From 06a7b5647e11a8ddf69b1c3d3ded6a8ba28b923e Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 2 Mar 2018 15:59:12 +0000 Subject: gentoo resync : 02.03.2018 --- net-misc/tn5250/Manifest | 8 +-- .../tn5250/files/disable-sslv2-and-sslv3.patch | 61 --------------------- .../files/fix-Wformat-security-warnings.patch | 62 ---------------------- .../tn5250-0.17.4-disable-sslv2-and-sslv3.patch | 61 +++++++++++++++++++++ ...5250-0.17.4-fix-Wformat-security-warnings.patch | 62 ++++++++++++++++++++++ net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch | 10 ++++ net-misc/tn5250/files/tn5250-0.17.4-whoami.patch | 13 +++++ net-misc/tn5250/tn5250-0.17.4-r2.ebuild | 31 +++++------ 8 files changed, 164 insertions(+), 144 deletions(-) delete mode 100644 net-misc/tn5250/files/disable-sslv2-and-sslv3.patch delete mode 100644 net-misc/tn5250/files/fix-Wformat-security-warnings.patch create mode 100644 net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch create mode 100644 net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch create mode 100644 net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch create mode 100644 net-misc/tn5250/files/tn5250-0.17.4-whoami.patch (limited to 'net-misc/tn5250') diff --git a/net-misc/tn5250/Manifest b/net-misc/tn5250/Manifest index df8f42ad9325..209182614022 100644 --- a/net-misc/tn5250/Manifest +++ b/net-misc/tn5250/Manifest @@ -1,6 +1,8 @@ -AUX disable-sslv2-and-sslv3.patch 2333 BLAKE2B f0debeacfcfe2596b716733cd80195b402f9b1536b3bbc6be7d12b763a2724b84c7030e92d76cdeca2685fb1bfc1714ab8d545276d23460f6cff930db412e86d SHA512 938130a2211409ab179499f1b7b50f5517d609a0ad73051a6c1a89493b44cca28200723693698beb516733e3099976f5ec0335f290553e903604c5a1eee652bd -AUX fix-Wformat-security-warnings.patch 2283 BLAKE2B 59ffb231abf6ef7927d79e8be51133c6f1f31f63ec38514bbaeee2069c3d063dc7ef3642953b7777668c016bb30e06c590ed63bb618d7796c3475483d77708b1 SHA512 da9114d26e838e822d8c63faa68f8157e03404f86e03c38f9f557416199c5ae96a35f4dbf47717c2588a6f29549b69a84ec66f5b7de848803b90759cae1fda04 +AUX tn5250-0.17.4-disable-sslv2-and-sslv3.patch 2333 BLAKE2B f0debeacfcfe2596b716733cd80195b402f9b1536b3bbc6be7d12b763a2724b84c7030e92d76cdeca2685fb1bfc1714ab8d545276d23460f6cff930db412e86d SHA512 938130a2211409ab179499f1b7b50f5517d609a0ad73051a6c1a89493b44cca28200723693698beb516733e3099976f5ec0335f290553e903604c5a1eee652bd +AUX tn5250-0.17.4-fix-Wformat-security-warnings.patch 2283 BLAKE2B 59ffb231abf6ef7927d79e8be51133c6f1f31f63ec38514bbaeee2069c3d063dc7ef3642953b7777668c016bb30e06c590ed63bb618d7796c3475483d77708b1 SHA512 da9114d26e838e822d8c63faa68f8157e03404f86e03c38f9f557416199c5ae96a35f4dbf47717c2588a6f29549b69a84ec66f5b7de848803b90759cae1fda04 +AUX tn5250-0.17.4-tinfo.patch 294 BLAKE2B 6032318a041b7e495e709f44e6abeedaee17be5754f779d73b33cfd0bc9fd625c53687cc9e2e0f49dc8be48ea497f3d2f3d9cba0b48c59d3f84fd9a98bdeab50 SHA512 e348a54d74e79fd3b7d4a7ae8a8bbab9751f873317b82738c1b934c643a4fe28cefb38008d944af61fe64f0852a1bb5eeea7b6bb8143e51a3469bc20fb8e0b22 +AUX tn5250-0.17.4-whoami.patch 450 BLAKE2B 529c2822328ae5b7eb70e49e1459271d325f465c6ecc3c2f0621805e1f61892c58614cdcd84c522ffe7b78d05c554af9928ff181497fefc13fb82a62c916502b SHA512 404fd5913db7240f1db14ac2a45e2897866e50fc33d56e5eb22e810b238d47b5d6c3700dd73fe095c2f5714e5f8f745c7e0bf670450d6454d20f10fa2f8c69c2 DIST tn5250-0.17.4.tar.gz 648452 BLAKE2B 9e4d2d2b3148d063eecfc57f32daa1936d9f829a219952c9eb666e3f128c42f5ac611c4ccf12cdd533b3758459ce7f2f4e7c8fe74090042cb796067a7f6afe14 SHA512 7c41bc47658f792fe7c6c6186d93095ac2eca67868070d84502bcff7de0cbc97afea1bd9987d2dbc5a340a444fdf1fbff81c7b844f5c205ec603f24c5e6c0804 EBUILD tn5250-0.17.4-r1.ebuild 1247 BLAKE2B 6169023b231922ef82594a6359d2d3f824cec17d1def604fca3a1aa676f3b6939a89cf882fa2e21afab20c7a6e6f46d00df9953c6e342af9016974a3e50802dd SHA512 e57461bf744d4ffffad3c8046a9faf674d0cef81d6baf1ea88546d5155a1eef7668931955599ab64a4ff4566990591edb41aba55a45f5ccb54dccfac7319e722 -EBUILD tn5250-0.17.4-r2.ebuild 1322 BLAKE2B ff004ff4df419e7dd5f1887bd758e4ced8c563735330797d5376c09ea8087acea0380bad4f959f963922ba4279c57dd28dde5c9260589c68b73541d8c08248be SHA512 da737d6c37c56867cae53f893259f941fd07fe3d19fa77ab4f4f81cd2b432b0ee30cd643187729aab9ba709c2c5753a7398d38c828c44a1090e5d9be6d3a70e5 +EBUILD tn5250-0.17.4-r2.ebuild 1190 BLAKE2B 12e610edc7efeb7e0ff561db603c1f9e3e14ee6b95336eb81046ecce1554b350015d7316054ff5b3f8b78fae206ba7f070e9ab05ca2f0ce1c6ff6ccb3b830b98 SHA512 95631351a044b1328ccfc1006d1a4f6941b698a84eb7800697ef52e0f30a978bfa0ebb22af5e7a376dbcb97b4dfa7f7b0701adb9d7ceb85e6d057e4e7d3974db MISC metadata.xml 215 BLAKE2B a53a3a3ece4a9e09b8df96f5f8a629b7119c0e95e3e428c185f25378748975728f080e999a5e434e6fb3a38bb6599562ffacb8197f0be3ece1bcc43ccc1954de SHA512 0e99f231bdcff1306e232af176e4ce38c754ea988c072324093f2ac5bca81432abeb12af3e5f1960d0047bcd6d8c558fc995d1e6670556e00e443ebb1b6fe09c diff --git a/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch b/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch deleted file mode 100644 index 9c8d04f55851..000000000000 --- a/net-misc/tn5250/files/disable-sslv2-and-sslv3.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 1acfebd966e8804e6573cbe9287b8b6f028a646c Mon Sep 17 00:00:00 2001 -From: Michael Orlitzky -Date: Tue, 23 Aug 2016 18:13:47 -0400 -Subject: [PATCH 1/1] sslstream.c: ignore the user's choice of ssl_method. - -The SSLv2 and SSLv3 protocols are insecure, and people have begun to -operate without them. LibreSSL, for example, does not have them -enabled, and it is possible to build OpenSSL in the same manner. - -If SSLv[23] are disabled, the user would not be able to choose "ssl2" -or "ssl3" as his "ssl_method", an option that was undocumented -anywhere. Therefore there is not much lost, and some security to gain, -by removing the option completely. This commit does that, and uses the -automatic protocol choice that is capable of negotiating TLSv1, -TLSv1.1 and TLSv1.2. - -Gentoo-Bug: 591940 ---- - lib5250/sslstream.c | 26 ++++++++++---------------- - 1 file changed, 10 insertions(+), 16 deletions(-) - -diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c -index 7181566..2f91d1a 100644 ---- a/lib5250/sslstream.c -+++ b/lib5250/sslstream.c -@@ -362,22 +362,16 @@ int tn5250_ssl_stream_init (Tn5250Stream *This) - - /* which SSL method do we use? */ - -- strcpy(methstr,"auto"); -- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_method")) { -- strncpy(methstr, tn5250_config_get (This->config, "ssl_method"), 4); -- methstr[4] = '\0'; -- } -- -- if (!strcmp(methstr, "ssl2")) { -- meth = SSLv2_client_method(); -- TN5250_LOG(("SSL Method = SSLv2_client_method()\n")); -- } else if (!strcmp(methstr, "ssl3")) { -- meth = SSLv3_client_method(); -- TN5250_LOG(("SSL Method = SSLv3_client_method()\n")); -- } else { -- meth = SSLv23_client_method(); -- TN5250_LOG(("SSL Method = SSLv23_client_method()\n")); -- } -+ /* Ignore the user's choice of ssl_method (which isn't documented -+ * anyway...) if it was either "ssl2" or "ssl3". Both are insecure, -+ * and this is only safe supported method left. -+ * -+ * This is a Gentoo-specific modification that lets us build -+ * against LibreSSL and newer OpenSSL with its insecure protocols -+ * disabled. -+ */ -+ meth = SSLv23_client_method(); -+ TN5250_LOG(("SSL Method = SSLv23_client_method()\n")); - - /* create a new SSL context */ - --- -2.7.3 - diff --git a/net-misc/tn5250/files/fix-Wformat-security-warnings.patch b/net-misc/tn5250/files/fix-Wformat-security-warnings.patch deleted file mode 100644 index 4927bce546f2..000000000000 --- a/net-misc/tn5250/files/fix-Wformat-security-warnings.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 1bc9cac45be4bac46f58e325779bdb8c7b7bf502 Mon Sep 17 00:00:00 2001 -From: Michael Orlitzky -Date: Tue, 23 Aug 2016 20:20:15 -0400 -Subject: [PATCH 1/1] Fix format-security warnings. - -Newer versions of GCC have the ability to warn you (or throw errors) -about insecure format strings. Generally this is due to an omitted -format string in the printf family of functions, and a few of those -issues existed in the code base. They were all fixed by adding a -trivial "%s" format string. The project now builds with --Werror=format-security. ---- - curses/cursesterm.c | 4 ++-- - lib5250/sslstream.c | 2 +- - lib5250/telnetstr.c | 2 +- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/curses/cursesterm.c b/curses/cursesterm.c -index bf20f05..3032966 100644 ---- a/curses/cursesterm.c -+++ b/curses/cursesterm.c -@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, Tn5250Display *display - if(This->data->is_xterm) { - if (This->data->font_132!=NULL) { - if (tn5250_display_width (display)>100) -- printf(This->data->font_132); -+ printf("%s", This->data->font_132); - else -- printf(This->data->font_80); -+ printf("%s", This->data->font_80); - } - printf ("\x1b[8;%d;%dt", tn5250_display_height (display)+1, - tn5250_display_width (display)); -diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c -index 2f91d1a..7f3009e 100644 ---- a/lib5250/sslstream.c -+++ b/lib5250/sslstream.c -@@ -307,7 +307,7 @@ static void ssl_log_SB_buf(unsigned char *buf, int len) - - if (!tn5250_logfile) - return; -- fprintf(tn5250_logfile,ssl_getTelOpt(type=*buf++)); -+ fprintf(tn5250_logfile,"%s",ssl_getTelOpt(type=*buf++)); - switch (c=*buf++) { - case IS: - fputs("",tn5250_logfile); -diff --git a/lib5250/telnetstr.c b/lib5250/telnetstr.c -index 9ad2624..cf1576f 100644 ---- a/lib5250/telnetstr.c -+++ b/lib5250/telnetstr.c -@@ -282,7 +282,7 @@ static void log_SB_buf(unsigned char *buf, int len) - - if (!tn5250_logfile) - return; -- fprintf(tn5250_logfile,getTelOpt(type=*buf++)); -+ fprintf(tn5250_logfile,"%s",getTelOpt(type=*buf++)); - switch (c=*buf++) { - case IS: - fputs("",tn5250_logfile); --- -2.7.3 - diff --git a/net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch b/net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch new file mode 100644 index 000000000000..9c8d04f55851 --- /dev/null +++ b/net-misc/tn5250/files/tn5250-0.17.4-disable-sslv2-and-sslv3.patch @@ -0,0 +1,61 @@ +From 1acfebd966e8804e6573cbe9287b8b6f028a646c Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Tue, 23 Aug 2016 18:13:47 -0400 +Subject: [PATCH 1/1] sslstream.c: ignore the user's choice of ssl_method. + +The SSLv2 and SSLv3 protocols are insecure, and people have begun to +operate without them. LibreSSL, for example, does not have them +enabled, and it is possible to build OpenSSL in the same manner. + +If SSLv[23] are disabled, the user would not be able to choose "ssl2" +or "ssl3" as his "ssl_method", an option that was undocumented +anywhere. Therefore there is not much lost, and some security to gain, +by removing the option completely. This commit does that, and uses the +automatic protocol choice that is capable of negotiating TLSv1, +TLSv1.1 and TLSv1.2. + +Gentoo-Bug: 591940 +--- + lib5250/sslstream.c | 26 ++++++++++---------------- + 1 file changed, 10 insertions(+), 16 deletions(-) + +diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c +index 7181566..2f91d1a 100644 +--- a/lib5250/sslstream.c ++++ b/lib5250/sslstream.c +@@ -362,22 +362,16 @@ int tn5250_ssl_stream_init (Tn5250Stream *This) + + /* which SSL method do we use? */ + +- strcpy(methstr,"auto"); +- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_method")) { +- strncpy(methstr, tn5250_config_get (This->config, "ssl_method"), 4); +- methstr[4] = '\0'; +- } +- +- if (!strcmp(methstr, "ssl2")) { +- meth = SSLv2_client_method(); +- TN5250_LOG(("SSL Method = SSLv2_client_method()\n")); +- } else if (!strcmp(methstr, "ssl3")) { +- meth = SSLv3_client_method(); +- TN5250_LOG(("SSL Method = SSLv3_client_method()\n")); +- } else { +- meth = SSLv23_client_method(); +- TN5250_LOG(("SSL Method = SSLv23_client_method()\n")); +- } ++ /* Ignore the user's choice of ssl_method (which isn't documented ++ * anyway...) if it was either "ssl2" or "ssl3". Both are insecure, ++ * and this is only safe supported method left. ++ * ++ * This is a Gentoo-specific modification that lets us build ++ * against LibreSSL and newer OpenSSL with its insecure protocols ++ * disabled. ++ */ ++ meth = SSLv23_client_method(); ++ TN5250_LOG(("SSL Method = SSLv23_client_method()\n")); + + /* create a new SSL context */ + +-- +2.7.3 + diff --git a/net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch b/net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch new file mode 100644 index 000000000000..4927bce546f2 --- /dev/null +++ b/net-misc/tn5250/files/tn5250-0.17.4-fix-Wformat-security-warnings.patch @@ -0,0 +1,62 @@ +From 1bc9cac45be4bac46f58e325779bdb8c7b7bf502 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Tue, 23 Aug 2016 20:20:15 -0400 +Subject: [PATCH 1/1] Fix format-security warnings. + +Newer versions of GCC have the ability to warn you (or throw errors) +about insecure format strings. Generally this is due to an omitted +format string in the printf family of functions, and a few of those +issues existed in the code base. They were all fixed by adding a +trivial "%s" format string. The project now builds with +-Werror=format-security. +--- + curses/cursesterm.c | 4 ++-- + lib5250/sslstream.c | 2 +- + lib5250/telnetstr.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/curses/cursesterm.c b/curses/cursesterm.c +index bf20f05..3032966 100644 +--- a/curses/cursesterm.c ++++ b/curses/cursesterm.c +@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, Tn5250Display *display + if(This->data->is_xterm) { + if (This->data->font_132!=NULL) { + if (tn5250_display_width (display)>100) +- printf(This->data->font_132); ++ printf("%s", This->data->font_132); + else +- printf(This->data->font_80); ++ printf("%s", This->data->font_80); + } + printf ("\x1b[8;%d;%dt", tn5250_display_height (display)+1, + tn5250_display_width (display)); +diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c +index 2f91d1a..7f3009e 100644 +--- a/lib5250/sslstream.c ++++ b/lib5250/sslstream.c +@@ -307,7 +307,7 @@ static void ssl_log_SB_buf(unsigned char *buf, int len) + + if (!tn5250_logfile) + return; +- fprintf(tn5250_logfile,ssl_getTelOpt(type=*buf++)); ++ fprintf(tn5250_logfile,"%s",ssl_getTelOpt(type=*buf++)); + switch (c=*buf++) { + case IS: + fputs("",tn5250_logfile); +diff --git a/lib5250/telnetstr.c b/lib5250/telnetstr.c +index 9ad2624..cf1576f 100644 +--- a/lib5250/telnetstr.c ++++ b/lib5250/telnetstr.c +@@ -282,7 +282,7 @@ static void log_SB_buf(unsigned char *buf, int len) + + if (!tn5250_logfile) + return; +- fprintf(tn5250_logfile,getTelOpt(type=*buf++)); ++ fprintf(tn5250_logfile,"%s",getTelOpt(type=*buf++)); + switch (c=*buf++) { + case IS: + fputs("",tn5250_logfile); +-- +2.7.3 + diff --git a/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch b/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch new file mode 100644 index 000000000000..46469c4def8e --- /dev/null +++ b/net-misc/tn5250/files/tn5250-0.17.4-tinfo.patch @@ -0,0 +1,10 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -64,6 +64,7 @@ + AC_MSG_ERROR([** You need a curses-compatible library installed.]) + fi + fi ++ AC_SEARCH_LIBS(stdscr, tinfo, [CURSES_LIB="$CURSES_LIB -ltinfo"]) + AC_SUBST([CURSES_LIB]) + if test "$ac_cv_use_old_keys" != "yes"; + then diff --git a/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch b/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch new file mode 100644 index 000000000000..fbcece25af27 --- /dev/null +++ b/net-misc/tn5250/files/tn5250-0.17.4-whoami.patch @@ -0,0 +1,13 @@ +--- a/linux/Makefile.am ++++ b/linux/Makefile.am +@@ -18,10 +18,6 @@ + if [ "$$(uname -s)" = "Linux" ]; then \ + if which tic >/dev/null 2>&1 ; then \ + if [ "`whoami`" = "root" ]; then \ +- rm -f /usr/share/terminfo/x/xterm-5250 ; \ +- rm -f /usr/share/terminfo/5/5250 ; \ +- rm -f /usr/lib/terminfo/x/xterm-5250 ; \ +- rm -f /usr/lib/terminfo/5/5250 ; \ + good=yes ; \ + tic $(srcdir)/5250.terminfo || good=no ; \ + else \ diff --git a/net-misc/tn5250/tn5250-0.17.4-r2.ebuild b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild index 3bcbdbd72cb6..f3cfbf0f6174 100644 --- a/net-misc/tn5250/tn5250-0.17.4-r2.ebuild +++ b/net-misc/tn5250/tn5250-0.17.4-r2.ebuild @@ -1,8 +1,8 @@ -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=6 -inherit eutils +inherit autotools ltprune DESCRIPTION="IBM AS/400 telnet client which emulates 5250 terminals/printers" HOMEPAGE="http://tn5250.sourceforge.net/" @@ -11,7 +11,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" LICENSE="LGPL-2.1" SLOT="0" KEYWORDS="~amd64 ~ppc ~sparc ~x86" -IUSE="X libressl ssl" +IUSE="libressl ssl static-libs" RDEPEND=" sys-libs/ncurses:= @@ -21,32 +21,27 @@ RDEPEND=" ) " -DEPEND="${RDEPEND} - X? ( x11-libs/libXt ) +DEPEND=" + ${RDEPEND} " PATCHES=( - "${FILESDIR}/disable-sslv2-and-sslv3.patch" - "${FILESDIR}/fix-Wformat-security-warnings.patch" + "${FILESDIR}"/${PN}-0.17.4-disable-sslv2-and-sslv3.patch + "${FILESDIR}"/${PN}-0.17.4-fix-Wformat-security-warnings.patch + "${FILESDIR}"/${PN}-0.17.4-tinfo.patch + "${FILESDIR}"/${PN}-0.17.4-whoami.patch ) src_prepare() { default - - # Next, the Makefile for the terminfo settings tries to remove - # some files it doesn't have access to. We can just remove those - # lines. - sed -i \ - -e "/rm -f \/usr\/.*\/terminfo.*5250/d" linux/Makefile.in \ - || die "sed Makefile.in failed" + eautoreconf } src_configure() { econf \ - --disable-static \ - --without-python \ - $(use_with X x) \ - $(use_with ssl) + $(use_enable static-libs static) \ + $(use_with ssl) \ + --without-python } src_install() { -- cgit v1.2.3