
 b/curses/cursesterm.c
+@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, 
Tn5250Display *display
+   if(This->data->is_xterm) {
+  if (This->data->font_132!=NULL) {
+