diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..aebe884 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/Socket-2.010.tar.gz diff --git a/.perl-Socket.metadata b/.perl-Socket.metadata new file mode 100644 index 0000000..7806d98 --- /dev/null +++ b/.perl-Socket.metadata @@ -0,0 +1 @@ +903dc276ac0a4ca224373e7430c9e5ae1a8f4d6c SOURCES/Socket-2.010.tar.gz diff --git a/SOURCES/Socket-2.010-inet_aton-Use-getaddrinfo-if-possible.patch b/SOURCES/Socket-2.010-inet_aton-Use-getaddrinfo-if-possible.patch new file mode 100644 index 0000000..6772c75 --- /dev/null +++ b/SOURCES/Socket-2.010-inet_aton-Use-getaddrinfo-if-possible.patch @@ -0,0 +1,65 @@ +From c2bc14ff30c349b52b5f84cef6b73061a0394143 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Thu, 11 Apr 2019 18:17:16 +0200 +Subject: [PATCH] inet_aton: Use getaddrinfo() if possible +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Socket::inet_aton() used gethostbyname() to process arguments that are +not an IP addres. However, gethostbyname() is not thread-safe and when +called from multiple threads a bogus value can be returned. + +This patch does add any new test because a basic inet_aton() usage is +already covered and because reproducing the thread failure would +require flodding DNS servers with thousounds of request. + + + + +Signed-off-by: Petr Písař +--- + Socket.xs | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/Socket.xs b/Socket.xs +index 753cd09..6f6ced8 100644 +--- a/Socket.xs ++++ b/Socket.xs +@@ -584,6 +584,19 @@ inet_aton(host) + char * host + CODE: + { ++#ifdef HAS_GETADDRINFO ++ struct addrinfo *res; ++ struct addrinfo hints = {0,}; ++ hints.ai_family = AF_INET; ++ if (!getaddrinfo(host, NULL, &hints, &res)) { ++ ST(0) = sv_2mortal(newSVpvn( ++ (char *)&(((struct sockaddr_in *)res->ai_addr)->sin_addr.s_addr), ++ 4 ++ )); ++ freeaddrinfo(res); ++ XSRETURN(1); ++ } ++#else + struct in_addr ip_address; + struct hostent * phe; + +@@ -592,11 +605,13 @@ inet_aton(host) + XSRETURN(1); + } + ++ /* gethostbyname is not thread-safe */ + phe = gethostbyname(host); + if (phe && phe->h_addrtype == AF_INET && phe->h_length == 4) { + ST(0) = sv_2mortal(newSVpvn((char *)phe->h_addr, phe->h_length)); + XSRETURN(1); + } ++#endif + + XSRETURN_UNDEF; + } +-- +2.20.1 + diff --git a/SOURCES/Socket-2.018-Fix-calling-getnameinfo-on-tainted-value.patch b/SOURCES/Socket-2.018-Fix-calling-getnameinfo-on-tainted-value.patch new file mode 100644 index 0000000..a5a4789 --- /dev/null +++ b/SOURCES/Socket-2.018-Fix-calling-getnameinfo-on-tainted-value.patch @@ -0,0 +1,69 @@ +From 66cdf0a24913a97cfd0909340f2c74b8b60bf56a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 20 Apr 2015 17:38:57 +0200 +Subject: [PATCH] Fix calling getnameinfo() on tainted value +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is upstream fix for calling getnameinfo() on tained value ported +to 2.010: + +2.018 2015/02/12 13:42:41 + [BUGFIXES] + * Fix for "addr is not a string" test to use SvPOKp() before 5.18 + +2.017 2015/02/10 12:05:14 + [BUGFIXES] + * Remember to SvGETMAGIC in getnameinfo() (RT79557) + +https://rt.cpan.org/Public/Bug/Display.html?id=79557 +https://bugzilla.redhat.com/show_bug.cgi?id=1200167 +http://www.gossamer-threads.com/lists/spamassassin/users/189005#189005 +Signed-off-by: Petr Písař + +diff --git a/Socket.xs b/Socket.xs +index 3cc90f6..753cd09 100644 +--- a/Socket.xs ++++ b/Socket.xs +@@ -520,6 +520,7 @@ static void xs_getnameinfo(pTHX_ CV *cv) + SP -= items; + + addr = ST(0); ++ SvGETMAGIC(addr); + + if(items < 2) + flags = 0; +@@ -534,7 +535,7 @@ static void xs_getnameinfo(pTHX_ CV *cv) + want_host = !(xflags & NIx_NOHOST); + want_serv = !(xflags & NIx_NOSERV); + +- if(!SvPOK(addr)) ++ if(!SvPOKp(addr)) + croak("addr is not a string"); + + addr_len = SvCUR(addr); +diff --git a/t/getnameinfo.t b/t/getnameinfo.t +index ca24e2c..23a7669 100644 +--- a/t/getnameinfo.t ++++ b/t/getnameinfo.t +@@ -1,6 +1,6 @@ + use strict; + use warnings; +-use Test::More tests => 14; ++use Test::More tests => 15; + + use Socket qw(:addrinfo AF_INET pack_sockaddr_in inet_aton); + +@@ -40,3 +40,8 @@ cmp_ok( $err, "==", 0, '$err == 0 for {family=AF_INET,port=80,sinaddr=127.0.0.1} + + is( $host, "127.0.0.1", '$host is 127.0.0.1 for NH' ); + is( $service, $expect_service, "\$service is $expect_service for NH" ); ++ ++# RT79557 ++pack_sockaddr_in( 80, inet_aton( "127.0.0.1" ) ) =~ m/^(.*)$/s; ++( $err, $host, $service ) = getnameinfo( $1, NI_NUMERICHOST|NI_NUMERICSERV ); ++cmp_ok( $err, "==", 0, '$err == 0 for $1' ) or diag( '$err was: ' . $err ); +-- +2.1.0 + diff --git a/SPECS/perl-Socket.spec b/SPECS/perl-Socket.spec new file mode 100644 index 0000000..d16189a --- /dev/null +++ b/SPECS/perl-Socket.spec @@ -0,0 +1,156 @@ +%global cpan_version 2.010 +Name: perl-Socket +Version: %(echo '%{cpan_version}' | tr '_' '.') +Release: 5%{?dist} +Summary: Networking constants and support functions +License: GPL+ or Artistic +Group: Development/Libraries +URL: http://search.cpan.org/dist/Socket/ +Source0: http://search.cpan.org/CPAN/authors/id/P/PE/PEVANS/Socket-%{cpan_version}.tar.gz +# Fix calling getnameinfo() on tainted value BZ#1200167 +# Backported fixes from 2.017 and 2.018 +Patch0: Socket-2.018-Fix-calling-getnameinfo-on-tainted-value.patch +# Make Socket::inet_aton() thread safe, CPAN RT#129189, bug #1693293 +Patch1: Socket-2.010-inet_aton-Use-getaddrinfo-if-possible.patch +BuildRequires: perl +BuildRequires: perl(Config) +BuildRequires: perl(ExtUtils::CBuilder) +BuildRequires: perl(ExtUtils::Constant) >= 0.23 +# ExtUtils::Constant::ProxySubs not used +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(strict) +BuildRequires: perl(warnings) +# Run-time: +BuildRequires: perl(Carp) +BuildRequires: perl(Exporter) +# Scalar::Util is needed only if getaddrinfo(3) does not exist. Not our case. +BuildRequires: perl(warnings::register) +BuildRequires: perl(XSLoader) +# Tests only: +BuildRequires: perl(Errno) +BuildRequires: perl(Test::More) +Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) + +%{?perl_default_filter} + +%description +This module provides a variety of constants, structure manipulators and other +functions related to socket-based networking. The values and functions +provided are useful when used in conjunction with Perl core functions such as +socket(), setsockopt() and bind(). It also provides several other support +functions, mostly for dealing with conversions of network addresses between +human-readable and native binary forms, and for hostname resolver operations. + +%prep +%setup -q -n Socket-%{cpan_version} +%patch0 -p1 +%patch1 -p1 + +%build +perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="$RPM_OPT_FLAGS" +make %{?_smp_mflags} + +%install +make pure_install DESTDIR=$RPM_BUILD_ROOT +find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} \; +find $RPM_BUILD_ROOT -type f -name '*.bs' -size 0 -exec rm -f {} \; +%{_fixperms} $RPM_BUILD_ROOT/* + +%check +make test + +%files +%doc Artistic Changes Copying LICENSE +%{perl_vendorarch}/auto/* +%{perl_vendorarch}/Socket* +%{_mandir}/man3/* + +%changelog +* Mon Apr 15 2019 Petr Pisar - 2.010-5 +- Make Socket::inet_aton() thread safe (bug #1693293) + +* Thu Mar 03 2016 Jitka Plesnikova - 2.010-4 +- Fix calling getnameinfo on tainted value (bug #1200167) + +* Fri Jan 24 2014 Daniel Mach - 2.010-3 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 2.010-2 +- Mass rebuild 2013-12-27 + +* Tue Jun 25 2013 Petr Pisar - 2.010-1 +- 2.010 bump + +* Fri May 24 2013 Petr Pisar - 2.009-3 +- Specify all dependencies + +* Thu Feb 14 2013 Fedora Release Engineering - 2.009-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Jan 21 2013 Petr Pisar - 2.009-1 +- 2.009 bump + +* Thu Jan 03 2013 Petr Pisar - 2.008-1 +- 2.008 bump + +* Mon Dec 17 2012 Petr Pisar - 2.007-1 +- 2.007 bump + +* Thu Nov 08 2012 Petr Pisar - 2.006-2 +- Update description + +* Mon Aug 20 2012 Petr Pisar - 2.006-1 +- 2.006 bump + +* Fri Aug 17 2012 Petr Pisar - 2.005-1 +- 2.005 bump + +* Thu Aug 16 2012 Petr Pisar - 2.004-1 +- 2.004 bump + +* Fri Jul 20 2012 Fedora Release Engineering - 2.002-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jun 13 2012 Petr Pisar - 2.002-2 +- Perl 5.16 rebuild + +* Mon Jun 11 2012 Petr Pisar - 2.002-1 +- 2.002 bump + +* Wed Jun 06 2012 Petr Pisar - 2.001-2 +- Perl 5.16 rebuild + +* Wed Mar 28 2012 Petr Pisar - 2.001-1 +- 2.001 bump (bug-fixing release) + +* Tue Mar 27 2012 Petr Pisar - 2.000-3 +- Fix invalid write while unpacking AF_UNIX sockaddr (bug #806543) + +* Mon Mar 19 2012 Petr Pisar - 2.000-2 +- Increase release number due to F17 build + +* Wed Mar 14 2012 Petr Pisar - 2.000-1 +- 2.000 bump +- Fix a buffer overflow (RT#75623) + +* Wed Feb 22 2012 Petr Pisar - 1.99-1 +- 1.99 bump + +* Thu Feb 16 2012 Petr Pisar - 1.98-1 +- 1.98 bump + +* Fri Jan 13 2012 Fedora Release Engineering - 1.97-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Dec 19 2011 Petr Pisar - 1.97-1 +- 1.97 bump +- License texts added + +* Mon Dec 12 2011 Petr Pisar - 1.96-1 +- 1.96 bump + +* Fri Dec 02 2011 Petr Pisar - 1.95-1 +- 1.95 bump + +* Wed Nov 23 2011 Petr Pisar 1.94.07-1 +- 1.94_07 packaged.