591940 – net-misc/tn5250-0.17.4-r1 : ../.../lib5250.so: undefined reference to `SSLv2_client_method'

Bug 591940 - net-misc/tn5250-0.17.4-r1 : ../.../lib5250.so: undefined reference to `SSLv2_client_method'

Summary: net-misc/tn5250-0.17.4-r1 : ../.../lib5250.so: undefined reference to `SSLv2_...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	libressl-support
	Show dependency tree

Reported:	2016-08-23 17:19 UTC by Toralf Förster
Modified:	2017-02-12 10:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
emerge-history.txt (emerge-history.txt,130.30 KB, text/plain) 2016-08-23 17:19 UTC, Toralf Förster	Details
environment (environment,77.37 KB, text/plain) 2016-08-23 17:19 UTC, Toralf Förster	Details
net-misc:tn5250-0.17.4-r1:20160823-170548.log (net-misc:tn5250-0.17.4-r1:20160823-170548.log,24.84 KB, text/plain) 2016-08-23 17:19 UTC, Toralf Förster	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Toralf Förster gentoo-dev

2016-08-23 17:19:47 UTC

mkdir .libs
x86_64-pc-linux-gnu-gcc -march=native -O2 -pipe -Wl,-O1 -Wl,--as-needed -o .libs/scs2ascii scs2ascii.o  ../lib5250/.libs/lib5250.so -lssl -lcrypto 
../lib5250/.libs/lib5250.so: undefined reference to `SSLv2_client_method'


$ cat emerge-info.txt
  -----------------------------------------------------------------

  This is an unstable amd64 chroot image (named amd64-hardened-libressl-unstable_20160821-203105) at a hardened host acting as a tinderbox.

  -----------------------------------------------------------------
  USE flags defined in ...

  ... make.conf:
USE="  -openssl -gnutls libressl pax_kernel xtpax -cdinstall -oci8 -bindist alsa cairo -cddb consolekit contrib corefonts custom-optimization -dvd ffmpeg freetds glamor graphtft imap ithreads javaxml kerberos lapack libinput mad midi mikmod mod modplug mpeg2 mpg123 mpi multitarget networking ois php postproc -printsupport scripts smpeg spice sslv3 swscale system-cairo system-icu thinkpad udisks vala video -vpx xa xcb xetex xz"

  ... /etc/portage/package.use/*:
  mail-mta/ssmtp    ssl mta
  net-misc/wget     ssl
  app-editors/emacs   -dbus -svg -ssl -gtk -gtk3
  dev-libs/boehm-gc   threads
  dev-util/cmake      -qt4 -qt5
  gnome-base/librsvg  -tools
  media-libs/mesa     -vaapi
  net-misc/iputils -caps -filecaps
  >=dev-libs/glib-2.48.1-r1 dbus

  unmasked packages in /etc/portage/package.unmask/*:
  media-video/ffmpeg
  -----------------------------------------------------------------

gcc-config -l:
 [1] x86_64-pc-linux-gnu-4.9.3
 [2] x86_64-pc-linux-gnu-4.9.3-hardenednopie
 [3] x86_64-pc-linux-gnu-4.9.3-hardenednopiessp
 [4] x86_64-pc-linux-gnu-4.9.3-hardenednossp
 [5] x86_64-pc-linux-gnu-4.9.3-vanilla
 [6] x86_64-pc-linux-gnu-5.4.0 *
 [7] x86_64-pc-linux-gnu-5.4.0-hardenednopie
 [8] x86_64-pc-linux-gnu-5.4.0-hardenednopiessp
 [9] x86_64-pc-linux-gnu-5.4.0-hardenednossp
 [10] x86_64-pc-linux-gnu-5.4.0-vanilla

Available Python interpreters, in order of preference:
  [1]   python2.7
  [2]   python3.4

  -----------------------------------------------------------------

Portage 2.3.0 (python 2.7.12-final-0, hardened/linux/amd64, gcc-5.4.0, glibc-2.23-r2, 4.7.2-hardened x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.7.2-hardened-x86_64-Intel-R-_Core-TM-_i7-3930K_CPU_@_3.20GHz-with-gentoo-2.2
KiB Mem:    65285360 total,   2834116 free
KiB Swap:   67108860 total,  67108812 free
Timestamp of repository gentoo: Tue, 23 Aug 2016 15:45:01 +0000
sh bash 4.3_p46
ld GNU ld (Gentoo 2.26.1 p1.0) 2.26.1
ccache version 3.2.7 [disabled]
app-shells/bash:          4.3_p46::gentoo
dev-lang/perl:            5.24.0-r1::gentoo
dev-lang/python:          2.7.12::gentoo, 3.4.5::gentoo
dev-util/ccache:          3.2.7::gentoo
dev-util/cmake:           3.6.1::gentoo
dev-util/pkgconfig:       0.29.1::gentoo
sys-apps/baselayout:      2.2-r1::gentoo
sys-apps/openrc:          0.21.3::gentoo
sys-apps/sandbox:         2.10-r2::gentoo
sys-devel/autoconf:       2.69-r2::gentoo
sys-devel/automake:       1.10.3-r2::gentoo, 1.11.6-r2::gentoo, 1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils:       2.26.1::gentoo
sys-devel/gcc:            4.9.3::gentoo, 5.4.0::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r2::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.7::gentoo (virtual/os-headers)
sys-libs/glibc:           2.23-r2::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: 1

local
    location: /usr/local/portage
    masters: gentoo
    priority: 2

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/var/tmp/distfiles"
EMERGE_DEFAULT_OPTS="--verbose --verbose-conflicts --color=n --nospinner --tree --quiet-build"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync network-sandbox parallel-fetch preserve-libs protect-owned sandbox sfperms strict test-fail-continue unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo rsync://mirror.netcologne.de/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gor.bytemark.co.uk/gentoo/ rsync://ftp.snt.utwente.nl/gentoo"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="acl alsa amd64 berkdb bzip2 cairo cli consolekit contrib corefonts cracklib crypt custom-optimization cxx dri ffmpeg freetds gdbm glamor graphtft hardened iconv imap ipv6 ithreads javaxml justify kerberos lapack libinput libressl mad midi mikmod mmx mmxext mod modplug modules mpeg2 mpg123 mpi multilib multitarget ncurses networking nls nptl ois openmp pam pax_kernel pcre php pie postproc readline scripts seccomp session smpeg spice sse sse2 ssl sslv3 ssp swscale system-cairo system-icu tcpd thinkpad udisks unicode urandom vala video xa xattr xcb xetex xtpax xz zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="libressl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

Comment 1 Toralf Förster gentoo-dev

2016-08-23 17:19:54 UTC

Created attachment 443958 [details]
emerge-history.txt

Comment 2 Toralf Förster gentoo-dev

2016-08-23 17:19:56 UTC

Created attachment 443960 [details]
environment

Comment 3 Toralf Förster gentoo-dev

2016-08-23 17:19:59 UTC

Created attachment 443962 [details]
net-misc:tn5250-0.17.4-r1:20160823-170548.log

Comment 4 Felix Janda 2016-08-23 22:03:32 UTC

This bug should probably block bug 591484, and while unrelated to gcc-5 is related to libressl.

A patch is needed. See https://wiki.freebsd.org/LibreSSL/PatchingPorts#SSLv2.2FSSLv3_method_failures for inspiration.

Comment 5 Michael Orlitzky gentoo-dev

2016-08-24 00:44:54 UTC

I hope I've fixed this, by chopping off the SSLv2/SSLv3 support entirely. The OpenBSD folks have a bit smarter patch (see the mailing list) that checks for SSLv2/SSLv3 support in OpenSSL and acts accordingly. However, the ability to choose an "ssl_method" of "ssl2" or "ssl3" was never documented. And, of course, they're insecure. So I didn't worry too much about dropping them entirely. If OpenSSL is built with support and the server needs it, the default "auto" method should still figure things out.

commit b986809e95f5466c28c66132dac475c5b04884ba
Author: Michael Orlitzky <mjo@gentoo.org>
Date:   Tue Aug 23 20:29:01 2016 -0400

    net-misc/tn5250: new revision sans SSLv2/SSLv3 support.

    This new revision adds two custom patches. The first drops SSLv2/SSLv3
    support by disabling the user's ability to specify "ssl2" or "ssl3" as
    his "ssl_method". The fallback "auto" should still work and choose
    something secure.

    The second patch fixes the build with -Werror=format-security and
    consists of trivial format string additions.

    Gentoo-Bug: 591940

    Package-Manager: portage-2.2.28