rebuilt with debug package and specfile fixes [release 0.17.4-3mamba;Fri May 21 2021]

2024-01-05 18:34:31 +01:00 · 2024-01-05 18:34:31 +01:00 · e2435f9b2d
commit e2435f9b2d
parent b4cd865ea9
2 changed files with 299 additions and 7 deletions
--- a/tn5250-0.17.4-openssl-1.1.patch
+++ b/tn5250-0.17.4-openssl-1.1.patch
@ -0,0 +1,286 @@
 From 65c0559d8a91c8153e72dbb2524386ce37cc325a Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
 Date: Mon, 20 Feb 2017 14:47:03 +0100
 Subject: [PATCH 1/4] fix build with -Werror=format-security
 ---
 curses/cursesterm.c | 4 ++--
 lib5250/sslstream.c | 2 +-
 lib5250/telnetstr.c | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)
 diff --git a/curses/cursesterm.c b/curses/cursesterm.c
 index bf20f05..2aa65b8 100644
 --- a/curses/cursesterm.c
 +++ b/curses/cursesterm.c
@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, Tn5250Display *display
       if(This->data->is_xterm) {
          if (This->data->font_132!=NULL) {
                if (tn5250_display_width (display)>100)
 -                    printf(This->data->font_132);
 +                    printf("%s",This->data->font_132);
                else
 -                    printf(This->data->font_80);
 +                    printf("%s",This->data->font_80);
          }
 	 printf ("\x1b[8;%d;%dt", tn5250_display_height (display)+1,
 	       tn5250_display_width (display));
 diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
 index e0b720a..77aab64 100644
 --- a/lib5250/sslstream.c
 +++ b/lib5250/sslstream.c
@@ -317,7 +317,7 @@ static void ssl_log_SB_buf(unsigned char *buf, int len)
    if (!tn5250_logfile)
       return;
 -   fprintf(tn5250_logfile,ssl_getTelOpt(type=*buf++));
 +   fprintf(tn5250_logfile,"%s",ssl_getTelOpt(type=*buf++));
    switch (c=*buf++) {
       case IS:
 		fputs("<IS>",tn5250_logfile);
 diff --git a/lib5250/telnetstr.c b/lib5250/telnetstr.c
 index 763c519..f95a737 100644
 --- a/lib5250/telnetstr.c
 +++ b/lib5250/telnetstr.c
@@ -292,7 +292,7 @@ static void log_SB_buf(unsigned char *buf, int len)
    if (!tn5250_logfile)
       return;
 -   fprintf(tn5250_logfile,getTelOpt(type=*buf++));
 +   fprintf(tn5250_logfile,"%s",getTelOpt(type=*buf++));
    switch (c=*buf++) {
       case IS:
 		fputs("<IS>",tn5250_logfile);
 -- 
 2.7.4
 From 0b6bd9bb964a04b5dd8a0278af1c16d8b71e09f4 Mon Sep 17 00:00:00 2001
 From: Michael Orlitzky <michael@orlitzky.com>
 Date: Tue, 23 Aug 2016 18:13:47 -0400
 Subject: [PATCH 2/4] sslstream.c: ignore the user's choice of ssl_method.
 The SSLv2 and SSLv3 protocols are insecure, and people have begun to
 operate without them. LibreSSL, for example, does not have them
 enabled, and it is possible to build OpenSSL in the same manner.
 If SSLv[23] are disabled, the user would not be able to choose "ssl2"
 or "ssl3" as his "ssl_method", an option that was undocumented
 anywhere. Therefore there is not much lost, and some security to gain,
 by removing the option completely. This commit does that, and uses the
 automatic protocol choice that is capable of negotiating TLSv1,
 TLSv1.1 and TLSv1.2.
 Gentoo-Bug: 591940
 ---
 lib5250/sslstream.c | 26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)
 diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
 index 77aab64..f4353a9 100644
 --- a/lib5250/sslstream.c
 +++ b/lib5250/sslstream.c
@@ -372,22 +372,16 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
 /*  which SSL method do we use? */
 -   strcpy(methstr,"auto");
 -   if (This->config!=NULL && tn5250_config_get (This->config, "ssl_method")) {
 -        strncpy(methstr, tn5250_config_get (This->config, "ssl_method"), 4);
 -        methstr[4] = '\0';
 -   }
 -
 -   if (!strcmp(methstr, "ssl2")) {
 -        meth = SSLv2_client_method();         
 -        TN5250_LOG(("SSL Method = SSLv2_client_method()\n"));
 -   } else if (!strcmp(methstr, "ssl3")) {
 -        meth = SSLv3_client_method();         
 -        TN5250_LOG(("SSL Method = SSLv3_client_method()\n"));
 -   } else {
 -        meth = SSLv23_client_method();         
 -        TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
 -   }
 +    /* Ignore the user's choice of ssl_method (which isn't documented
 +     * anyway...) if it was either "ssl2" or "ssl3". Both are insecure,
 +     * and this is only safe supported method left.
 +     *
 +     * This is a Gentoo-specific modification that lets us build
 +     * against LibreSSL and newer OpenSSL with its insecure protocols
 +     * disabled.
 +     */
 +    meth = SSLv23_client_method();
 +    TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
 /*  create a new SSL context */
 -- 
 2.7.4
 From 66e1a2f80091e9ee9b99156ae23e5faaf9f24fe0 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
 Date: Mon, 20 Feb 2017 15:06:36 +0100
 Subject: [PATCH 3/4] remove duplicate definition for tn3270_ssl_stream_init()
 ---
 lib5250/sslstream.c | 93 -----------------------------------------------------
 1 file changed, 93 deletions(-)
 diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
 index f4353a9..86d38cf 100644
 --- a/lib5250/sslstream.c
 +++ b/lib5250/sslstream.c
@@ -477,99 +477,6 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
    return 0; /* Ok */
 }
 -/****f* lib5250/tn3270_ssl_stream_init
 - * NAME
 - *    tn3270_ssl_stream_init
 - * SYNOPSIS
 - *    ret = tn3270_ssl_stream_init (This);
 - * INPUTS
 - *    Tn5250Stream *       This       - 
 - * DESCRIPTION
 - *    DOCUMENT ME!!!
 - *****/
 -int tn3270_ssl_stream_init (Tn5250Stream *This)
 -{
 -   int len;
 -
 -/* initialize SSL library */
 -
 -   SSL_load_error_strings();
 -   SSL_library_init();
 -
 -/* create a new SSL context */
 -
 -   This->ssl_context = SSL_CTX_new(SSLv23_client_method());
 -   if (This->ssl_context==NULL) {
 -        DUMP_ERR_STACK ();
 -        return -1;
 -   }
 -
 -/* if a certificate authority file is defined, load it into this context */
 -
 -   if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
 -        if (SSL_CTX_load_verify_locations(This->ssl_context, 
 -                  tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
 -            DUMP_ERR_STACK ();
 -            return -1;
 -        }
 -   }
 -
 -/* if a certificate authority file is defined, load it into this context */
 -
 -   if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
 -        if (SSL_CTX_load_verify_locations(This->ssl_context, 
 -                  tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
 -            DUMP_ERR_STACK ();
 -            return -1;
 -        }
 -   }
 -
 -   This->userdata = NULL;
 -
 -/* if a PEM passphrase is defined, set things up so that it can be used */
 -
 -   if (This->config!=NULL && tn5250_config_get (This->config,"ssl_pem_pass")){
 -        TN5250_LOG(("SSL: Setting password callback\n"));
 -        len = strlen(tn5250_config_get (This->config, "ssl_pem_pass"));
 -        This->userdata = malloc(len+1);
 -        strncpy(This->userdata,
 -                tn5250_config_get (This->config, "ssl_pem_pass"), len);
 -        SSL_CTX_set_default_passwd_cb(This->ssl_context,
 -                (pem_password_cb *)ssl_stream_passwd_cb);
 -        SSL_CTX_set_default_passwd_cb_userdata(This->ssl_context, (void *)This);
 -
 -   }
 -
 -/* If a certificate file has been defined, load it into this context as well */
 -
 -   if (This->config!=NULL && tn5250_config_get (This->config, "ssl_cert_file")){
 -        TN5250_LOG(("SSL: Loading certificates from certificate file\n"));
 -        if (SSL_CTX_use_certificate_file(This->ssl_context,
 -                tn5250_config_get (This->config, "ssl_cert_file"),
 -                SSL_FILETYPE_PEM) <= 0) {
 -            DUMP_ERR_STACK ();
 -            return -1;
 -        }
 -        TN5250_LOG(("SSL: Loading private keys from certificate file\n"));
 -        if (SSL_CTX_use_PrivateKey_file(This->ssl_context,
 -                tn5250_config_get (This->config, "ssl_cert_file"),
 -                SSL_FILETYPE_PEM) <= 0) {
 -            DUMP_ERR_STACK ();
 -            return -1;
 -        }
 -   }
 -
 -   This->ssl_handle = NULL;
 -   This->connect = ssl_stream_connect;
 -   This->accept = ssl_stream_accept;
 -   This->disconnect = ssl_stream_disconnect;
 -   This->handle_receive = ssl_stream_handle_receive;
 -   This->send_packet = tn3270_ssl_stream_send_packet;
 -   This->destroy = ssl_stream_destroy;
 -   This->streamtype = TN3270E_STREAM;
 -   return 0; /* Ok */
 -}
 -
 /****i* lib5250/ssl_stream_connect
  * NAME
  *    ssl_stream_connect
 -- 
 2.7.4
 From 5922e57bb5ea78ff35f82a60f1721d533cc0584a Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
 Date: Mon, 20 Feb 2017 15:37:51 +0100
 Subject: [PATCH 4/4] port to OpenSSL 1.1
 - check for better functions in configure
 - update SSL initialization call
 ---
 configure.ac        | 8 ++++----
 lib5250/sslstream.c | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index 4ba0007..8a16cff 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -152,13 +152,13 @@ dnl ** happily, we don't have to hunt for them thanks to ldconfig!
 dnl **
 if test -n $sslincludedir; then
      CPPFLAGS="$CPPFLAGS $sslincludedir"
 -     AC_CHECK_LIB(crypto,CRYPTO_num_locks)
 -     if test "$ac_cv_lib_crypto_CRYPTO_num_locks" != "yes"
 +     AC_CHECK_LIB(crypto,OPENSSL_init)
 +     if test "$ac_cv_lib_crypto_OPENSSL_init" != "yes"
      then
              AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
      fi
 -     AC_CHECK_LIB(ssl,SSL_library_init)
 -     if test "$ac_cv_lib_ssl_SSL_library_init" != "yes"
 +     AC_CHECK_LIB(ssl,OPENSSL_init_ssl)
 +     if test "$ac_cv_lib_ssl_OPENSSL_init_ssl" != "yes"
      then
              AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
      fi
 diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
 index 86d38cf..3c0f390 100644
 --- a/lib5250/sslstream.c
 +++ b/lib5250/sslstream.c
@@ -368,7 +368,7 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
 /*  initialize SSL library */
    SSL_load_error_strings();
 -   SSL_library_init();
 +   OPENSSL_init_ssl(0, NULL);
 /*  which SSL method do we use? */
 -- 
 2.7.4
--- a/tn5250.spec
+++ b/tn5250.spec
@ -1,13 +1,14 @@
 Name:          tn5250
 Version:       0.17.4
-Release:       2mamba
+Release:       3mamba
 Summary:       A telnet client for the IBM AS/400 that emulates 5250 terminals and printers
 Group:         Applications/Networking
 Vendor:        openmamba
 Distribution:  openmamba
-Packager:      Silvan Calarco <silvan.calarco@openmamba.org>
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           http://tn5250.sourceforge.net/
 Source:        http://downloads.sourceforge.net/sourceforge/tn5250/%{name}-%{version}.tar.gz
 Patch0:        tn5250-0.17.4-openssl-1.1.patch
 License:       LGPL
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
@ -15,8 +16,6 @@ BuildRequires: libncurses-devel
 BuildRequires: libopenssl-devel
 ## AUTOBUILDREQ-END
 BuildRoot:     %{_tmppath}/%{name}-%{version}-root
 %description
 tn5250 is a telnet client for the IBM AS/400 that emulates 5250 terminals and printers.
 This function is the same as that provided by the 5250 emulator in IBM Client Access.
@ -29,11 +28,15 @@ Requires:      %{name} = %{version}
 %description devel
 tn5250 is a telnet client for the IBM AS/400 that emulates 5250 terminals and printers.
 This function is the same as that provided by the 5250 emulator in IBM Client Access.
 This package contains static libraries and header files needed for development.
-This package contains static libraries and header files need for development.
+%debug_package
 %prep
 %setup -q 
 %patch0 -p1
 autoreconf -f -i
 %build
 %configure
@ -54,7 +57,6 @@ This package contains static libraries and header files need for development.
 %{_bindir}/xt5250
 %{_bindir}/5250keys
 %{_libdir}/*.so.*
 %{_mandir}/man1/lp5250d.*
 %{_mandir}/man1/scs2ascii.*
 %{_mandir}/man1/scs2pdf.*
@ -62,7 +64,8 @@ This package contains static libraries and header files need for development.
 %{_mandir}/man1/tn5250.*
 %{_mandir}/man5/tn5250rc.*
 %{_datadir}/tn5250/*
-%doc AUTHORS COPYING ChangeLog NEWS README README.ssl TODO
+%doc AUTHORS COPYING
 #ChangeLog NEWS README README.ssl TODO
 %files devel
 %defattr(-,root,root)
@ -76,6 +79,9 @@ This package contains static libraries and header files need for development.
 #%{_libdir}/pkgconfig/tn5250.pc
 %changelog
 * Fri May 21 2021 Silvan Calarco <silvan.calarco@mambasoft.it> 0.17.4-3mamba
 - rebuilt with debug package and specfile fixes
 * Wed Jul 10 2013 Automatic Build System <autodist@mambasoft.it> 0.17.4-2mamba
 - automatic version update by autodist