aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/control4
-rw-r--r--debian/patches/0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch74
-rw-r--r--debian/patches/series1
3 files changed, 77 insertions, 2 deletions
diff --git a/debian/control b/debian/control
index e428312..16e3a26 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Vcs-Browser: https://git.guilhem.org/lacme
Package: lacme
Architecture: all
-Depends: ${misc:Depends}, ${perl:Depends},
+Depends: ${misc:Depends}, perl,
openssl,
libconfig-tiny-perl,
libjson-perl,
@@ -49,7 +49,7 @@ Description: ACME client written with process isolation and minimal privileges i
Package: lacme-accountd
Architecture: all
-Depends: ${misc:Depends}, ${perl:Depends},
+Depends: ${misc:Depends}, perl,
libconfig-tiny-perl,
libjson-perl
Recommends: libcrypt-openssl-rsa-perl
diff --git a/debian/patches/0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch b/debian/patches/0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch
new file mode 100644
index 0000000..2d957f7
--- /dev/null
+++ b/debian/patches/0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch
@@ -0,0 +1,74 @@
+From db82a93fd4948b545271a3b81111fd3b8e766365 Mon Sep 17 00:00:00 2001
+From: Guilhem Moulin <guilhem@fripost.org>
+Date: Thu, 12 Jan 2017 16:05:49 +0100
+Subject: [PATCH] Make lacme run with 5.14.2 from Debian Wheezy.
+
+---
+ client | 4 ++--
+ lacme | 6 +++---
+ lacme-accountd | 2 +-
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/client b/client
+index 3bf0bad..d7e1e02 100755
+--- a/client
++++ b/client
+@@ -59,9 +59,9 @@ my $COMMAND = shift @ARGV // die;
+
+ # Untaint and fdopen(3) the configuration file and listening socket
+ (shift @ARGV // die) =~ /\A(\d+)\z/ or die;
+-open my $CONFFILE, '<&=', $1 or die "fdopen $1: $!";
++open my $CONFFILE, "<&=$1" or die "fdopen $1: $!";
+ (shift @ARGV // die) =~ /\A(\d+)\z/ or die;
+-open my $S, '+<&=', $1 or die "fdopen $1: $!";
++open my $S, "+<&=$1" or die "fdopen $1: $!";
+
+
+ #############################################################################
+diff --git a/lacme b/lacme
+index cb49818..8f28889 100755
+--- a/lacme
++++ b/lacme
+@@ -299,7 +299,7 @@ sub spawn_webserver() {
+ socket(my $srv, $fam, SOCK_STREAM, $proto) or die "socket: $!";
+ setsockopt($srv, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die "setsockopt: $!";
+ $addr = Socket::inet_pton($fam, $addr) // die "Invalid address $conf->{listen}\n";
+- my $sockaddr = $fam == PF_INET ? Socket::pack_sockaddr_in($port, $addr)
++ my $sockaddr = $fam == PF_INET ? Socket::pack_sockaddr_in($port, INADDR_ANY)
+ : $fam == PF_INET6 ? Socket::pack_sockaddr_in6($port, $addr)
+ : die;
+
+@@ -451,7 +451,7 @@ sub acme_client($@) {
+ # child doesn't have access to the parent's memory
+ my @fileno = map { fileno($_) =~ /^(\d+)$/ ? $1 : die } ($CONFFILE, $client); # untaint fileno
+ set_FD_CLOEXEC($client, 1);
+- my $rv = spawn({%$args{qw/in out/}, child => sub() {
++ my $rv = spawn({in => $args->{in}, out => $args->{out}, child => sub() {
+ drop_privileges($conf->{user}, $conf->{group}, $args->{chdir} // '/');
+ set_FD_CLOEXEC($_, 0) foreach ($CONFFILE, $client);
+ seek($CONFFILE, SEEK_SET, 0) or die "Can't seek: $!";
+@@ -620,7 +620,7 @@ elsif ($COMMAND eq 'new-cert') {
+ }
+
+ # generate the CSR
+- my $csr = gen_csr(%$conf{qw/certificate-key subject subjectAltName keyUsage hash/}) // do {
++ my $csr = gen_csr(map {$_ => $conf->{$_}} qw/certificate-key subject subjectAltName keyUsage hash/) // do {
+ print STDERR "[$s] Warning: Couldn't generate CSR, skipping\n";
+ $rv = 1;
+ next;
+diff --git a/lacme-accountd b/lacme-accountd
+index 00d6ccd..657f73b 100755
+--- a/lacme-accountd
++++ b/lacme-accountd
+@@ -140,7 +140,7 @@ $JWK = JSON::->new->encode($JWK);
+ if (defined $OPTS{'conn-fd'}) {
+ die "Invalid file descriptor" unless $OPTS{'conn-fd'} =~ /\A(\d+)\z/;
+ # untaint and fdopen(3) our end of the socket pair
+- open $S, '+<&=', $1 or die "fdopen $1: $!";
++ open $S, "+<&=$1" or die "fdopen $1: $!";
+ } else {
+ my $sockname = $OPTS{socket} // (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef);
+ die "Missing socket option\n" unless defined $sockname;
+--
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 98a1097..5fe0632 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
0001-Mention-the-Debian-BTS-in-the-manpages.patch
+0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch