* [gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/
@ 2016-08-24 0:41 Michael Orlitzky
0 siblings, 0 replies; 3+ messages in thread
From: Michael Orlitzky @ 2016-08-24 0:41 UTC (permalink / raw
To: gentoo-commits
commit: b986809e95f5466c28c66132dac475c5b04884ba
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 24 00:29:01 2016 +0000
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Wed Aug 24 00:32:55 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b986809e
net-misc/tn5250: new revision sans SSLv2/SSLv3 support.
This new revision adds two custom patches. The first drops SSLv2/SSLv3
support by disabling the user's ability to specify "ssl2" or "ssl3" as
his "ssl_method". The fallback "auto" should still work and choose
something secure.
The second patch fixes the build with -Werror=format-security and
consists of trivial format string additions.
Gentoo-Bug: 591940
Package-Manager: portage-2.2.28
.../tn5250/files/disable-sslv2-and-sslv3.patch | 61 +++++++++++++++++++++
.../files/fix-Wformat-security-warnings.patch | 62 ++++++++++++++++++++++
net-misc/tn5250/tn5250-0.17.4-r2.ebuild | 62 ++++++++++++++++++++++
3 files changed, 185 insertions(+)
diff --git a/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch b/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch
new file mode 100644
index 00000000..9c8d04f
--- /dev/null
+++ b/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch
@@ -0,0 +1,61 @@
+From 1acfebd966e8804e6573cbe9287b8b6f028a646c Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Tue, 23 Aug 2016 18:13:47 -0400
+Subject: [PATCH 1/1] sslstream.c: ignore the user's choice of ssl_method.
+
+The SSLv2 and SSLv3 protocols are insecure, and people have begun to
+operate without them. LibreSSL, for example, does not have them
+enabled, and it is possible to build OpenSSL in the same manner.
+
+If SSLv[23] are disabled, the user would not be able to choose "ssl2"
+or "ssl3" as his "ssl_method", an option that was undocumented
+anywhere. Therefore there is not much lost, and some security to gain,
+by removing the option completely. This commit does that, and uses the
+automatic protocol choice that is capable of negotiating TLSv1,
+TLSv1.1 and TLSv1.2.
+
+Gentoo-Bug: 591940
+---
+ lib5250/sslstream.c | 26 ++++++++++----------------
+ 1 file changed, 10 insertions(+), 16 deletions(-)
+
+diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
+index 7181566..2f91d1a 100644
+--- a/lib5250/sslstream.c
++++ b/lib5250/sslstream.c
+@@ -362,22 +362,16 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
+
+ /* which SSL method do we use? */
+
+- strcpy(methstr,"auto");
+- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_method")) {
+- strncpy(methstr, tn5250_config_get (This->config, "ssl_method"), 4);
+- methstr[4] = '\0';
+- }
+-
+- if (!strcmp(methstr, "ssl2")) {
+- meth = SSLv2_client_method();
+- TN5250_LOG(("SSL Method = SSLv2_client_method()\n"));
+- } else if (!strcmp(methstr, "ssl3")) {
+- meth = SSLv3_client_method();
+- TN5250_LOG(("SSL Method = SSLv3_client_method()\n"));
+- } else {
+- meth = SSLv23_client_method();
+- TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
+- }
++ /* Ignore the user's choice of ssl_method (which isn't documented
++ * anyway...) if it was either "ssl2" or "ssl3". Both are insecure,
++ * and this is only safe supported method left.
++ *
++ * This is a Gentoo-specific modification that lets us build
++ * against LibreSSL and newer OpenSSL with its insecure protocols
++ * disabled.
++ */
++ meth = SSLv23_client_method();
++ TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
+
+ /* create a new SSL context */
+
+--
+2.7.3
+
diff --git a/net-misc/tn5250/files/fix-Wformat-security-warnings.patch b/net-misc/tn5250/files/fix-Wformat-security-warnings.patch
new file mode 100644
index 00000000..4927bce
--- /dev/null
+++ b/net-misc/tn5250/files/fix-Wformat-security-warnings.patch
@@ -0,0 +1,62 @@
+From 1bc9cac45be4bac46f58e325779bdb8c7b7bf502 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Tue, 23 Aug 2016 20:20:15 -0400
+Subject: [PATCH 1/1] Fix format-security warnings.
+
+Newer versions of GCC have the ability to warn you (or throw errors)
+about insecure format strings. Generally this is due to an omitted
+format string in the printf family of functions, and a few of those
+issues existed in the code base. They were all fixed by adding a
+trivial "%s" format string. The project now builds with
+-Werror=format-security.
+---
+ curses/cursesterm.c | 4 ++--
+ lib5250/sslstream.c | 2 +-
+ lib5250/telnetstr.c | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/curses/cursesterm.c b/curses/cursesterm.c
+index bf20f05..3032966 100644
+--- a/curses/cursesterm.c
++++ b/curses/cursesterm.c
+@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, Tn5250Display *display
+ if(This->data->is_xterm) {
+ if (This->data->font_132!=NULL) {
+ if (tn5250_display_width (display)>100)
+- printf(This->data->font_132);
++ printf("%s", This->data->font_132);
+ else
+- printf(This->data->font_80);
++ printf("%s", This->data->font_80);
+ }
+ printf ("\x1b[8;%d;%dt", tn5250_display_height (display)+1,
+ tn5250_display_width (display));
+diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
+index 2f91d1a..7f3009e 100644
+--- a/lib5250/sslstream.c
++++ b/lib5250/sslstream.c
+@@ -307,7 +307,7 @@ static void ssl_log_SB_buf(unsigned char *buf, int len)
+
+ if (!tn5250_logfile)
+ return;
+- fprintf(tn5250_logfile,ssl_getTelOpt(type=*buf++));
++ fprintf(tn5250_logfile,"%s",ssl_getTelOpt(type=*buf++));
+ switch (c=*buf++) {
+ case IS:
+ fputs("<IS>",tn5250_logfile);
+diff --git a/lib5250/telnetstr.c b/lib5250/telnetstr.c
+index 9ad2624..cf1576f 100644
+--- a/lib5250/telnetstr.c
++++ b/lib5250/telnetstr.c
+@@ -282,7 +282,7 @@ static void log_SB_buf(unsigned char *buf, int len)
+
+ if (!tn5250_logfile)
+ return;
+- fprintf(tn5250_logfile,getTelOpt(type=*buf++));
++ fprintf(tn5250_logfile,"%s",getTelOpt(type=*buf++));
+ switch (c=*buf++) {
+ case IS:
+ fputs("<IS>",tn5250_logfile);
+--
+2.7.3
+
diff --git a/net-misc/tn5250/tn5250-0.17.4-r2.ebuild b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild
new file mode 100644
index 00000000..7d7db50
--- /dev/null
+++ b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+inherit eutils
+
+DESCRIPTION="IBM AS/400 telnet client which emulates 5250 terminals/printers"
+HOMEPAGE="http://tn5250.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="X libressl ssl"
+
+RDEPEND="
+ sys-libs/ncurses:=
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+"
+
+DEPEND="${RDEPEND}
+ X? ( x11-libs/libXt )
+"
+
+PATCHES=(
+ "${FILESDIR}/disable-sslv2-and-sslv3.patch"
+ "${FILESDIR}/fix-Wformat-security-warnings.patch"
+)
+
+src_prepare() {
+ default
+
+ # Next, the Makefile for the terminfo settings tries to remove
+ # some files it doesn't have access to. We can just remove those
+ # lines.
+ sed -i \
+ -e "/rm -f \/usr\/.*\/terminfo.*5250/d" linux/Makefile.in \
+ || die "sed Makefile.in failed"
+}
+
+src_configure() {
+ econf \
+ --disable-static \
+ --without-python \
+ $(use_with X x) \
+ $(use_with ssl)
+}
+
+src_install() {
+ # The TERMINFO variable needs to be defined for the install
+ # to work, because the install calls "tic." man tic for
+ # details.
+ dodir /usr/share/terminfo
+ emake DESTDIR="${D}" TERMINFO="${D}/usr/share/terminfo" install
+
+ einstalldocs
+ prune_libtool_files
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/
@ 2018-03-02 10:49 Jeroen Roovers
0 siblings, 0 replies; 3+ messages in thread
From: Jeroen Roovers @ 2018-03-02 10:49 UTC (permalink / raw
To: gentoo-commits
commit: 2ee9d26b29e4b530359ed0cd793334f5fd0bab0f
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 2 10:49:00 2018 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Fri Mar 2 10:49:20 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ee9d26b
net-misc/tn5250: Fix building against sys-libs/ncurses[tinfo] (bug #596314).
- Drop USE=X (configure: WARNING: unrecognized options: --with-x)
- Drop weird build-time only dependency on x11-libs/libXt
- Name patches properly.
- Add IUSE=static-libs instead of --disable-static
- Add linux/Makefile.am patch instead of sedding Makefile.in
- Use ltprune.eclass instead of eutils.eclass
Package-Manager: Portage-2.3.24, Repoman-2.3.6
...=> tn5250-0.17.4-disable-sslv2-and-sslv3.patch} | 0
...250-0.17.4-fix-Wformat-security-warnings.patch} | 0
net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch | 10 +++++++
net-misc/tn5250/files/tn5250-0.17.4-whoami.patch | 13 +++++++++
net-misc/tn5250/tn5250-0.17.4-r2.ebuild | 31 +++++++++-------------
5 files changed, 36 insertions(+), 18 deletions(-)
diff --git a/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch b/net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch
similarity index 100%
rename from net-misc/tn5250/files/disable-sslv2-and-sslv3.patch
rename to net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch
diff --git a/net-misc/tn5250/files/fix-Wformat-security-warnings.patch b/net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch
similarity index 100%
rename from net-misc/tn5250/files/fix-Wformat-security-warnings.patch
rename to net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch
diff --git a/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch b/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch
new file mode 100644
index 00000000000..46469c4def8
--- /dev/null
+++ b/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch
@@ -0,0 +1,10 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -64,6 +64,7 @@
+ AC_MSG_ERROR([** You need a curses-compatible library installed.])
+ fi
+ fi
++ AC_SEARCH_LIBS(stdscr, tinfo, [CURSES_LIB="$CURSES_LIB -ltinfo"])
+ AC_SUBST([CURSES_LIB])
+ if test "$ac_cv_use_old_keys" != "yes";
+ then
diff --git a/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch b/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch
new file mode 100644
index 00000000000..fbcece25af2
--- /dev/null
+++ b/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch
@@ -0,0 +1,13 @@
+--- a/linux/Makefile.am
++++ b/linux/Makefile.am
+@@ -18,10 +18,6 @@
+ if [ "$$(uname -s)" = "Linux" ]; then \
+ if which tic >/dev/null 2>&1 ; then \
+ if [ "`whoami`" = "root" ]; then \
+- rm -f /usr/share/terminfo/x/xterm-5250 ; \
+- rm -f /usr/share/terminfo/5/5250 ; \
+- rm -f /usr/lib/terminfo/x/xterm-5250 ; \
+- rm -f /usr/lib/terminfo/5/5250 ; \
+ good=yes ; \
+ tic $(srcdir)/5250.terminfo || good=no ; \
+ else \
diff --git a/net-misc/tn5250/tn5250-0.17.4-r2.ebuild b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild
index 3bcbdbd72cb..f3cfbf0f617 100644
--- a/net-misc/tn5250/tn5250-0.17.4-r2.ebuild
+++ b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild
@@ -1,8 +1,8 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
-inherit eutils
+inherit autotools ltprune
DESCRIPTION="IBM AS/400 telnet client which emulates 5250 terminals/printers"
HOMEPAGE="http://tn5250.sourceforge.net/"
@@ -11,7 +11,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
LICENSE="LGPL-2.1"
SLOT="0"
KEYWORDS="~amd64 ~ppc ~sparc ~x86"
-IUSE="X libressl ssl"
+IUSE="libressl ssl static-libs"
RDEPEND="
sys-libs/ncurses:=
@@ -21,32 +21,27 @@ RDEPEND="
)
"
-DEPEND="${RDEPEND}
- X? ( x11-libs/libXt )
+DEPEND="
+ ${RDEPEND}
"
PATCHES=(
- "${FILESDIR}/disable-sslv2-and-sslv3.patch"
- "${FILESDIR}/fix-Wformat-security-warnings.patch"
+ "${FILESDIR}"/${PN}-0.17.4-disable-sslv2-and-sslv3.patch
+ "${FILESDIR}"/${PN}-0.17.4-fix-Wformat-security-warnings.patch
+ "${FILESDIR}"/${PN}-0.17.4-tinfo.patch
+ "${FILESDIR}"/${PN}-0.17.4-whoami.patch
)
src_prepare() {
default
-
- # Next, the Makefile for the terminfo settings tries to remove
- # some files it doesn't have access to. We can just remove those
- # lines.
- sed -i \
- -e "/rm -f \/usr\/.*\/terminfo.*5250/d" linux/Makefile.in \
- || die "sed Makefile.in failed"
+ eautoreconf
}
src_configure() {
econf \
- --disable-static \
- --without-python \
- $(use_with X x) \
- $(use_with ssl)
+ $(use_enable static-libs static) \
+ $(use_with ssl) \
+ --without-python
}
src_install() {
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/
@ 2019-02-24 10:53 Pacho Ramos
0 siblings, 0 replies; 3+ messages in thread
From: Pacho Ramos @ 2019-02-24 10:53 UTC (permalink / raw
To: gentoo-commits
commit: 58f23370c5f39898121cd8bbb05638cd288eba37
Author: Pacho Ramos <pacho <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 24 09:33:30 2019 +0000
Commit: Pacho Ramos <pacho <AT> gentoo <DOT> org>
CommitDate: Sun Feb 24 10:52:58 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58f23370
net-misc/tn5250: Fix openssl-1.1 compat
Closes: https://bugs.gentoo.org/676654
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org>
.../files/tn5250-0.17.4-duplicate-definition.patch | 115 ++++++++++++++
net-misc/tn5250/files/tn5250-0.17.4-fedora.patch | 167 +++++++++++++++++++++
.../tn5250/files/tn5250-0.17.4-openssl11.patch | 49 ++++++
net-misc/tn5250/tn5250-0.17.4-r3.ebuild | 58 +++++++
4 files changed, 389 insertions(+)
diff --git a/net-misc/tn5250/files/tn5250-0.17.4-duplicate-definition.patch b/net-misc/tn5250/files/tn5250-0.17.4-duplicate-definition.patch
new file mode 100644
index 00000000000..39b3ccb4555
--- /dev/null
+++ b/net-misc/tn5250/files/tn5250-0.17.4-duplicate-definition.patch
@@ -0,0 +1,115 @@
+From 66e1a2f80091e9ee9b99156ae23e5faaf9f24fe0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
+Date: Mon, 20 Feb 2017 15:06:36 +0100
+Subject: [PATCH 3/4] remove duplicate definition for tn3270_ssl_stream_init()
+
+---
+ lib5250/sslstream.c | 93 -----------------------------------------------------
+ 1 file changed, 93 deletions(-)
+
+diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
+index f4353a9..86d38cf 100644
+--- a/lib5250/sslstream.c
++++ b/lib5250/sslstream.c
+@@ -477,99 +477,6 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
+ return 0; /* Ok */
+ }
+
+-/****f* lib5250/tn3270_ssl_stream_init
+- * NAME
+- * tn3270_ssl_stream_init
+- * SYNOPSIS
+- * ret = tn3270_ssl_stream_init (This);
+- * INPUTS
+- * Tn5250Stream * This -
+- * DESCRIPTION
+- * DOCUMENT ME!!!
+- *****/
+-int tn3270_ssl_stream_init (Tn5250Stream *This)
+-{
+- int len;
+-
+-/* initialize SSL library */
+-
+- SSL_load_error_strings();
+- SSL_library_init();
+-
+-/* create a new SSL context */
+-
+- This->ssl_context = SSL_CTX_new(SSLv23_client_method());
+- if (This->ssl_context==NULL) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+-
+-/* if a certificate authority file is defined, load it into this context */
+-
+- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
+- if (SSL_CTX_load_verify_locations(This->ssl_context,
+- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+- }
+-
+-/* if a certificate authority file is defined, load it into this context */
+-
+- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
+- if (SSL_CTX_load_verify_locations(This->ssl_context,
+- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+- }
+-
+- This->userdata = NULL;
+-
+-/* if a PEM passphrase is defined, set things up so that it can be used */
+-
+- if (This->config!=NULL && tn5250_config_get (This->config,"ssl_pem_pass")){
+- TN5250_LOG(("SSL: Setting password callback\n"));
+- len = strlen(tn5250_config_get (This->config, "ssl_pem_pass"));
+- This->userdata = malloc(len+1);
+- strncpy(This->userdata,
+- tn5250_config_get (This->config, "ssl_pem_pass"), len);
+- SSL_CTX_set_default_passwd_cb(This->ssl_context,
+- (pem_password_cb *)ssl_stream_passwd_cb);
+- SSL_CTX_set_default_passwd_cb_userdata(This->ssl_context, (void *)This);
+-
+- }
+-
+-/* If a certificate file has been defined, load it into this context as well */
+-
+- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_cert_file")){
+- TN5250_LOG(("SSL: Loading certificates from certificate file\n"));
+- if (SSL_CTX_use_certificate_file(This->ssl_context,
+- tn5250_config_get (This->config, "ssl_cert_file"),
+- SSL_FILETYPE_PEM) <= 0) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+- TN5250_LOG(("SSL: Loading private keys from certificate file\n"));
+- if (SSL_CTX_use_PrivateKey_file(This->ssl_context,
+- tn5250_config_get (This->config, "ssl_cert_file"),
+- SSL_FILETYPE_PEM) <= 0) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+- }
+-
+- This->ssl_handle = NULL;
+- This->connect = ssl_stream_connect;
+- This->accept = ssl_stream_accept;
+- This->disconnect = ssl_stream_disconnect;
+- This->handle_receive = ssl_stream_handle_receive;
+- This->send_packet = tn3270_ssl_stream_send_packet;
+- This->destroy = ssl_stream_destroy;
+- This->streamtype = TN3270E_STREAM;
+- return 0; /* Ok */
+-}
+-
+ /****i* lib5250/ssl_stream_connect
+ * NAME
+ * ssl_stream_connect
+--
+2.7.4
diff --git a/net-misc/tn5250/files/tn5250-0.17.4-fedora.patch b/net-misc/tn5250/files/tn5250-0.17.4-fedora.patch
new file mode 100644
index 00000000000..9c77bf08cc0
--- /dev/null
+++ b/net-misc/tn5250/files/tn5250-0.17.4-fedora.patch
@@ -0,0 +1,167 @@
+From 66e1a2f80091e9ee9b99156ae23e5faaf9f24fe0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
+Date: Mon, 20 Feb 2017 15:06:36 +0100
+Subject: [PATCH 3/4] remove duplicate definition for tn3270_ssl_stream_init()
+
+---
+ lib5250/sslstream.c | 93 -----------------------------------------------------
+ 1 file changed, 93 deletions(-)
+
+diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
+index f4353a9..86d38cf 100644
+--- a/lib5250/sslstream.c
++++ b/lib5250/sslstream.c
+@@ -477,99 +477,6 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
+ return 0; /* Ok */
+ }
+
+-/****f* lib5250/tn3270_ssl_stream_init
+- * NAME
+- * tn3270_ssl_stream_init
+- * SYNOPSIS
+- * ret = tn3270_ssl_stream_init (This);
+- * INPUTS
+- * Tn5250Stream * This -
+- * DESCRIPTION
+- * DOCUMENT ME!!!
+- *****/
+-int tn3270_ssl_stream_init (Tn5250Stream *This)
+-{
+- int len;
+-
+-/* initialize SSL library */
+-
+- SSL_load_error_strings();
+- SSL_library_init();
+-
+-/* create a new SSL context */
+-
+- This->ssl_context = SSL_CTX_new(SSLv23_client_method());
+- if (This->ssl_context==NULL) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+-
+-/* if a certificate authority file is defined, load it into this context */
+-
+- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
+- if (SSL_CTX_load_verify_locations(This->ssl_context,
+- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+- }
+-
+-/* if a certificate authority file is defined, load it into this context */
+-
+- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
+- if (SSL_CTX_load_verify_locations(This->ssl_context,
+- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+- }
+-
+- This->userdata = NULL;
+-
+-/* if a PEM passphrase is defined, set things up so that it can be used */
+-
+- if (This->config!=NULL && tn5250_config_get (This->config,"ssl_pem_pass")){
+- TN5250_LOG(("SSL: Setting password callback\n"));
+- len = strlen(tn5250_config_get (This->config, "ssl_pem_pass"));
+- This->userdata = malloc(len+1);
+- strncpy(This->userdata,
+- tn5250_config_get (This->config, "ssl_pem_pass"), len);
+- SSL_CTX_set_default_passwd_cb(This->ssl_context,
+- (pem_password_cb *)ssl_stream_passwd_cb);
+- SSL_CTX_set_default_passwd_cb_userdata(This->ssl_context, (void *)This);
+-
+- }
+-
+-/* If a certificate file has been defined, load it into this context as well */
+-
+- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_cert_file")){
+- TN5250_LOG(("SSL: Loading certificates from certificate file\n"));
+- if (SSL_CTX_use_certificate_file(This->ssl_context,
+- tn5250_config_get (This->config, "ssl_cert_file"),
+- SSL_FILETYPE_PEM) <= 0) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+- TN5250_LOG(("SSL: Loading private keys from certificate file\n"));
+- if (SSL_CTX_use_PrivateKey_file(This->ssl_context,
+- tn5250_config_get (This->config, "ssl_cert_file"),
+- SSL_FILETYPE_PEM) <= 0) {
+- DUMP_ERR_STACK ();
+- return -1;
+- }
+- }
+-
+- This->ssl_handle = NULL;
+- This->connect = ssl_stream_connect;
+- This->accept = ssl_stream_accept;
+- This->disconnect = ssl_stream_disconnect;
+- This->handle_receive = ssl_stream_handle_receive;
+- This->send_packet = tn3270_ssl_stream_send_packet;
+- This->destroy = ssl_stream_destroy;
+- This->streamtype = TN3270E_STREAM;
+- return 0; /* Ok */
+-}
+-
+ /****i* lib5250/ssl_stream_connect
+ * NAME
+ * ssl_stream_connect
+--
+2.7.4
+
+
+From 5922e57bb5ea78ff35f82a60f1721d533cc0584a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
+Date: Mon, 20 Feb 2017 15:37:51 +0100
+Subject: [PATCH 4/4] port to OpenSSL 1.1
+
+- check for better functions in configure
+- update SSL initialization call
+---
+ configure.ac | 8 ++++----
+ lib5250/sslstream.c | 2 +-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 4ba0007..8a16cff 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -152,13 +152,13 @@ dnl ** happily, we don't have to hunt for them thanks to ldconfig!
+ dnl **
+ if test -n $sslincludedir; then
+ CPPFLAGS="$CPPFLAGS $sslincludedir"
+- AC_CHECK_LIB(crypto,CRYPTO_num_locks)
+- if test "$ac_cv_lib_crypto_CRYPTO_num_locks" != "yes"
++ AC_CHECK_LIB(crypto,OPENSSL_init)
++ if test "$ac_cv_lib_crypto_OPENSSL_init" != "yes"
+ then
+ AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
+ fi
+- AC_CHECK_LIB(ssl,SSL_library_init)
+- if test "$ac_cv_lib_ssl_SSL_library_init" != "yes"
++ AC_CHECK_LIB(ssl,OPENSSL_init_ssl)
++ if test "$ac_cv_lib_ssl_OPENSSL_init_ssl" != "yes"
+ then
+ AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
+ fi
+diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
+index 86d38cf..3c0f390 100644
+--- a/lib5250/sslstream.c
++++ b/lib5250/sslstream.c
+@@ -368,7 +368,7 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
+ /* initialize SSL library */
+
+ SSL_load_error_strings();
+- SSL_library_init();
++ OPENSSL_init_ssl(0, NULL);
+
+ /* which SSL method do we use? */
+
+--
+2.7.4
+
diff --git a/net-misc/tn5250/files/tn5250-0.17.4-openssl11.patch b/net-misc/tn5250/files/tn5250-0.17.4-openssl11.patch
new file mode 100644
index 00000000000..8c6d0fde1c7
--- /dev/null
+++ b/net-misc/tn5250/files/tn5250-0.17.4-openssl11.patch
@@ -0,0 +1,49 @@
+From 5922e57bb5ea78ff35f82a60f1721d533cc0584a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
+Date: Mon, 20 Feb 2017 15:37:51 +0100
+Subject: [PATCH 4/4] port to OpenSSL 1.1
+
+- check for better functions in configure
+- update SSL initialization call
+---
+ configure.ac | 8 ++++----
+ lib5250/sslstream.c | 2 +-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 4ba0007..8a16cff 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -152,13 +152,13 @@ dnl ** happily, we don't have to hunt for them thanks to ldconfig!
+ dnl **
+ if test -n $sslincludedir; then
+ CPPFLAGS="$CPPFLAGS $sslincludedir"
+- AC_CHECK_LIB(crypto,CRYPTO_num_locks)
+- if test "$ac_cv_lib_crypto_CRYPTO_num_locks" != "yes"
++ AC_CHECK_LIB(crypto,OPENSSL_init)
++ if test "$ac_cv_lib_crypto_OPENSSL_init" != "yes"
+ then
+ AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
+ fi
+- AC_CHECK_LIB(ssl,SSL_library_init)
+- if test "$ac_cv_lib_ssl_SSL_library_init" != "yes"
++ AC_CHECK_LIB(ssl,OPENSSL_init_ssl)
++ if test "$ac_cv_lib_ssl_OPENSSL_init_ssl" != "yes"
+ then
+ AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
+ fi
+diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
+index 86d38cf..3c0f390 100644
+--- a/lib5250/sslstream.c
++++ b/lib5250/sslstream.c
+@@ -368,7 +368,7 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
+ /* initialize SSL library */
+
+ SSL_load_error_strings();
+- SSL_library_init();
++ OPENSSL_init_ssl(0, NULL);
+
+ /* which SSL method do we use? */
+
+--
+2.7.4
diff --git a/net-misc/tn5250/tn5250-0.17.4-r3.ebuild b/net-misc/tn5250/tn5250-0.17.4-r3.ebuild
new file mode 100644
index 00000000000..b28b5cc3723
--- /dev/null
+++ b/net-misc/tn5250/tn5250-0.17.4-r3.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools
+
+DESCRIPTION="IBM AS/400 telnet client which emulates 5250 terminals/printers"
+HOMEPAGE="http://tn5250.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="libressl ssl"
+
+RDEPEND="
+ sys-libs/ncurses:0=
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+"
+
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.17.4-disable-sslv2-and-sslv3.patch
+ "${FILESDIR}"/${PN}-0.17.4-fix-Wformat-security-warnings.patch
+ "${FILESDIR}"/${PN}-0.17.4-tinfo.patch
+ "${FILESDIR}"/${PN}-0.17.4-whoami.patch
+ "${FILESDIR}"/${PN}-0.17.4-duplicate-definition.patch
+)
+
+src_prepare() {
+ default
+ if has_version ">=dev-libs/openssl-1.1.1"; then
+ eapply "${FILESDIR}"/${PN}-0.17.4-openssl11.patch
+ fi
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_with ssl) \
+ --disable-static \
+ --without-python
+}
+
+src_install() {
+ # The TERMINFO variable needs to be defined for the install
+ # to work, because the install calls "tic." man tic for
+ # details.
+ dodir /usr/share/terminfo
+ emake DESTDIR="${D}" TERMINFO="${D}/usr/share/terminfo" install
+
+ einstalldocs
+ find "${D}" -name '*.la' -delete || die
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-02-24 10:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-24 0:41 [gentoo-commits] repo/gentoo:master commit in: net-misc/tn5250/files/, net-misc/tn5250/ Michael Orlitzky
-- strict thread matches above, loose matches on Subject: below --
2018-03-02 10:49 Jeroen Roovers
2019-02-24 10:53 Pacho Ramos
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox