From abd21ebbebdacf608a7fdd1255009b3a506c4734 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= <arekm@maven.pl>
Date: Thu, 27 Sep 2018 13:22:57 +0200
Subject: [PATCH 1/1] - partial update

---
 050-consider-OPENSSL_NO_SSL3.patch | 82 ++++++++++++++++++++++++++++++
 build.patch                        | 18 +++++++
 ckermit.spec                       |  6 ++-
 3 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 050-consider-OPENSSL_NO_SSL3.patch
 create mode 100644 build.patch

diff --git a/050-consider-OPENSSL_NO_SSL3.patch b/050-consider-OPENSSL_NO_SSL3.patch
new file mode 100644
index 0000000..1ffa8cf
--- /dev/null
+++ b/050-consider-OPENSSL_NO_SSL3.patch
@@ -0,0 +1,82 @@
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Tue, 19 Apr 2016 21:32:07 +0200
+Subject: [PATCH] consider OPENSSL_NO_SSL3
+
+and avoid using SSLv3 code when not provided by openssl.
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ ck_ssl.c | 8 ++++++++
+ ckcftp.c | 5 +++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/ck_ssl.c b/ck_ssl.c
+index 428fb7ca6f98..3640d8f07fa8 100644
+--- a/ck_ssl.c
++++ b/ck_ssl.c
+@@ -1579,7 +1579,9 @@ ssl_tn_init(mode) int mode;
+             /* This can fail because we do not have RSA available */
+             if ( !ssl_ctx ) {
+                 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
++#ifndef OPENSSL_NO_SSL3
+                 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
++#endif
+             }
+             if ( !ssl_ctx ) {
+                 debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
+@@ -1593,7 +1595,9 @@ ssl_tn_init(mode) int mode;
+             /* This can fail because we do not have RSA available */
+             if ( !tls_ctx ) {
+                 debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
++#ifndef OPENSSL_NO_SSL3
+                 tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
++#endif
+             }
+ #endif /* COMMENT */
+             if ( !tls_ctx ) {
+@@ -1611,7 +1615,9 @@ ssl_tn_init(mode) int mode;
+             /* This can fail because we do not have RSA available */
+             if ( !ssl_ctx ) {
+                 debug(F110,"ssl_tn_init","SSLv23_server_method failed",0);
++#ifndef OPENSSL_NO_SSL3
+                 ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_server_method());
++#endif
+             }
+             if ( !ssl_ctx ) {
+                 debug(F110,"ssl_tn_init","SSLv3_server_method failed",0);
+@@ -2161,7 +2167,9 @@ ssl_http_init(hostname) char * hostname;
+         /* This can fail because we do not have RSA available */
+         if ( !tls_http_ctx ) {
+             debug(F110,"ssl_http_init","SSLv23_client_method failed",0);
++#ifndef OPENSSL_NO_SSL3
+             tls_http_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
++#endif
+         }
+ #endif /* COMMENT */
+         if ( !tls_http_ctx ) {
+diff --git a/ckcftp.c b/ckcftp.c
+index 66c7940dedc2..d718323faac4 100644
+--- a/ckcftp.c
++++ b/ckcftp.c
+@@ -10195,6 +10195,7 @@ ssl_auth() {
+ #ifndef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0L
+ #endif
++#ifndef OPENSSL_NO_SSL3
+     if (auth_type && !strcmp(auth_type,"TLS")) {
+         ssl_ftp_ctx=SSL_CTX_new(SSLv3_client_method());
+         if (!ssl_ftp_ctx)
+@@ -10205,6 +10206,10 @@ ssl_auth() {
+     } else {
+         ssl_ftp_ctx = SSL_CTX_new(ftp_bug_use_ssl_v2 ? SSLv23_client_method() : 
+                                   SSLv3_client_method());
++#else
++    {
++        ssl_ftp_ctx = SSL_CTX_new(SSLv23_client_method());
++#endif
+         if (!ssl_ftp_ctx)
+           return(0);
+         SSL_CTX_set_options(ssl_ftp_ctx,
+-- 
+2.8.0.rc3
+
diff --git a/build.patch b/build.patch
new file mode 100644
index 0000000..fa08042
--- /dev/null
+++ b/build.patch
@@ -0,0 +1,18 @@
+--- ckermit-8.0.211/ckucmd.c~	2004-01-07 19:04:04.000000000 +0100
++++ ckermit-8.0.211/ckucmd.c	2018-09-15 22:40:21.511061428 +0200
+@@ -7115,7 +7115,6 @@ cmdconchk() {
+ #ifdef NOARROWKEYS
+     debug(F101,"cmdconchk NOARROWKEYS x","",0);
+ #else
+-    debug(F101,"cmdconchk stdin->_cnt","",stdin->_cnt);
+     x = stdin->_cnt;
+ #endif /* NOARROWKEYS */
+ #endif /* VMS */
+@@ -7123,7 +7122,6 @@ cmdconchk() {
+     if (x < 0) x = 0;
+ #else  /* USE_FILE_CNT */
+ #ifdef USE_FILE__CNT			/* HP-UX */
+-    debug(F101,"cmdconchk stdin->__cnt","",stdin->__cnt);
+     x = stdin->__cnt;
+     if (x == 0) x = conchk();
+     if (x < 0) x = 0;
diff --git a/ckermit.spec b/ckermit.spec
index 26d0a54..3f94b52 100644
--- a/ckermit.spec
+++ b/ckermit.spec
@@ -18,6 +18,8 @@ Source4:	cku-%{name}.phone
 Patch0:		cku-makefile.patch
 Patch1:		%{name}-gcc4.patch
 Patch2:		%{name}-openssl-clash.patch
+Patch3:		build.patch
+Patch4:		050-consider-OPENSSL_NO_SSL3.patch
 URL:		http://www.columbia.edu/kermit/
 %{?with_kerberos5:BuildRequires:	heimdal-devel}
 BuildRequires:	ncurses-devel
@@ -46,6 +48,8 @@ komunikacyjnych.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %build
 %if %{with kerberos5}
@@ -55,7 +59,7 @@ komunikacyjnych.
 %endif
 	CC="%{__cc}" \
 	CC2="%{__cc}" \
-	OPT="%{rpmcflags}" \
+	OPT="%{rpmcflags} -DNOARROWKEYS=1" \
 	LNKFLAGS="%{rpmldflags}"
 
 %install
-- 
2.44.0