1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
From db82a93fd4948b545271a3b81111fd3b8e766365 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 12 Jan 2017 16:05:49 +0100
Subject: [PATCH] Make lacme run with 5.14.2 from Debian Wheezy.
---
client | 4 ++--
lacme | 6 +++---
lacme-accountd | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/client b/client
index 3bf0bad..d7e1e02 100755
--- a/client
+++ b/client
@@ -59,9 +59,9 @@ my $COMMAND = shift @ARGV // die;
# Untaint and fdopen(3) the configuration file and listening socket
(shift @ARGV // die) =~ /\A(\d+)\z/ or die;
-open my $CONFFILE, '<&=', $1 or die "fdopen $1: $!";
+open my $CONFFILE, "<&=$1" or die "fdopen $1: $!";
(shift @ARGV // die) =~ /\A(\d+)\z/ or die;
-open my $S, '+<&=', $1 or die "fdopen $1: $!";
+open my $S, "+<&=$1" or die "fdopen $1: $!";
#############################################################################
diff --git a/lacme b/lacme
index cb49818..8f28889 100755
--- a/lacme
+++ b/lacme
@@ -299,7 +299,7 @@ sub spawn_webserver() {
socket(my $srv, $fam, SOCK_STREAM, $proto) or die "socket: $!";
setsockopt($srv, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die "setsockopt: $!";
$addr = Socket::inet_pton($fam, $addr) // die "Invalid address $conf->{listen}\n";
- my $sockaddr = $fam == PF_INET ? Socket::pack_sockaddr_in($port, $addr)
+ my $sockaddr = $fam == PF_INET ? Socket::pack_sockaddr_in($port, INADDR_ANY)
: $fam == PF_INET6 ? Socket::pack_sockaddr_in6($port, $addr)
: die;
@@ -451,7 +451,7 @@ sub acme_client($@) {
# child doesn't have access to the parent's memory
my @fileno = map { fileno($_) =~ /^(\d+)$/ ? $1 : die } ($CONFFILE, $client); # untaint fileno
set_FD_CLOEXEC($client, 1);
- my $rv = spawn({%$args{qw/in out/}, child => sub() {
+ my $rv = spawn({in => $args->{in}, out => $args->{out}, child => sub() {
drop_privileges($conf->{user}, $conf->{group}, $args->{chdir} // '/');
set_FD_CLOEXEC($_, 0) foreach ($CONFFILE, $client);
seek($CONFFILE, SEEK_SET, 0) or die "Can't seek: $!";
@@ -620,7 +620,7 @@ elsif ($COMMAND eq 'new-cert') {
}
# generate the CSR
- my $csr = gen_csr(%$conf{qw/certificate-key subject subjectAltName keyUsage hash/}) // do {
+ my $csr = gen_csr(map {$_ => $conf->{$_}} qw/certificate-key subject subjectAltName keyUsage hash/) // do {
print STDERR "[$s] Warning: Couldn't generate CSR, skipping\n";
$rv = 1;
next;
diff --git a/lacme-accountd b/lacme-accountd
index 00d6ccd..657f73b 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -140,7 +140,7 @@ $JWK = JSON::->new->encode($JWK);
if (defined $OPTS{'conn-fd'}) {
die "Invalid file descriptor" unless $OPTS{'conn-fd'} =~ /\A(\d+)\z/;
# untaint and fdopen(3) our end of the socket pair
- open $S, '+<&=', $1 or die "fdopen $1: $!";
+ open $S, "+<&=$1" or die "fdopen $1: $!";
} else {
my $sockname = $OPTS{socket} // (defined $ENV{XDG_RUNTIME_DIR} ? "$ENV{XDG_RUNTIME_DIR}/S.lacme" : undef);
die "Missing socket option\n" unless defined $sockname;
--
2.11.0
|