+++ /dev/null
-DIST tn5250-0.17.4.tar.gz 648452 BLAKE2B 9e4d2d2b3148d063eecfc57f32daa1936d9f829a219952c9eb666e3f128c42f5ac611c4ccf12cdd533b3758459ce7f2f4e7c8fe74090042cb796067a7f6afe14 SHA512 7c41bc47658f792fe7c6c6186d93095ac2eca67868070d84502bcff7de0cbc97afea1bd9987d2dbc5a340a444fdf1fbff81c7b844f5c205ec603f24c5e6c0804
+++ /dev/null
-From 1acfebd966e8804e6573cbe9287b8b6f028a646c Mon Sep 17 00:00:00 2001
-From: Michael Orlitzky <michael@orlitzky.com>
-Date: Tue, 23 Aug 2016 18:13:47 -0400
-Subject: [PATCH 1/1] sslstream.c: ignore the user's choice of ssl_method.
-
-The SSLv2 and SSLv3 protocols are insecure, and people have begun to
-operate without them. LibreSSL, for example, does not have them
-enabled, and it is possible to build OpenSSL in the same manner.
-
-If SSLv[23] are disabled, the user would not be able to choose "ssl2"
-or "ssl3" as his "ssl_method", an option that was undocumented
-anywhere. Therefore there is not much lost, and some security to gain,
-by removing the option completely. This commit does that, and uses the
-automatic protocol choice that is capable of negotiating TLSv1,
-TLSv1.1 and TLSv1.2.
-
-Gentoo-Bug: 591940
----
- lib5250/sslstream.c | 26 ++++++++++----------------
- 1 file changed, 10 insertions(+), 16 deletions(-)
-
-diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
-index 7181566..2f91d1a 100644
---- a/lib5250/sslstream.c
-+++ b/lib5250/sslstream.c
-@@ -362,22 +362,16 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
-
- /* which SSL method do we use? */
-
-- strcpy(methstr,"auto");
-- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_method")) {
-- strncpy(methstr, tn5250_config_get (This->config, "ssl_method"), 4);
-- methstr[4] = '\0';
-- }
--
-- if (!strcmp(methstr, "ssl2")) {
-- meth = SSLv2_client_method();
-- TN5250_LOG(("SSL Method = SSLv2_client_method()\n"));
-- } else if (!strcmp(methstr, "ssl3")) {
-- meth = SSLv3_client_method();
-- TN5250_LOG(("SSL Method = SSLv3_client_method()\n"));
-- } else {
-- meth = SSLv23_client_method();
-- TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
-- }
-+ /* Ignore the user's choice of ssl_method (which isn't documented
-+ * anyway...) if it was either "ssl2" or "ssl3". Both are insecure,
-+ * and this is only safe supported method left.
-+ *
-+ * This is a Gentoo-specific modification that lets us build
-+ * against LibreSSL and newer OpenSSL with its insecure protocols
-+ * disabled.
-+ */
-+ meth = SSLv23_client_method();
-+ TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
-
- /* create a new SSL context */
-
---
-2.7.3
-
+++ /dev/null
-From 66e1a2f80091e9ee9b99156ae23e5faaf9f24fe0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
-Date: Mon, 20 Feb 2017 15:06:36 +0100
-Subject: [PATCH 3/4] remove duplicate definition for tn3270_ssl_stream_init()
-
----
- lib5250/sslstream.c | 93 -----------------------------------------------------
- 1 file changed, 93 deletions(-)
-
-diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
-index f4353a9..86d38cf 100644
---- a/lib5250/sslstream.c
-+++ b/lib5250/sslstream.c
-@@ -477,99 +477,6 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
- return 0; /* Ok */
- }
-
--/****f* lib5250/tn3270_ssl_stream_init
-- * NAME
-- * tn3270_ssl_stream_init
-- * SYNOPSIS
-- * ret = tn3270_ssl_stream_init (This);
-- * INPUTS
-- * Tn5250Stream * This -
-- * DESCRIPTION
-- * DOCUMENT ME!!!
-- *****/
--int tn3270_ssl_stream_init (Tn5250Stream *This)
--{
-- int len;
--
--/* initialize SSL library */
--
-- SSL_load_error_strings();
-- SSL_library_init();
--
--/* create a new SSL context */
--
-- This->ssl_context = SSL_CTX_new(SSLv23_client_method());
-- if (This->ssl_context==NULL) {
-- DUMP_ERR_STACK ();
-- return -1;
-- }
--
--/* if a certificate authority file is defined, load it into this context */
--
-- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
-- if (SSL_CTX_load_verify_locations(This->ssl_context,
-- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
-- DUMP_ERR_STACK ();
-- return -1;
-- }
-- }
--
--/* if a certificate authority file is defined, load it into this context */
--
-- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
-- if (SSL_CTX_load_verify_locations(This->ssl_context,
-- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
-- DUMP_ERR_STACK ();
-- return -1;
-- }
-- }
--
-- This->userdata = NULL;
--
--/* if a PEM passphrase is defined, set things up so that it can be used */
--
-- if (This->config!=NULL && tn5250_config_get (This->config,"ssl_pem_pass")){
-- TN5250_LOG(("SSL: Setting password callback\n"));
-- len = strlen(tn5250_config_get (This->config, "ssl_pem_pass"));
-- This->userdata = malloc(len+1);
-- strncpy(This->userdata,
-- tn5250_config_get (This->config, "ssl_pem_pass"), len);
-- SSL_CTX_set_default_passwd_cb(This->ssl_context,
-- (pem_password_cb *)ssl_stream_passwd_cb);
-- SSL_CTX_set_default_passwd_cb_userdata(This->ssl_context, (void *)This);
--
-- }
--
--/* If a certificate file has been defined, load it into this context as well */
--
-- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_cert_file")){
-- TN5250_LOG(("SSL: Loading certificates from certificate file\n"));
-- if (SSL_CTX_use_certificate_file(This->ssl_context,
-- tn5250_config_get (This->config, "ssl_cert_file"),
-- SSL_FILETYPE_PEM) <= 0) {
-- DUMP_ERR_STACK ();
-- return -1;
-- }
-- TN5250_LOG(("SSL: Loading private keys from certificate file\n"));
-- if (SSL_CTX_use_PrivateKey_file(This->ssl_context,
-- tn5250_config_get (This->config, "ssl_cert_file"),
-- SSL_FILETYPE_PEM) <= 0) {
-- DUMP_ERR_STACK ();
-- return -1;
-- }
-- }
--
-- This->ssl_handle = NULL;
-- This->connect = ssl_stream_connect;
-- This->accept = ssl_stream_accept;
-- This->disconnect = ssl_stream_disconnect;
-- This->handle_receive = ssl_stream_handle_receive;
-- This->send_packet = tn3270_ssl_stream_send_packet;
-- This->destroy = ssl_stream_destroy;
-- This->streamtype = TN3270E_STREAM;
-- return 0; /* Ok */
--}
--
- /****i* lib5250/ssl_stream_connect
- * NAME
- * ssl_stream_connect
---
-2.7.4
+++ /dev/null
-From 1bc9cac45be4bac46f58e325779bdb8c7b7bf502 Mon Sep 17 00:00:00 2001
-From: Michael Orlitzky <michael@orlitzky.com>
-Date: Tue, 23 Aug 2016 20:20:15 -0400
-Subject: [PATCH 1/1] Fix format-security warnings.
-
-Newer versions of GCC have the ability to warn you (or throw errors)
-about insecure format strings. Generally this is due to an omitted
-format string in the printf family of functions, and a few of those
-issues existed in the code base. They were all fixed by adding a
-trivial "%s" format string. The project now builds with
--Werror=format-security.
----
- curses/cursesterm.c | 4 ++--
- lib5250/sslstream.c | 2 +-
- lib5250/telnetstr.c | 2 +-
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/curses/cursesterm.c b/curses/cursesterm.c
-index bf20f05..3032966 100644
---- a/curses/cursesterm.c
-+++ b/curses/cursesterm.c
-@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, Tn5250Display *display
- if(This->data->is_xterm) {
- if (This->data->font_132!=NULL) {
- if (tn5250_display_width (display)>100)
-- printf(This->data->font_132);
-+ printf("%s", This->data->font_132);
- else
-- printf(This->data->font_80);
-+ printf("%s", This->data->font_80);
- }
- printf ("\x1b[8;%d;%dt", tn5250_display_height (display)+1,
- tn5250_display_width (display));
-diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
-index 2f91d1a..7f3009e 100644
---- a/lib5250/sslstream.c
-+++ b/lib5250/sslstream.c
-@@ -307,7 +307,7 @@ static void ssl_log_SB_buf(unsigned char *buf, int len)
-
- if (!tn5250_logfile)
- return;
-- fprintf(tn5250_logfile,ssl_getTelOpt(type=*buf++));
-+ fprintf(tn5250_logfile,"%s",ssl_getTelOpt(type=*buf++));
- switch (c=*buf++) {
- case IS:
- fputs("<IS>",tn5250_logfile);
-diff --git a/lib5250/telnetstr.c b/lib5250/telnetstr.c
-index 9ad2624..cf1576f 100644
---- a/lib5250/telnetstr.c
-+++ b/lib5250/telnetstr.c
-@@ -282,7 +282,7 @@ static void log_SB_buf(unsigned char *buf, int len)
-
- if (!tn5250_logfile)
- return;
-- fprintf(tn5250_logfile,getTelOpt(type=*buf++));
-+ fprintf(tn5250_logfile,"%s",getTelOpt(type=*buf++));
- switch (c=*buf++) {
- case IS:
- fputs("<IS>",tn5250_logfile);
---
-2.7.3
-
+++ /dev/null
-From 5922e57bb5ea78ff35f82a60f1721d533cc0584a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
-Date: Mon, 20 Feb 2017 15:37:51 +0100
-Subject: [PATCH 4/4] port to OpenSSL 1.1
-
-- check for better functions in configure
-- update SSL initialization call
----
- configure.ac | 8 ++++----
- lib5250/sslstream.c | 2 +-
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 4ba0007..8a16cff 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -152,13 +152,13 @@ dnl ** happily, we don't have to hunt for them thanks to ldconfig!
- dnl **
- if test -n $sslincludedir; then
- CPPFLAGS="$CPPFLAGS $sslincludedir"
-- AC_CHECK_LIB(crypto,CRYPTO_num_locks)
-- if test "$ac_cv_lib_crypto_CRYPTO_num_locks" != "yes"
-+ AC_CHECK_LIB(crypto,OPENSSL_init)
-+ if test "$ac_cv_lib_crypto_OPENSSL_init" != "yes"
- then
- AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
- fi
-- AC_CHECK_LIB(ssl,SSL_library_init)
-- if test "$ac_cv_lib_ssl_SSL_library_init" != "yes"
-+ AC_CHECK_LIB(ssl,OPENSSL_init_ssl)
-+ if test "$ac_cv_lib_ssl_OPENSSL_init_ssl" != "yes"
- then
- AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
- fi
-diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
-index 86d38cf..3c0f390 100644
---- a/lib5250/sslstream.c
-+++ b/lib5250/sslstream.c
-@@ -368,7 +368,7 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
- /* initialize SSL library */
-
- SSL_load_error_strings();
-- SSL_library_init();
-+ OPENSSL_init_ssl(0, NULL);
-
- /* which SSL method do we use? */
-
---
-2.7.4
+++ /dev/null
---- a/configure.ac
-+++ b/configure.ac
-@@ -64,6 +64,7 @@
- AC_MSG_ERROR([** You need a curses-compatible library installed.])
- fi
- fi
-+ AC_SEARCH_LIBS(stdscr, tinfo, [CURSES_LIB="$CURSES_LIB -ltinfo"])
- AC_SUBST([CURSES_LIB])
- if test "$ac_cv_use_old_keys" != "yes";
- then
+++ /dev/null
---- a/linux/Makefile.am
-+++ b/linux/Makefile.am
-@@ -18,10 +18,6 @@
- if [ "$$(uname -s)" = "Linux" ]; then \
- if which tic >/dev/null 2>&1 ; then \
- if [ "`whoami`" = "root" ]; then \
-- rm -f /usr/share/terminfo/x/xterm-5250 ; \
-- rm -f /usr/share/terminfo/5/5250 ; \
-- rm -f /usr/lib/terminfo/x/xterm-5250 ; \
-- rm -f /usr/lib/terminfo/5/5250 ; \
- good=yes ; \
- tic $(srcdir)/5250.terminfo || good=no ; \
- else \
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <upstream>
- <remote-id type="sourceforge">tn5250</remote-id>
- </upstream>
-</pkgmetadata>
+++ /dev/null
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit eutils
-
-DESCRIPTION="Telnet client for the IBM AS/400 that emulates 5250 terminals and printers"
-HOMEPAGE="http://tn5250.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="amd64 ppc ~sparc x86"
-IUSE="X libressl ssl"
-
-RDEPEND="
- sys-libs/ncurses:=
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- )
-"
-
-DEPEND="${RDEPEND}
- X? ( x11-libs/libXt )
-"
-
-src_prepare() {
- default
- # Next, the Makefile for the terminfo settings tries to remove
- # some files it doesn't have access to. We can just remove those
- # lines.
- cd "${S}/linux"
- sed -i \
- -e "/rm -f \/usr\/.*\/terminfo.*5250/d" Makefile.in \
- || die "sed Makefile.in failed"
- cd "${S}"
-}
-
-src_configure() {
- econf \
- --disable-static \
- --without-python \
- $(use_with X x) \
- $(use_with ssl)
-}
-
-src_install() {
- # The TERMINFO variable needs to be defined for the install
- # to work, because the install calls "tic." man tic for
- # details.
- dodir /usr/share/terminfo
- emake DESTDIR="${D}" \
- TERMINFO="${D}/usr/share/terminfo" install
-
- einstalldocs
- prune_libtool_files
-}
+++ /dev/null
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit autotools ltprune
-
-DESCRIPTION="IBM AS/400 telnet client which emulates 5250 terminals/printers"
-HOMEPAGE="http://tn5250.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~sparc ~x86"
-IUSE="libressl ssl static-libs"
-
-RDEPEND="
- sys-libs/ncurses:=
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- )
-"
-
-DEPEND="
- ${RDEPEND}
-"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-0.17.4-disable-sslv2-and-sslv3.patch
- "${FILESDIR}"/${PN}-0.17.4-fix-Wformat-security-warnings.patch
- "${FILESDIR}"/${PN}-0.17.4-tinfo.patch
- "${FILESDIR}"/${PN}-0.17.4-whoami.patch
-)
-
-src_prepare() {
- default
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_enable static-libs static) \
- $(use_with ssl) \
- --without-python
-}
-
-src_install() {
- # The TERMINFO variable needs to be defined for the install
- # to work, because the install calls "tic." man tic for
- # details.
- dodir /usr/share/terminfo
- emake DESTDIR="${D}" TERMINFO="${D}/usr/share/terminfo" install
-
- einstalldocs
- prune_libtool_files
-}
+++ /dev/null
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-inherit autotools
-
-DESCRIPTION="IBM AS/400 telnet client which emulates 5250 terminals/printers"
-HOMEPAGE="http://tn5250.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~sparc ~x86"
-IUSE="libressl ssl"
-
-RDEPEND="
- sys-libs/ncurses:0=
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:0= )
- )
-"
-
-DEPEND="${RDEPEND}"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-0.17.4-disable-sslv2-and-sslv3.patch
- "${FILESDIR}"/${PN}-0.17.4-fix-Wformat-security-warnings.patch
- "${FILESDIR}"/${PN}-0.17.4-tinfo.patch
- "${FILESDIR}"/${PN}-0.17.4-whoami.patch
- "${FILESDIR}"/${PN}-0.17.4-duplicate-definition.patch
-)
-
-src_prepare() {
- default
- if has_version ">=dev-libs/openssl-1.1.1"; then
- eapply "${FILESDIR}"/${PN}-0.17.4-openssl11.patch
- fi
- eautoreconf
-}
-
-src_configure() {
- econf \
- $(use_with ssl) \
- --disable-static \
- --without-python
-}
-
-src_install() {
- # The TERMINFO variable needs to be defined for the install
- # to work, because the install calls "tic." man tic for
- # details.
- dodir /usr/share/terminfo
- emake DESTDIR="${D}" TERMINFO="${D}/usr/share/terminfo" install
-
- einstalldocs
- find "${D}" -name '*.la' -delete || die
-}
# net-mail/uw-mailutils: #674174, same as uw-imap
# net-misc/sslwrap: #674524, last updated upstream in 2000
# net-misc/stone: #675612, needs new snapshot, current ver is from 2008
-# net-misc/tn5250: #678684, last commits in 2012
#
# Removal in 30 days.
app-crypt/keynote
net-mail/uw-mailutils
net-misc/sslwrap
net-misc/stone
-net-misc/tn5250
# Miroslav Šulc <fordfrog@gentoo.org> (19 Mar 2019)
# Depends on >=virtual/{jdk,jre}-11 which is masked
projects / gentoo.git / commitdiff