rpms/tn5250
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rebuilt with debug package and specfile fixes [release 0.17.4-3mamba;Fri May 21 2021]

Browse Source
This commit is contained in:
Silvan Calarco 2024-01-05 18:34:31 +01:00
parent b4cd865ea9
commit e2435f9b2d
2 changed files with 299 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

286
tn5250-0.17.4-openssl-1.1.patch Normal file
View File

@ -0,0 +1,286 @@
From 65c0559d8a91c8153e72dbb2524386ce37cc325a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 20 Feb 2017 14:47:03 +0100
Subject: [PATCH 1/4] fix build with -Werror=format-security
---
curses/cursesterm.c | 4 ++--
lib5250/sslstream.c | 2 +-
lib5250/telnetstr.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/curses/cursesterm.c b/curses/cursesterm.c
index bf20f05..2aa65b8 100644
--- a/curses/cursesterm.c
+++ b/curses/cursesterm.c
@@ -640,9 +640,9 @@ static void curses_terminal_update(Tn5250Terminal * This, Tn5250Display *display
if(This->data->is_xterm) {
if (This->data->font_132!=NULL) {
if (tn5250_display_width (display)>100)
- printf(This->data->font_132);
+ printf("%s",This->data->font_132);
else
- printf(This->data->font_80);
+ printf("%s",This->data->font_80);
}
printf ("\x1b[8;%d;%dt", tn5250_display_height (display)+1,
tn5250_display_width (display));
diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
index e0b720a..77aab64 100644
--- a/lib5250/sslstream.c
+++ b/lib5250/sslstream.c
@@ -317,7 +317,7 @@ static void ssl_log_SB_buf(unsigned char *buf, int len)
if (!tn5250_logfile)
return;
- fprintf(tn5250_logfile,ssl_getTelOpt(type=*buf++));
+ fprintf(tn5250_logfile,"%s",ssl_getTelOpt(type=*buf++));
switch (c=*buf++) {
case IS:
fputs("<IS>",tn5250_logfile);
diff --git a/lib5250/telnetstr.c b/lib5250/telnetstr.c
index 763c519..f95a737 100644
--- a/lib5250/telnetstr.c
+++ b/lib5250/telnetstr.c
@@ -292,7 +292,7 @@ static void log_SB_buf(unsigned char *buf, int len)
if (!tn5250_logfile)
return;
- fprintf(tn5250_logfile,getTelOpt(type=*buf++));
+ fprintf(tn5250_logfile,"%s",getTelOpt(type=*buf++));
switch (c=*buf++) {
case IS:
fputs("<IS>",tn5250_logfile);
--
2.7.4
From 0b6bd9bb964a04b5dd8a0278af1c16d8b71e09f4 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Tue, 23 Aug 2016 18:13:47 -0400
Subject: [PATCH 2/4] sslstream.c: ignore the user's choice of ssl_method.
The SSLv2 and SSLv3 protocols are insecure, and people have begun to
operate without them. LibreSSL, for example, does not have them
enabled, and it is possible to build OpenSSL in the same manner.
If SSLv[23] are disabled, the user would not be able to choose "ssl2"
or "ssl3" as his "ssl_method", an option that was undocumented
anywhere. Therefore there is not much lost, and some security to gain,
by removing the option completely. This commit does that, and uses the
automatic protocol choice that is capable of negotiating TLSv1,
TLSv1.1 and TLSv1.2.
Gentoo-Bug: 591940
---
lib5250/sslstream.c | 26 ++++++++++----------------
1 file changed, 10 insertions(+), 16 deletions(-)
diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
index 77aab64..f4353a9 100644
--- a/lib5250/sslstream.c
+++ b/lib5250/sslstream.c
@@ -372,22 +372,16 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
/* which SSL method do we use? */
- strcpy(methstr,"auto");
- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_method")) {
- strncpy(methstr, tn5250_config_get (This->config, "ssl_method"), 4);
- methstr[4] = '\0';
- }
-
- if (!strcmp(methstr, "ssl2")) {
- meth = SSLv2_client_method();
- TN5250_LOG(("SSL Method = SSLv2_client_method()\n"));
- } else if (!strcmp(methstr, "ssl3")) {
- meth = SSLv3_client_method();
- TN5250_LOG(("SSL Method = SSLv3_client_method()\n"));
- } else {
- meth = SSLv23_client_method();
- TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
- }
+ /* Ignore the user's choice of ssl_method (which isn't documented
+ * anyway...) if it was either "ssl2" or "ssl3". Both are insecure,
+ * and this is only safe supported method left.
+ *
+ * This is a Gentoo-specific modification that lets us build
+ * against LibreSSL and newer OpenSSL with its insecure protocols
+ * disabled.
+ */
+ meth = SSLv23_client_method();
+ TN5250_LOG(("SSL Method = SSLv23_client_method()\n"));
/* create a new SSL context */
--
2.7.4
From 66e1a2f80091e9ee9b99156ae23e5faaf9f24fe0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 20 Feb 2017 15:06:36 +0100
Subject: [PATCH 3/4] remove duplicate definition for tn3270_ssl_stream_init()
---
lib5250/sslstream.c | 93 -----------------------------------------------------
1 file changed, 93 deletions(-)
diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
index f4353a9..86d38cf 100644
--- a/lib5250/sslstream.c
+++ b/lib5250/sslstream.c
@@ -477,99 +477,6 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
return 0; /* Ok */
}
-/****f* lib5250/tn3270_ssl_stream_init
- * NAME
- * tn3270_ssl_stream_init
- * SYNOPSIS
- * ret = tn3270_ssl_stream_init (This);
- * INPUTS
- * Tn5250Stream * This -
- * DESCRIPTION
- * DOCUMENT ME!!!
- *****/
-int tn3270_ssl_stream_init (Tn5250Stream *This)
-{
- int len;
-
-/* initialize SSL library */
-
- SSL_load_error_strings();
- SSL_library_init();
-
-/* create a new SSL context */
-
- This->ssl_context = SSL_CTX_new(SSLv23_client_method());
- if (This->ssl_context==NULL) {
- DUMP_ERR_STACK ();
- return -1;
- }
-
-/* if a certificate authority file is defined, load it into this context */
-
- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
- if (SSL_CTX_load_verify_locations(This->ssl_context,
- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
- DUMP_ERR_STACK ();
- return -1;
- }
- }
-
-/* if a certificate authority file is defined, load it into this context */
-
- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
- if (SSL_CTX_load_verify_locations(This->ssl_context,
- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
- DUMP_ERR_STACK ();
- return -1;
- }
- }
-
- This->userdata = NULL;
-
-/* if a PEM passphrase is defined, set things up so that it can be used */
-
- if (This->config!=NULL && tn5250_config_get (This->config,"ssl_pem_pass")){
- TN5250_LOG(("SSL: Setting password callback\n"));
- len = strlen(tn5250_config_get (This->config, "ssl_pem_pass"));
- This->userdata = malloc(len+1);
- strncpy(This->userdata,
- tn5250_config_get (This->config, "ssl_pem_pass"), len);
- SSL_CTX_set_default_passwd_cb(This->ssl_context,
- (pem_password_cb *)ssl_stream_passwd_cb);
- SSL_CTX_set_default_passwd_cb_userdata(This->ssl_context, (void *)This);
-
- }
-
-/* If a certificate file has been defined, load it into this context as well */
-
- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_cert_file")){
- TN5250_LOG(("SSL: Loading certificates from certificate file\n"));
- if (SSL_CTX_use_certificate_file(This->ssl_context,
- tn5250_config_get (This->config, "ssl_cert_file"),
- SSL_FILETYPE_PEM) <= 0) {
- DUMP_ERR_STACK ();
- return -1;
- }
- TN5250_LOG(("SSL: Loading private keys from certificate file\n"));
- if (SSL_CTX_use_PrivateKey_file(This->ssl_context,
- tn5250_config_get (This->config, "ssl_cert_file"),
- SSL_FILETYPE_PEM) <= 0) {
- DUMP_ERR_STACK ();
- return -1;
- }
- }
-
- This->ssl_handle = NULL;
- This->connect = ssl_stream_connect;
- This->accept = ssl_stream_accept;
- This->disconnect = ssl_stream_disconnect;
- This->handle_receive = ssl_stream_handle_receive;
- This->send_packet = tn3270_ssl_stream_send_packet;
- This->destroy = ssl_stream_destroy;
- This->streamtype = TN3270E_STREAM;
- return 0; /* Ok */
-}
-
/****i* lib5250/ssl_stream_connect
* NAME
* ssl_stream_connect
--
2.7.4
From 5922e57bb5ea78ff35f82a60f1721d533cc0584a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 20 Feb 2017 15:37:51 +0100
Subject: [PATCH 4/4] port to OpenSSL 1.1
- check for better functions in configure
- update SSL initialization call
---
configure.ac | 8 ++++----
lib5250/sslstream.c | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/configure.ac b/configure.ac
index 4ba0007..8a16cff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -152,13 +152,13 @@ dnl ** happily, we don't have to hunt for them thanks to ldconfig!
dnl **
if test -n $sslincludedir; then
CPPFLAGS="$CPPFLAGS $sslincludedir"
- AC_CHECK_LIB(crypto,CRYPTO_num_locks)
- if test "$ac_cv_lib_crypto_CRYPTO_num_locks" != "yes"
+ AC_CHECK_LIB(crypto,OPENSSL_init)
+ if test "$ac_cv_lib_crypto_OPENSSL_init" != "yes"
then
AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
fi
- AC_CHECK_LIB(ssl,SSL_library_init)
- if test "$ac_cv_lib_ssl_SSL_library_init" != "yes"
+ AC_CHECK_LIB(ssl,OPENSSL_init_ssl)
+ if test "$ac_cv_lib_ssl_OPENSSL_init_ssl" != "yes"
then
AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
fi
diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
index 86d38cf..3c0f390 100644
--- a/lib5250/sslstream.c
+++ b/lib5250/sslstream.c
@@ -368,7 +368,7 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
/* initialize SSL library */
SSL_load_error_strings();
- SSL_library_init();
+ OPENSSL_init_ssl(0, NULL);
/* which SSL method do we use? */
--
2.7.4

20
tn5250.spec
View File

@ -1,13 +1,14 @@
Name: tn5250
Version: 0.17.4
Release: 2mamba
Release: 3mamba
Summary: A telnet client for the IBM AS/400 that emulates 5250 terminals and printers
Group: Applications/Networking
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@openmamba.org>
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://tn5250.sourceforge.net/
Source: http://downloads.sourceforge.net/sourceforge/tn5250/%{name}-%{version}.tar.gz
Patch0: tn5250-0.17.4-openssl-1.1.patch
License: LGPL
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
@ -15,8 +16,6 @@ BuildRequires: libncurses-devel
BuildRequires: libopenssl-devel
## AUTOBUILDREQ-END
BuildRoot: %{_tmppath}/%{name}-%{version}-root
%description
tn5250 is a telnet client for the IBM AS/400 that emulates 5250 terminals and printers.
This function is the same as that provided by the 5250 emulator in IBM Client Access.
@ -29,11 +28,15 @@ Requires: %{name} = %{version}
%description devel
tn5250 is a telnet client for the IBM AS/400 that emulates 5250 terminals and printers.
This function is the same as that provided by the 5250 emulator in IBM Client Access.
This package contains static libraries and header files needed for development.
This package contains static libraries and header files need for development.
%debug_package
%prep
%setup -q
%patch0 -p1
autoreconf -f -i
%build
%configure
@ -54,7 +57,6 @@ This package contains static libraries and header files need for development.
%{_bindir}/xt5250
%{_bindir}/5250keys
%{_libdir}/*.so.*
%{_mandir}/man1/lp5250d.*
%{_mandir}/man1/scs2ascii.*
%{_mandir}/man1/scs2pdf.*
@ -62,7 +64,8 @@ This package contains static libraries and header files need for development.
%{_mandir}/man1/tn5250.*
%{_mandir}/man5/tn5250rc.*
%{_datadir}/tn5250/*
%doc AUTHORS COPYING ChangeLog NEWS README README.ssl TODO
%doc AUTHORS COPYING
#ChangeLog NEWS README README.ssl TODO
%files devel
%defattr(-,root,root)
@ -76,6 +79,9 @@ This package contains static libraries and header files need for development.
#%{_libdir}/pkgconfig/tn5250.pc
%changelog
* Fri May 21 2021 Silvan Calarco <silvan.calarco@mambasoft.it> 0.17.4-3mamba
- rebuilt with debug package and specfile fixes
* Wed Jul 10 2013 Automatic Build System <autodist@mambasoft.it> 0.17.4-2mamba
- automatic version update by autodist