[libnet-server-perl] 01/05: Add two patches from GitHub pull request to fix issue with POSIX::tmpnam removal.

gregor herrmann gregoa at debian.org
Thu Jun 22 16:34:13 UTC 2017 

This is an automated email from the git hooks/post-receive script.

gregoa pushed a commit to branch master
in repository libnet-server-perl.

commit efae9a91ec85a089e50c187a7b21eb983ec266d8
Author: gregor herrmann <gregoa at debian.org>
Date:   Thu Jun 22 18:27:57 2017 +0200

    Add two patches from GitHub pull request to fix issue with POSIX::tmpnam removal.
    
    Thanks: Dagfinn Ilmari Mannsåker (https://github.com/rhandom/perl-net-server/pull/10)
    Closes: #826437
---
 ...Temp::tempdir_in_UNIX_socket_test_example.patch | 83 ++++++++++++++++++++++
 ...le_instead_of_POSIX::tmpnam_for_lock_file.patch | 60 ++++++++++++++++
 debian/patches/series                              |  2 +
 3 files changed, 145 insertions(+)

diff --git a/debian/patches/Use_File::Temp::tempdir_in_UNIX_socket_test_example.patch b/debian/patches/Use_File::Temp::tempdir_in_UNIX_socket_test_example.patch
new file mode 100644
index 0000000..ea9fcdd
--- /dev/null
+++ b/debian/patches/Use_File::Temp::tempdir_in_UNIX_socket_test_example.patch
@@ -0,0 +1,83 @@
+From f21a67a2169cdee15bb46c7e08f4581bcf090d36 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dagfinn=20Ilmari=20Manns=C3=A5ker?= <ilmari at ilmari.org>
+Date: Mon, 22 May 2017 18:04:28 +0100
+Subject: [PATCH] Use File::Temp::tempdir in UNIX socket test/example
+
+POSIX::tmpnam is insecure, and has been removed in Perl 5.26.
+Instead, use File::Temp::tempdir() to create a secure tmporary
+directory that the server can create its UNIX sockets in.
+---
+ examples/connection_test.pl | 14 ++++++++------
+ t/UNIX_test.t               |  6 ++++--
+ 2 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/examples/connection_test.pl b/examples/connection_test.pl
+index 1ec49a1..ee4a534 100644
+--- a/examples/connection_test.pl
++++ b/examples/connection_test.pl
+@@ -20,11 +20,11 @@ =head1 CLIENT SYNOPSIS
+ 
+     # or
+ 
+-    perl connection_test.pl UNIX
++    perl connection_test.pl UNIX <UNIX socket directory>
+ 
+     # or
+ 
+-    perl connection_test.pl UNIX_DGRAM
++    perl connection_test.pl UNIX_DGRAM <UNIX socket directory>
+ 
+ =cut
+ 
+@@ -34,7 +34,8 @@ package MyPack;
+ use warnings;
+ use base qw(Net::Server);
+ use IO::Socket ();
+-use POSIX qw(tmpnam);
++use File::Temp qw(tempdir);
++use File::Spec::Functions qw(catdir);
+ use Socket qw(SOCK_DGRAM SOCK_STREAM);
+ 
+ sub post_bind_hook {
+@@ -44,13 +45,14 @@ sub post_bind_hook {
+   }
+ }
+ 
+-my $socket_file  = tmpnam();
+-$socket_file =~ s|/[^/]+$|/mysocket.file|;
+-my $socket_file2 = $socket_file ."2";
++my $socket_dir  = $ARGV[1] || tempdir(CLEANUP => 1);
++my $socket_file = catdir($socket_dir, 'mysocket.file');
++my $socket_file2 = catdir($socket_dir, 'mysocket.file2');
+ my $udp_port    = 20204;
+ my $tcp_port    = 20204;
+ 
+ print "\$Net::Server::VERSION = $Net::Server::VERSION\n";
++print "UNIX socket directory = $socket_dir\n";
+ 
+ if( @ARGV ){
+   if( uc($ARGV[0]) eq 'UDP' ){
+diff --git a/t/UNIX_test.t b/t/UNIX_test.t
+index b41f2fa..66a5f17 100644
+--- a/t/UNIX_test.t
++++ b/t/UNIX_test.t
+@@ -2,7 +2,8 @@
+ 
+ package Net::Server::Test;
+ use strict;
+-use POSIX qw(tmpnam);
++use File::Temp qw(tempdir);
++use File::Spec::Functions qw(catfile);
+ use English qw($UID $GID);
+ use FindBin qw($Bin);
+ use lib $Bin;
+@@ -22,7 +23,8 @@ sub accept {
+     return shift->SUPER::accept(@_);
+ }
+ 
+-my $socket_file = tmpnam; # must do before fork
++my $socket_dir = tempdir(CLEANUP => 1);
++my $socket_file = catfile($socket_dir, 'socket'); # must do before fork
+ my $ok = eval {
+     local $SIG{'ALRM'} = sub { die "Timeout\n" };
+     alarm $env->{'timeout'};
diff --git a/debian/patches/Use_File::Temp::tempfile_instead_of_POSIX::tmpnam_for_lock_file.patch b/debian/patches/Use_File::Temp::tempfile_instead_of_POSIX::tmpnam_for_lock_file.patch
new file mode 100644
index 0000000..f83d649
--- /dev/null
+++ b/debian/patches/Use_File::Temp::tempfile_instead_of_POSIX::tmpnam_for_lock_file.patch
@@ -0,0 +1,60 @@
+From 0fcb590fb8692e70c8bb2e4769662eb936f33421 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dagfinn=20Ilmari=20Manns=C3=A5ker?= <ilmari at ilmari.org>
+Date: Mon, 22 May 2017 18:05:58 +0100
+Subject: [PATCH] Use File::Temp::tempfile instead of POSIX::tmpnam for lock
+ file
+
+POSIX::tmpnam is insecure, and has been removed in Perl 5.26.
+Instead, use File::Temp::tempfile to create the lock file.
+---
+ Makefile.PL                     | 1 +
+ lib/Net/Server/PreFork.pm       | 2 +-
+ lib/Net/Server/PreForkSimple.pm | 8 ++++++--
+ 3 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/lib/Net/Server/PreFork.pm b/lib/Net/Server/PreFork.pm
+index d986f1a..40b2dfa 100644
+--- a/lib/Net/Server/PreFork.pm
++++ b/lib/Net/Server/PreFork.pm
+@@ -512,7 +512,7 @@ You really should also see L<Net::Server::PreForkSimple>.
+     serialize           (flock|semaphore
+                          |pipe|none)            undef
+     # serialize defaults to flock on multi_port or on Solaris
+-    lock_file           "filename"              File::Temp::tempfile or POSIX::tmpnam
++    lock_file           "filename"              File::Temp->new
+ 
+     check_for_dead      \d+                     30
+     check_for_waiting   \d+                     10
+diff --git a/lib/Net/Server/PreForkSimple.pm b/lib/Net/Server/PreForkSimple.pm
+index fcccb74..03805c7 100644
+--- a/lib/Net/Server/PreForkSimple.pm
++++ b/lib/Net/Server/PreForkSimple.pm
+@@ -23,6 +23,7 @@ package Net::Server::PreForkSimple;
+ 
+ use strict;
+ use base qw(Net::Server);
++use File::Temp qw(tempfile);
+ use Net::Server::SIG qw(register_sig check_sigs);
+ use POSIX qw(WNOHANG EINTR);
+ use Fcntl ();
+@@ -81,7 +82,10 @@ sub post_bind {
+         if (defined $prop->{'lock_file'}) {
+             $prop->{'lock_file_unlink'} = undef;
+         } else {
+-            $prop->{'lock_file'} = eval { require File::Temp } ? File::Temp::tmpnam() : POSIX::tmpnam();
++            (my $fh, $prop->{'lock_file'}) = tempfile();
++            # We don't need to keep the file handle open in the parent;
++            # each child opens it separately to avoid sharing the lock
++            close $fh or die "Cannot close lock file $prop->{'lock_file'}: $!";
+             $prop->{'lock_file_unlink'} = 1;
+         }
+ 
+@@ -407,7 +411,7 @@ parameters.
+     serialize         (flock|semaphore
+                        |pipe|none)  undef
+     # serialize defaults to flock on multi_port or on Solaris
+-    lock_file         "filename"              File::Temp::tempfile or POSIX::tmpnam
++    lock_file         "filename"              File::Temp->new
+ 
+     check_for_dead    \d+                     30
+ 
diff --git a/debian/patches/series b/debian/patches/series
index b87539d..01ad569 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,5 @@ spelling-error.patch
 correct-SIG-confusion.patch
 fix-manpage-has-errors-from-pod2man.patch
 debug-output.patch
+Use_File::Temp::tempdir_in_UNIX_socket_test_example.patch
+Use_File::Temp::tempfile_instead_of_POSIX::tmpnam_for_lock_file.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libnet-server-perl.git

More information about the Pkg-perl-cvs-commits mailing list