From dab600c7380cb2cb710c42ea8058086a3ecdeaf2 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 12 Jan 2017 16:06:44 +0100
Subject: Make lacme run with 5.14.2 from Debian Wheezy.

---
 debian/control                                     |  4 +-
 ...-lacme-run-with-5.14.2-from-Debian-Wheezy.patch | 74 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 77 insertions(+), 2 deletions(-)
 create mode 100644 debian/patches/0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch

diff --git a/debian/control b/debian/control
index e428312..16e3a26 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Vcs-Browser: https://git.guilhem.org/lacme
 
 Package: lacme
 Architecture: all
-Depends: ${misc:Depends}, ${perl:Depends},
+Depends: ${misc:Depends}, perl,
  openssl,
  libconfig-tiny-perl,
  libjson-perl,
@@ -49,7 +49,7 @@ Description: ACME client written with process isolation and minimal privileges i
 
 Package: lacme-accountd
 Architecture: all
-Depends: ${misc:Depends}, ${perl:Depends},
+Depends: ${misc:Depends}, perl,
  libconfig-tiny-perl,
  libjson-perl
 Recommends: libcrypt-openssl-rsa-perl
diff --git a/debian/patches/0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch b/debian/patches/0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch
new file mode 100644
index 0000000..2d957f7
--- /dev/null
+++ b/debian/patches/0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch
@@ -0,0 +1,74 @@
+From db82a93fd4948b545271a3b81111fd3b8e766365 Mon Sep 17 00:00:00 2001
+From: Guilhem Moulin <guilhem@fripost.org>
+Date: Thu, 12 Jan 2017 16:05:49 +0100
+Subject: [PATCH] Make lacme run with 5.14.2 from Debian Wheezy.
+
+---
+ client         | 4 ++--
+ lacme          | 6 +++---
+ lacme-accountd | 2 +-
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/client b/client
+index 3bf0bad..d7e1e02 100755
+--- a/client
++++ b/client
+@@ -59,9 +59,9 @@ my $COMMAND = shift @ARGV // die;
+ 
+ # Untaint and fdopen(3) the configuration file and listening socket
+ (shift @ARGV // die) =~ /\A(\d+)\z/ or die;
+-open my $CONFFILE, '<&=', $1 or die "fdopen $1: $!";
++open my $CONFFILE, "<&=$1" or die "fdopen $1: $!";
+ (shift @ARGV // die) =~ /\A(\d+)\z/ or die;
+-open my $S, '+<&=', $1 or die "fdopen $1: $!";
++open my $S, "+<&=$1" or die "fdopen $1: $!";
+ 
+ 
+ #############################################################################
+diff --git a/lacme b/lacme
+index cb49818..8f28889 100755
+--- a/lacme
++++ b/lacme
+@@ -299,7 +299,7 @@ sub spawn_webserver() {
+     socket(my $srv, $fam, SOCK_STREAM, $proto) or die "socket: $!";
+     setsockopt($srv, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die "setsockopt: $!";
+     $addr = Socket::inet_pton($fam, $addr) // die "Invalid address $conf->{listen}\n";
+-    my $sockaddr = $fam == PF_INET  ? Socket::pack_sockaddr_in($port,  $addr)
++    my $sockaddr = $fam == PF_INET  ? Socket::pack_sockaddr_in($port, INADDR_ANY)
+                  : $fam == PF_INET6 ? Socket::pack_sockaddr_in6($port, $addr)
+                  : die;
+ 
+@@ -451,7 +451,7 @@ sub acme_client($@) {
+     # child doesn't have access to the parent's memory
+     my @fileno = map { fileno($_) =~ /^(\d+)$/ ? $1 : die } ($CONFFILE, $client); # untaint fileno
+     set_FD_CLOEXEC($client, 1);
+-    my $rv = spawn({%$args{qw/in out/}, child => sub() {
++    my $rv = spawn({in => $args->{in}, out => $args->{out}, child => sub() {
+         drop_privileges($conf->{user}, $conf->{group}, $args->{chdir} // '/');
+         set_FD_CLOEXEC($_, 0) foreach ($CONFFILE, $client);
+         seek($CONFFILE, SEEK_SET, 0) or die "Can't seek: $!";
+@@ -620,7 +620,7 @@ elsif ($COMMAND eq 'new-cert') {
+         }
+ 
+         # generate the CSR
+-        my $csr = gen_csr(%$conf{qw/certificate-key subject subjectAltName keyUsage hash/}) // do {
++        my $csr = gen_csr(map {$_ => $conf->{$_}} qw/certificate-key subject subjectAltName keyUsage hash/) // do {
+             print STDERR "[$s] Warning: Couldn't generate CSR, skipping\n";
+             $rv = 1;
+             next;
+diff --git a/lacme-accountd b/lacme-accountd
+index 00d6ccd..657f73b 100755
+--- a/lacme-accountd
++++ b/lacme-accountd
+@@ -140,7 +140,7 @@ $JWK = JSON::->new->encode($JWK);
+ if (defined $OPTS{'conn-fd'}) {
+     die "Invalid file descriptor" unless $OPTS{'conn-fd'} =~ /\A(\d+)\z/;
+     # untaint and fdopen(3) our end of the socket pair
+-    open $S, '+<&=', $1 or die "fdopen $1: $!";
++    open $S, "+<&=$1" or die "fdopen $1: $!";
+ } else {
+     my $sockname = $OPTS{socket} // (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef);
+     die "Missing socket option\n" unless defined $sockname;
+-- 
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 98a1097..5fe0632 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 0001-Mention-the-Debian-BTS-in-the-manpages.patch
+0001-Make-lacme-run-with-5.14.2-from-Debian-Wheezy.patch
-- 
cgit v1.2.3