From 85d510cecb1122987f07c3b2141b2ff8f3eb5c33 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 31 2020 09:32:35 +0000
Subject: import perl-Socket-2.010-5.el7


---

diff --git a/SOURCES/Socket-2.010-inet_aton-Use-getaddrinfo-if-possible.patch b/SOURCES/Socket-2.010-inet_aton-Use-getaddrinfo-if-possible.patch
new file mode 100644
index 0000000..6772c75
--- /dev/null
+++ b/SOURCES/Socket-2.010-inet_aton-Use-getaddrinfo-if-possible.patch
@@ -0,0 +1,65 @@
+From c2bc14ff30c349b52b5f84cef6b73061a0394143 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Thu, 11 Apr 2019 18:17:16 +0200
+Subject: [PATCH] inet_aton: Use getaddrinfo() if possible
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Socket::inet_aton() used gethostbyname() to process arguments that are
+not an IP addres. However, gethostbyname() is not thread-safe and when
+called from multiple threads a bogus value can be returned.
+
+This patch does add any new test because a basic inet_aton() usage is
+already covered and because reproducing the thread failure would
+require flodding DNS servers with thousounds of request.
+
+<https://rt.perl.org/Public/Bug/Display.html?id=97860>
+<https://bugzilla.redhat.com/show_bug.cgi?id=1693293>
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ Socket.xs | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/Socket.xs b/Socket.xs
+index 753cd09..6f6ced8 100644
+--- a/Socket.xs
++++ b/Socket.xs
+@@ -584,6 +584,19 @@ inet_aton(host)
+ 	char *	host
+ 	CODE:
+ 	{
++#ifdef HAS_GETADDRINFO
++	struct addrinfo *res;
++	struct addrinfo hints = {0,};
++	hints.ai_family = AF_INET;
++	if (!getaddrinfo(host, NULL, &hints, &res)) {
++	    ST(0) = sv_2mortal(newSVpvn(
++		(char *)&(((struct sockaddr_in *)res->ai_addr)->sin_addr.s_addr),
++		4
++	));
++	freeaddrinfo(res);
++	XSRETURN(1);
++    }
++#else
+ 	struct in_addr ip_address;
+ 	struct hostent * phe;
+ 
+@@ -592,11 +605,13 @@ inet_aton(host)
+ 		XSRETURN(1);
+ 	}
+ 
++	/* gethostbyname is not thread-safe */
+ 	phe = gethostbyname(host);
+ 	if (phe && phe->h_addrtype == AF_INET && phe->h_length == 4) {
+ 		ST(0) = sv_2mortal(newSVpvn((char *)phe->h_addr, phe->h_length));
+ 		XSRETURN(1);
+ 	}
++#endif
+ 
+ 	XSRETURN_UNDEF;
+ 	}
+-- 
+2.20.1
+
diff --git a/SPECS/perl-Socket.spec b/SPECS/perl-Socket.spec
index 10eb0a8..d16189a 100644
--- a/SPECS/perl-Socket.spec
+++ b/SPECS/perl-Socket.spec
@@ -1,7 +1,7 @@
 %global cpan_version 2.010
 Name:           perl-Socket
 Version:        %(echo '%{cpan_version}' | tr '_' '.')
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Networking constants and support functions
 License:        GPL+ or Artistic
 Group:          Development/Libraries
@@ -10,6 +10,8 @@ Source0:        http://search.cpan.org/CPAN/authors/id/P/PE/PEVANS/Socket-%{cpan
 # Fix calling getnameinfo() on tainted value BZ#1200167
 # Backported fixes from 2.017 and 2.018
 Patch0:         Socket-2.018-Fix-calling-getnameinfo-on-tainted-value.patch
+# Make Socket::inet_aton() thread safe, CPAN RT#129189, bug #1693293
+Patch1:         Socket-2.010-inet_aton-Use-getaddrinfo-if-possible.patch
 BuildRequires:  perl
 BuildRequires:  perl(Config)
 BuildRequires:  perl(ExtUtils::CBuilder)
@@ -42,6 +44,7 @@ human-readable and native binary forms, and for hostname resolver operations.
 %prep
 %setup -q -n Socket-%{cpan_version}
 %patch0 -p1
+%patch1 -p1
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="$RPM_OPT_FLAGS"
@@ -63,6 +66,9 @@ make test
 %{_mandir}/man3/*
 
 %changelog
+* Mon Apr 15 2019 Petr Pisar <ppisar@redhat.com> - 2.010-5
+- Make Socket::inet_aton() thread safe (bug #1693293)
+
 * Thu Mar 03 2016 Jitka Plesnikova <jplesnik@redhat.com> - 2.010-4
 - Fix calling getnameinfo on tainted value (bug #1200167)