mkdir .libs x86_64-pc-linux-gnu-gcc -march=native -O2 -pipe -Wl,-O1 -Wl,--as-needed -o .libs/scs2ascii scs2ascii.o ../lib5250/.libs/lib5250.so -lssl -lcrypto ../lib5250/.libs/lib5250.so: undefined reference to `SSLv2_client_method' $ cat emerge-info.txt ----------------------------------------------------------------- This is an unstable amd64 chroot image (named amd64-hardened-libressl-unstable_20160821-203105) at a hardened host acting as a tinderbox. ----------------------------------------------------------------- USE flags defined in ... ... make.conf: USE=" -openssl -gnutls libressl pax_kernel xtpax -cdinstall -oci8 -bindist alsa cairo -cddb consolekit contrib corefonts custom-optimization -dvd ffmpeg freetds glamor graphtft imap ithreads javaxml kerberos lapack libinput mad midi mikmod mod modplug mpeg2 mpg123 mpi multitarget networking ois php postproc -printsupport scripts smpeg spice sslv3 swscale system-cairo system-icu thinkpad udisks vala video -vpx xa xcb xetex xz" ... /etc/portage/package.use/*: mail-mta/ssmtp ssl mta net-misc/wget ssl app-editors/emacs -dbus -svg -ssl -gtk -gtk3 dev-libs/boehm-gc threads dev-util/cmake -qt4 -qt5 gnome-base/librsvg -tools media-libs/mesa -vaapi net-misc/iputils -caps -filecaps >=dev-libs/glib-2.48.1-r1 dbus unmasked packages in /etc/portage/package.unmask/*: media-video/ffmpeg ----------------------------------------------------------------- gcc-config -l: [1] x86_64-pc-linux-gnu-4.9.3 [2] x86_64-pc-linux-gnu-4.9.3-hardenednopie [3] x86_64-pc-linux-gnu-4.9.3-hardenednopiessp [4] x86_64-pc-linux-gnu-4.9.3-hardenednossp [5] x86_64-pc-linux-gnu-4.9.3-vanilla [6] x86_64-pc-linux-gnu-5.4.0 * [7] x86_64-pc-linux-gnu-5.4.0-hardenednopie [8] x86_64-pc-linux-gnu-5.4.0-hardenednopiessp [9] x86_64-pc-linux-gnu-5.4.0-hardenednossp [10] x86_64-pc-linux-gnu-5.4.0-vanilla Available Python interpreters, in order of preference: [1] python2.7 [2] python3.4 ----------------------------------------------------------------- Portage 2.3.0 (python 2.7.12-final-0, hardened/linux/amd64, gcc-5.4.0, glibc-2.23-r2, 4.7.2-hardened x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.7.2-hardened-x86_64-Intel-R-_Core-TM-_i7-3930K_CPU_@_3.20GHz-with-gentoo-2.2 KiB Mem: 65285360 total, 2834116 free KiB Swap: 67108860 total, 67108812 free Timestamp of repository gentoo: Tue, 23 Aug 2016 15:45:01 +0000 sh bash 4.3_p46 ld GNU ld (Gentoo 2.26.1 p1.0) 2.26.1 ccache version 3.2.7 [disabled] app-shells/bash: 4.3_p46::gentoo dev-lang/perl: 5.24.0-r1::gentoo dev-lang/python: 2.7.12::gentoo, 3.4.5::gentoo dev-util/ccache: 3.2.7::gentoo dev-util/cmake: 3.6.1::gentoo dev-util/pkgconfig: 0.29.1::gentoo sys-apps/baselayout: 2.2-r1::gentoo sys-apps/openrc: 0.21.3::gentoo sys-apps/sandbox: 2.10-r2::gentoo sys-devel/autoconf: 2.69-r2::gentoo sys-devel/automake: 1.10.3-r2::gentoo, 1.11.6-r2::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo sys-devel/binutils: 2.26.1::gentoo sys-devel/gcc: 4.9.3::gentoo, 5.4.0::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r2::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.7::gentoo (virtual/os-headers) sys-libs/glibc: 2.23-r2::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: 1 local location: /usr/local/portage masters: gentoo priority: 2 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/tmp/distfiles" EMERGE_DEFAULT_OPTS="--verbose --verbose-conflicts --color=n --nospinner --tree --quiet-build" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync network-sandbox parallel-fetch preserve-libs protect-owned sandbox sfperms strict test-fail-continue unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo rsync://mirror.netcologne.de/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gor.bytemark.co.uk/gentoo/ rsync://ftp.snt.utwente.nl/gentoo" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl alsa amd64 berkdb bzip2 cairo cli consolekit contrib corefonts cracklib crypt custom-optimization cxx dri ffmpeg freetds gdbm glamor graphtft hardened iconv imap ipv6 ithreads javaxml justify kerberos lapack libinput libressl mad midi mikmod mmx mmxext mod modplug modules mpeg2 mpg123 mpi multilib multitarget ncurses networking nls nptl ois openmp pam pax_kernel pcre php pie postproc readline scripts seccomp session smpeg spice sse sse2 ssl sslv3 ssp swscale system-cairo system-icu tcpd thinkpad udisks unicode urandom vala video xa xattr xcb xetex xtpax xz zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="libressl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Created attachment 443958 [details] emerge-history.txt
Created attachment 443960 [details] environment
Created attachment 443962 [details] net-misc:tn5250-0.17.4-r1:20160823-170548.log
This bug should probably block bug 591484, and while unrelated to gcc-5 is related to libressl. A patch is needed. See https://wiki.freebsd.org/LibreSSL/PatchingPorts#SSLv2.2FSSLv3_method_failures for inspiration.
I hope I've fixed this, by chopping off the SSLv2/SSLv3 support entirely. The OpenBSD folks have a bit smarter patch (see the mailing list) that checks for SSLv2/SSLv3 support in OpenSSL and acts accordingly. However, the ability to choose an "ssl_method" of "ssl2" or "ssl3" was never documented. And, of course, they're insecure. So I didn't worry too much about dropping them entirely. If OpenSSL is built with support and the server needs it, the default "auto" method should still figure things out. commit b986809e95f5466c28c66132dac475c5b04884ba Author: Michael Orlitzky <mjo@gentoo.org> Date: Tue Aug 23 20:29:01 2016 -0400 net-misc/tn5250: new revision sans SSLv2/SSLv3 support. This new revision adds two custom patches. The first drops SSLv2/SSLv3 support by disabling the user's ability to specify "ssl2" or "ssl3" as his "ssl_method". The fallback "auto" should still work and choose something secure. The second patch fixes the build with -Werror=format-security and consists of trivial format string additions. Gentoo-Bug: 591940 Package-Manager: portage-2.2.28