Compare commits

..

No commits in common. "c8s" and "c9-beta" have entirely different histories.
c8s ... c9-beta

12 changed files with 172 additions and 579 deletions

View File

@ -1 +0,0 @@
1

3
.gitignore vendored
View File

@ -1,2 +1 @@
SOURCES/HTTP-Daemon-6.01.tar.gz SOURCES/HTTP-Daemon-6.12.tar.gz
/HTTP-Daemon-6.01.tar.gz

View File

@ -0,0 +1 @@
4a06c2cb7a033d556fa34ea2ac88558da90a4815 SOURCES/HTTP-Daemon-6.12.tar.gz

View File

@ -1,305 +0,0 @@
From 067faffb8e596a53c9ac2ed7e571472f7a163681 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Mon, 16 Jan 2017 16:13:08 +0100
Subject: [PATCH] Add IPv6 support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch ports the code from IO::Socket::INET to IO::Socket::IP in
order to support IPv6.
CPAN RT #91699, #71395.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
Makefile.PL | 1 +
README | 24 ++++++++++++------------
lib/HTTP/Daemon.pm | 43 ++++++++++++++++++++++++++++---------------
t/chunked.t | 34 +++++++++++++++++++++++-----------
4 files changed, 64 insertions(+), 38 deletions(-)
diff --git a/Makefile.PL b/Makefile.PL
index 09c7e86..85d5712 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -14,6 +14,7 @@ WriteMakefile(
PREREQ_PM => {
'Sys::Hostname' => 0,
'IO::Socket' => 0,
+ 'IO::Socket::IP' => 0,
'HTTP::Request' => 6,
'HTTP::Response' => 6,
'HTTP::Status' => 6,
diff --git a/README b/README
index be5a20a..ddb3b6e 100644
--- a/README
+++ b/README
@@ -24,12 +24,12 @@ SYNOPSIS
DESCRIPTION
Instances of the `HTTP::Daemon' class are HTTP/1.1 servers that listen
on a socket for incoming requests. The `HTTP::Daemon' is a subclass of
- `IO::Socket::INET', so you can perform socket operations directly on it
+ `IO::Socket::IP', so you can perform socket operations directly on it
too.
The accept() method will return when a connection from a client is
available. The returned value will be an `HTTP::Daemon::ClientConn'
- object which is another `IO::Socket::INET' subclass. Calling the
+ object which is another `IO::Socket::IP' subclass. Calling the
get_request() method on this object will read data from the client and
return an `HTTP::Request' object. The ClientConn object also provide
methods to send back various responses.
@@ -40,13 +40,13 @@ DESCRIPTION
responses that conform to the HTTP/1.1 protocol.
The following methods of `HTTP::Daemon' are new (or enhanced) relative
- to the `IO::Socket::INET' base class:
+ to the `IO::Socket::IP' base class:
$d = HTTP::Daemon->new
$d = HTTP::Daemon->new( %opts )
The constructor method takes the same arguments as the
- `IO::Socket::INET' constructor, but unlike its base class it can
- also be called without any arguments. The daemon will then set up a
+ `IO::Socket::IP' constructor, but unlike its base class it can also
+ be called without any arguments. The daemon will then set up a
listen queue of 5 connections and allocate some random port number.
A server that wants to bind to some specific address on the standard
@@ -57,8 +57,8 @@ DESCRIPTION
LocalPort => 80,
);
- See IO::Socket::INET for a description of other arguments that can
- be used configure the daemon during construction.
+ See IO::Socket::IP for a description of other arguments that can be
+ used configure the daemon during construction.
$c = $d->accept
$c = $d->accept( $pkg )
@@ -71,7 +71,7 @@ DESCRIPTION
The accept method will return `undef' if timeouts have been enabled
and no connection is made within the given time. The timeout()
- method is described in IO::Socket.
+ method is described in IO::Socket::IP.
In list context both the client object and the peer address will be
returned; see the description of the accept method IO::Socket for
@@ -89,9 +89,9 @@ DESCRIPTION
The default is the string "libwww-perl-daemon/#.##" where "#.##" is
replaced with the version number of this module.
- The `HTTP::Daemon::ClientConn' is a `IO::Socket::INET' subclass.
- Instances of this class are returned by the accept() method of
- `HTTP::Daemon'. The following methods are provided:
+ The `HTTP::Daemon::ClientConn' is a `IO::Socket::IP' subclass. Instances
+ of this class are returned by the accept() method of `HTTP::Daemon'. The
+ following methods are provided:
$c->get_request
$c->get_request( $headers_only )
@@ -227,7 +227,7 @@ DESCRIPTION
SEE ALSO
RFC 2616
- IO::Socket::INET, IO::Socket
+ IO::Socket::IP, IO::Socket
COPYRIGHT
Copyright 1996-2003, Gisle Aas
diff --git a/lib/HTTP/Daemon.pm b/lib/HTTP/Daemon.pm
index 27a7bf4..0e22b77 100644
--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -5,8 +5,10 @@ use vars qw($VERSION @ISA $PROTO $DEBUG);
$VERSION = "6.01";
-use IO::Socket qw(AF_INET INADDR_ANY INADDR_LOOPBACK inet_ntoa);
-@ISA=qw(IO::Socket::INET);
+use Socket qw(AF_INET AF_INET6 INADDR_ANY IN6ADDR_ANY
+ INADDR_LOOPBACK IN6ADDR_LOOPBACK inet_ntop sockaddr_family);
+use IO::Socket::IP;
+@ISA=qw(IO::Socket::IP);
$PROTO = "HTTP/1.1";
@@ -40,15 +42,26 @@ sub url
my $self = shift;
my $url = $self->_default_scheme . "://";
my $addr = $self->sockaddr;
- if (!$addr || $addr eq INADDR_ANY) {
+ if (!$addr || $addr eq INADDR_ANY || $addr eq IN6ADDR_ANY) {
require Sys::Hostname;
$url .= lc Sys::Hostname::hostname();
}
elsif ($addr eq INADDR_LOOPBACK) {
- $url .= inet_ntoa($addr);
+ $url .= inet_ntop(AF_INET, $addr);
+ }
+ elsif ($addr eq IN6ADDR_LOOPBACK) {
+ $url .= '[' . inet_ntop(AF_INET6, $addr) . ']';
}
else {
- $url .= gethostbyaddr($addr, AF_INET) || inet_ntoa($addr);
+ my $host = $addr->sockhostname;
+ if (!defined $host) {
+ if (sockaddr_family($addr) eq AF_INET6) {
+ $host = '[' . inet_ntop(AF_INET6, $addr) . ']';
+ } else {
+ $host = inet_ntop(AF_INET6, $addr);
+ }
+ }
+ $url .= $host;
}
my $port = $self->sockport;
$url .= ":$port" if $port != $self->_default_port;
@@ -77,8 +90,8 @@ sub product_tokens
package HTTP::Daemon::ClientConn;
use vars qw(@ISA $DEBUG);
-use IO::Socket ();
-@ISA=qw(IO::Socket::INET);
+use IO::Socket::IP ();
+@ISA=qw(IO::Socket::IP);
*DEBUG = \$HTTP::Daemon::DEBUG;
use HTTP::Request ();
@@ -645,12 +658,12 @@ HTTP::Daemon - a simple http server class
Instances of the C<HTTP::Daemon> class are HTTP/1.1 servers that
listen on a socket for incoming requests. The C<HTTP::Daemon> is a
-subclass of C<IO::Socket::INET>, so you can perform socket operations
+subclass of C<IO::Socket::IP>, so you can perform socket operations
directly on it too.
The accept() method will return when a connection from a client is
available. The returned value will be an C<HTTP::Daemon::ClientConn>
-object which is another C<IO::Socket::INET> subclass. Calling the
+object which is another C<IO::Socket::IP> subclass. Calling the
get_request() method on this object will read data from the client and
return an C<HTTP::Request> object. The ClientConn object also provide
methods to send back various responses.
@@ -661,7 +674,7 @@ desirable. Also note that the user is responsible for generating
responses that conform to the HTTP/1.1 protocol.
The following methods of C<HTTP::Daemon> are new (or enhanced) relative
-to the C<IO::Socket::INET> base class:
+to the C<IO::Socket::IP> base class:
=over 4
@@ -670,7 +683,7 @@ to the C<IO::Socket::INET> base class:
=item $d = HTTP::Daemon->new( %opts )
The constructor method takes the same arguments as the
-C<IO::Socket::INET> constructor, but unlike its base class it can also
+C<IO::Socket::IP> constructor, but unlike its base class it can also
be called without any arguments. The daemon will then set up a listen
queue of 5 connections and allocate some random port number.
@@ -682,7 +695,7 @@ HTTP port will be constructed like this:
LocalPort => 80,
);
-See L<IO::Socket::INET> for a description of other arguments that can
+See L<IO::Socket::IP> for a description of other arguments that can
be used configure the daemon during construction.
=item $c = $d->accept
@@ -699,7 +712,7 @@ class a subclass of C<HTTP::Daemon::ClientConn>.
The accept method will return C<undef> if timeouts have been enabled
and no connection is made within the given time. The timeout() method
-is described in L<IO::Socket>.
+is described in L<IO::Socket::IP>.
In list context both the client object and the peer address will be
returned; see the description of the accept method L<IO::Socket> for
@@ -721,7 +734,7 @@ replaced with the version number of this module.
=back
-The C<HTTP::Daemon::ClientConn> is a C<IO::Socket::INET>
+The C<HTTP::Daemon::ClientConn> is a C<IO::Socket::IP>
subclass. Instances of this class are returned by the accept() method
of C<HTTP::Daemon>. The following methods are provided:
@@ -895,7 +908,7 @@ Return a reference to the corresponding C<HTTP::Daemon> object.
RFC 2616
-L<IO::Socket::INET>, L<IO::Socket>
+L<IO::Socket::IP>, L<IO::Socket>
=head1 COPYRIGHT
diff --git a/t/chunked.t b/t/chunked.t
index e11799f..c274b11 100644
--- a/t/chunked.t
+++ b/t/chunked.t
@@ -95,18 +95,30 @@ my $can_fork = $Config{d_fork} ||
my $tests = @TESTS;
my $tport = 8333;
-my $tsock = IO::Socket::INET->new(LocalAddr => '0.0.0.0',
- LocalPort => $tport,
- Listen => 1,
- ReuseAddr => 1);
+my @addresses = (
+ { server => '::', client => '::1' },
+ { server => '0.0.0.0', client => '127.0.0.1' }
+);
+my $family;
+for my $id (0..$#addresses) {
+ my $tsock = IO::Socket::IP->new(LocalAddr => $addresses[$id]->{server},
+ LocalPort => $tport,
+ Listen => 1,
+ ReuseAddr => 1);
+ if ($tsock) {
+ close $tsock;
+ $family = $id;
+ last;
+ }
+}
+
if (!$can_fork) {
plan skip_all => "This system cannot fork";
}
-elsif (!$tsock) {
- plan skip_all => "Cannot listen on 0.0.0.0:$tport";
+elsif (!defined $family) {
+ plan skip_all => "Cannot listen on unspecifed address and port $tport";
}
else {
- close $tsock;
plan tests => $tests;
}
@@ -132,9 +144,9 @@ if ($pid = fork) {
open my $fh, "| socket localhost $tport" or die;
print $fh $test;
}
- use IO::Socket::INET;
- my $sock = IO::Socket::INET->new(
- PeerAddr => "127.0.0.1",
+ use IO::Socket::IP;
+ my $sock = IO::Socket::IP->new(
+ PeerAddr => $addresses[$family]->{client},
PeerPort => $tport,
) or die;
if (0) {
@@ -158,7 +170,7 @@ if ($pid = fork) {
} else {
die "cannot fork: $!" unless defined $pid;
my $d = HTTP::Daemon->new(
- LocalAddr => '0.0.0.0',
+ LocalAddr => $addresses[$family]->{server},
LocalPort => $tport,
ReuseAddr => 1,
) or die;
--
2.7.4

View File

@ -1,113 +0,0 @@
From 241989d49b5aedcde4bfd2a5e8257ea2c2fd252b Mon Sep 17 00:00:00 2001
From: Olaf Alders <olaf@wundersolutions.com>
Date: Thu, 14 May 2026 00:09:58 +0000
Subject: [PATCH] Fix CVE-2026-8450: send_file() honoured 2-arg open()
shell-magic
HTTP::Daemon::ClientConn::send_file() used the 2-arg form
open(FILE, $file), which interprets shell-magic prefixes in the
path argument: '| cmd' (write pipe -- RCE), 'cmd |' (read pipe --
RCE plus response-body exfiltration via the sysread / print loop
below), '> path' (write-truncate -- arbitrary file write), and
'>> path', '+< path', '<&fd', and leading-whitespace variants of
the above.
Any HTTP::Daemon-based application that passed attacker-influenced
bytes to send_file($string) -- for example, a download endpoint
that derived the filename from a query parameter -- granted command
execution and/or arbitrary file write at the daemon's UID.
Switch to 3-arg open(my $fh, '<', $file): the explicit '<' mode
makes the path argument a literal filename, so every magic shape
above is opened (and fails, returning undef) as an ordinary file by
that exact name. The localized typeglob is no longer needed and is
replaced with a lexical filehandle.
Two collateral hardening changes ride along:
- binmode() failure now closes the handle and returns undef,
rather than streaming the file with a wrong PerlIO layer.
- send_file() returns '0E0' (true zero) on a successful zero-byte
transfer so callers using "send_file or die" can distinguish
open failure (undef) from an empty-but-successful copy.
The POD now documents the new return-value contract and spells
out that the fix only neutralises 2-arg open() shell-magic;
callers remain responsible for validating attacker-influenced
paths against symlinks, character/block devices (e.g. /dev/zero),
named pipes, and document-root escapes.
Reported and patched by Stig Palmquist (stigtsp).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
lib/HTTP/Daemon.pm | 37 +++++++++++++++++++++++++++++++------
1 file changed, 31 insertions(+), 6 deletions(-)
diff --git a/lib/HTTP/Daemon.pm b/lib/HTTP/Daemon.pm
index 216c73f..a715159 100644
--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -617,12 +617,11 @@ sub send_file
{
my($self, $file) = @_;
my $opened = 0;
- local(*FILE);
if (!ref($file)) {
- open(FILE, $file) || return undef;
- binmode(FILE);
- $file = \*FILE;
- $opened++;
+ open(my $fh, '<', $file) || return undef;
+ binmode($fh) || do { close($fh); return undef };
+ $file = $fh;
+ $opened++;
}
my $cnt = 0;
my $buf = "";
@@ -633,7 +632,11 @@ sub send_file
print $self $buf;
}
close($file) if $opened;
- $cnt;
+
+ # Return a "true zero" for empty-but-successful copies so callers
+ # using `send_file or die` can distinguish open failure (undef)
+ # from a successful zero-byte transfer.
+ $cnt || '0E0';
}
@@ -917,6 +920,28 @@ Copy the file to the client. The file can be a string (which
will be interpreted as a filename) or a reference to an C<IO::Handle>
or glob.
+Returns the number of bytes copied on success, or C<undef> if the
+filename form failed to open. An empty file returns the string
+C<'0E0'> (zero numerically, true in boolean context) so that callers
+using C<< send_file or die >> can distinguish open failure from a
+successful zero-byte transfer.
+
+The filename form uses Perl's 3-argument C<open> with an explicit C<<
+< >> mode, so the path is no longer interpreted as a 2-argument
+C<open> shell-magic shape such as C<< | cmd >>, C<< cmd | >>, or
+C<< > path >>. See
+L<CVE-2026-8450|https://www.cve.org/CVERecord?id=CVE-2026-8450> for
+the prior 2-argument C<open> behaviour this replaces.
+
+Note that this fix only neutralises 2-argument C<open> shell-magic.
+Callers remain responsible for validating attacker-influenced paths:
+C<send_file> will still happily open symlinks, character/block devices
+(e.g. C</dev/zero>, C</dev/stdin>), named pipes (which may block the
+worker), and files outside an intended document root. If C<$filename>
+can be derived from request input, validate it (canonicalise, reject
+C<..> segments, require C<-f _> and a vetted prefix) before passing it
+in.
+
=item $c->daemon
Return a reference to the corresponding C<HTTP::Daemon> object.
--
2.52.0

View File

@ -1,48 +0,0 @@
From b54702ab21edbf1ea0dbc00d978aecc89e5764d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Mon, 18 Sep 2017 15:21:16 +0200
Subject: [PATCH] Handle undef and empty LocalAddr
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
IO::Socket::INET interprets undefined and empty string LocalAddr
arguments as an unspecified address while IO::Socket::IP returns an
error. This seems to be one of the differences between the two
Socket implementations. Recent IO::Socket::IP (0.39) accepts undefined
value, but still bail outs on an empty string.
To improve compatibility, this patch adds a special handling for these
two values to be accepted as an unspecified value. Though this should
be corrected on IO::Socket:IP side probably.
CPAN RT#91699
CPAN RT#123069
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
lib/HTTP/Daemon.pm | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/HTTP/Daemon.pm b/lib/HTTP/Daemon.pm
index 0e22b77..1e9d48e 100644
--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -18,6 +18,14 @@ sub new
my($class, %args) = @_;
$args{Listen} ||= 5;
$args{Proto} ||= 'tcp';
+ # Handle undefined or empty local address the same way as
+ # IO::Socket::INET -- use unspecified address
+ for my $key (qw(LocalAddr LocalHost)) {
+ if (exists $args{$key} &&
+ (!defined($args{$key}) || $args{$key} eq '')) {
+ delete $args{$key};
+ }
+ }
return $class->SUPER::new(%args);
}
--
2.13.5

View File

@ -1,55 +0,0 @@
From e49f553aa8be21e5df72452e50af2e9f0b82ecad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 23 May 2018 17:31:42 +0200
Subject: [PATCH] Resolve specific socket addresses correctly
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Previous code did not formatted specific (not 0.0.0.0 or ::)
correctly:
$ perl -MHTTP::Daemon -e '$d=HTTP::Daemon->new(LocalAddr=>q{127.0.0.2}) or die; print $d->url, qq{\n}'
Can't call method "sockhostname" without a package or object reference at /usr/share/perl5/vendor_perl/HTTP/Daemon.pm line 64.
This patch also fixes formatting numerical IPv6 addresses. It seems
that IO::Socket::IP::sockhostname() formats unresolvable addresses too.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
lib/HTTP/Daemon.pm | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/lib/HTTP/Daemon.pm b/lib/HTTP/Daemon.pm
index 1e9d48e..216c73f 100644
--- a/lib/HTTP/Daemon.pm
+++ b/lib/HTTP/Daemon.pm
@@ -61,12 +61,23 @@ sub url
$url .= '[' . inet_ntop(AF_INET6, $addr) . ']';
}
else {
- my $host = $addr->sockhostname;
+ my $host = $self->sockhostname;
+ # sockhostname() seems to return a stringified IP address if not
+ # resolvable, then quote it for a port separator and an IPv6 zone separator.
+ # But be paranoid for a case when it already contains a bracket.
+ if (defined $host and $host =~ /:/) {
+ if ($host =~ /[\[\]]/) {
+ $host = undef;
+ } else {
+ $host =~ s/%/%25/g;
+ $host = '[' . $host . ']';
+ }
+ }
if (!defined $host) {
if (sockaddr_family($addr) eq AF_INET6) {
$host = '[' . inet_ntop(AF_INET6, $addr) . ']';
} else {
- $host = inet_ntop(AF_INET6, $addr);
+ $host = inet_ntop(AF_INET, $addr);
}
}
$url .= $host;
--
2.14.3

View File

@ -0,0 +1,92 @@
From 30b91a0898e50874886343b66d27f78eaf960faf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 2 Apr 2019 16:54:42 +0200
Subject: [PATCH] EU::MM is not deprecated
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Contrary to the warning in the Makefile.PL, only ExtUtils::MakeMaker
is a full-fledged system. Module::Build is not maintained anymore and
Module::Build::Tiny contains design flaws regarding XS compilation.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
Makefile.PL | 61 -----------------------------------------------------
1 file changed, 61 deletions(-)
diff --git a/Makefile.PL b/Makefile.PL
index 5915c46..e98af42 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -9,67 +9,6 @@ use warnings;
use 5.006;
use ExtUtils::MakeMaker;
-BEGIN {
-my %configure_requires = (
- 'ExtUtils::MakeMaker' => '0',
- 'Module::Build::Tiny' => '0.034',
-);
-
-my %errors = map {
- eval "require $_; $_->VERSION($configure_requires{$_}); 1";
- $_ => $@,
-} keys %configure_requires;
-
-if (grep { $_ } values %errors)
-{
- warn "Errors from configure prereqs:\n"
- . do {
- require Data::Dumper; Data::Dumper->new([ \%errors ])->Indent(2)->Terse(1)->Sortkeys(1)->Dump;
- };
-}
-
-if (not $ENV{PERL_MM_FALLBACK_SILENCE_WARNING})
-{
- warn <<'EOW';
-*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ***
-
-If you're seeing this warning, your toolchain is really, really old* and
-you'll almost certainly have problems installing CPAN modules from this
-century. But never fear, dear user, for we have the technology to fix this!
-
-If you're using CPAN.pm to install things, then you can upgrade it using:
-
- cpan CPAN
-
-If you're using CPANPLUS to install things, then you can upgrade it using:
-
- cpanp CPANPLUS
-
-If you're using cpanminus, you shouldn't be seeing this message in the first
-place, so please file an issue on github.
-
-If you're using a packaging tool through a unix distribution, this issue
-should be reported to the package manager.
-
-If you're installing manually, please retrain your fingers to run Build.PL
-when present instead of Makefile.PL.
-
-This public service announcement was brought to you by the Perl Toolchain
-Gang, the irc.perl.org #toolchain IRC channel, and the number 42.
-
-----
-
-* Alternatively, you are doing something overly clever, in which case you
-should consider setting the 'prefer_installer' config option in CPAN.pm, or
-'prefer_makefile' in CPANPLUS, to 'mb" and '0' respectively.
-
-You can also silence this warning for future installations by setting the
-PERL_MM_FALLBACK_SILENCE_WARNING environment variable.
-EOW
- sleep 10 if -t STDIN && (-t STDOUT || !(-f STDOUT || -c STDOUT));
-}
-} # end BEGIN
-
my %WriteMakefileArgs = (
"ABSTRACT" => "A simple http server class",
"AUTHOR" => "Gisle Aas <gisle\@activestate.com>",
--
2.20.1

View File

@ -1,25 +1,17 @@
Name: perl-HTTP-Daemon Name: perl-HTTP-Daemon
Version: 6.01 Version: 6.12
Release: 24%{?dist} Release: 6%{?dist}
Summary: Simple HTTP server class Summary: Simple HTTP server class
License: GPL+ or Artistic License: GPL+ or Artistic
URL: http://search.cpan.org/dist/HTTP-Daemon/ URL: https://metacpan.org/release/HTTP-Daemon
Source0: http://www.cpan.org/authors/id/G/GA/GAAS/HTTP-Daemon-%{version}.tar.gz Source0: https://cpan.metacpan.org/authors/id/O/OA/OALDERS/HTTP-Daemon-%{version}.tar.gz
# Support IPv6, bug #1413065, CPAN RT#91699, CPAN RT#71395, # Use Makefile.PL without unneeded dependencies
# proposed to upstream Patch0: HTTP-Daemon-6.04-EU-MM-is-not-deprecated.patch
Patch0: HTTP-Daemon-6.01-Add-IPv6-support.patch
# Accept undefined and empty-string LocalAddr as IO::Socket::INET does,
# CPAN RT#91699, CPAN RT#123069
Patch1: HTTP-Daemon-6.01-Handle-undef-and-empty-LocalAddr.patch
# Fix formatting specific non-local addresses, bug #1578026, CPAN RT#125242
Patch2: HTTP-Daemon-6.01-Resolve-specific-socket-addresses-correctly.patch
# https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995
Patch3: HTTP-Daemon-6.01-CVE-2026-8450.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: make BuildRequires: make
BuildRequires: perl-generators BuildRequires: perl-generators
BuildRequires: perl-interpreter BuildRequires: perl-interpreter
BuildRequires: perl(:VERSION) >= 5.8.1 BuildRequires: perl(:VERSION) >= 5.6
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76 BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76
BuildRequires: perl(strict) BuildRequires: perl(strict)
# Run-time: # Run-time:
@ -28,31 +20,36 @@ BuildRequires: perl(HTTP::Date) >= 6
BuildRequires: perl(HTTP::Request) >= 6 BuildRequires: perl(HTTP::Request) >= 6
BuildRequires: perl(HTTP::Response) >= 6 BuildRequires: perl(HTTP::Response) >= 6
BuildRequires: perl(HTTP::Status) >= 6 BuildRequires: perl(HTTP::Status) >= 6
BuildRequires: perl(IO::Socket::IP) BuildRequires: perl(IO::Socket::IP) >= 0.25
BuildRequires: perl(LWP::MediaTypes) >= 6 BuildRequires: perl(LWP::MediaTypes) >= 6
BuildRequires: perl(Socket) BuildRequires: perl(Socket)
BuildRequires: perl(Sys::Hostname) BuildRequires: perl(warnings)
BuildRequires: perl(vars)
# Tests only: # Tests only:
BuildRequires: perl(Config) BuildRequires: perl(Config)
# IO::Socket not used BuildRequires: perl(File::Spec)
BuildRequires: perl(HTTP::Tiny) >= 0.042
# LWP::UserAgent not used
BuildRequires: perl(Module::Metadata)
# Test not used if LWP::UserAgent is not installed
BuildRequires: perl(Test::More) >= 0.98
BuildRequires: perl(Test::Needs)
# URI not used
# Optional tests:
# CPAN::Meta not helpful
# CPAN::Meta::Prereqs not helpful
# LWP::RobotUA not used # LWP::RobotUA not used
# LWP::UserAgent not used # LWP::UserAgent not used
# Test not used
BuildRequires: perl(Test::More)
# URI not used
BuildRequires: perl(warnings)
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
Requires: perl(HTTP::Date) >= 6 Requires: perl(HTTP::Date) >= 6
Requires: perl(HTTP::Request) >= 6 Requires: perl(HTTP::Request) >= 6
Requires: perl(HTTP::Response) >= 6 Requires: perl(HTTP::Response) >= 6
Requires: perl(HTTP::Status) >= 6 Requires: perl(HTTP::Status) >= 6
Requires: perl(IO::Socket::IP) >= 0.25
Requires: perl(LWP::MediaTypes) >= 6 Requires: perl(LWP::MediaTypes) >= 6
Requires: perl(Sys::Hostname)
Conflicts: perl-libwww-perl < 6 Conflicts: perl-libwww-perl < 6
# Remove underspecified dependencies # Remove underspecified dependencies
%global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(HTTP::(Date|Request|Response|Status)|LWP::MediaTypes\\)$ %global __requires_exclude %{?__requires_exclude:%{__requires_exclude}|}^perl\\(HTTP::(Date|Request|Response|Status)|IO::Socket::IP|LWP::MediaTypes\\)$
%description %description
Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a
@ -62,30 +59,76 @@ IO::Socket::IP, so you can perform socket operations directly on it too.
%prep %prep
%setup -q -n HTTP-Daemon-%{version} %setup -q -n HTTP-Daemon-%{version}
%patch0 -p1 %patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build %build
perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
make %{?_smp_mflags} %{make_build}
%install %install
make pure_install DESTDIR=%{buildroot} %{make_install}
%{_fixperms} %{buildroot}/* %{_fixperms} %{buildroot}/*
%check %check
# Some tests are skipped with "Can't talk to ourself (misconfigured system)".
# These tests actually are never run becuse the required CAN_TALK_TO_OURSELF
# file is never created. Those are author's tests.
make test make test
%files %files
%doc Changes README %license LICENCE
%doc Changes CONTRIBUTING README
%{perl_vendorlib}/* %{perl_vendorlib}/*
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Wed Jun 17 2026 RHEL Packaging Agent <redhat-ymir-agent@redhat.com> - 6.01-24 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 6.12-6
- Fix CVE-2026-8450: send_file() shell-magic injection via 2-arg open() - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- Resolves: RHEL-184825 Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 6.12-5
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.12-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Jitka Plesnikova <jplesnik@redhat.com> - 6.12-2
- Perl 5.32 rebuild
* Fri Jun 05 2020 Petr Pisar <ppisar@redhat.com> - 6.12-1
- 6.12 bump
* Wed May 27 2020 Petr Pisar <ppisar@redhat.com> - 6.10-1
- 6.10 bump
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.06-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Aug 30 2019 Petr Pisar <ppisar@redhat.com> - 6.06-1
- 6.06 bump
* Mon Jul 29 2019 Petr Pisar <ppisar@redhat.com> - 6.05-1
- 6.05 bump
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.04-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 6.04-2
- Perl 5.30 rebuild
* Tue Apr 02 2019 Petr Pisar <ppisar@redhat.com> - 6.04-1
- 6.04 bump
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.01-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.01-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 6.01-24
- Perl 5.28 rebuild
* Wed May 23 2018 Petr Pisar <ppisar@redhat.com> - 6.01-23 * Wed May 23 2018 Petr Pisar <ppisar@redhat.com> - 6.01-23
- Fix formatting numerical non-local specific IPv6 addresses (bug #1578026) - Fix formatting numerical non-local specific IPv6 addresses (bug #1578026)

View File

@ -1,7 +0,0 @@
# RHEL
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -1,12 +0,0 @@
summary: Private (RHEL) beakerlib tests
enabled: false
adjust:
- when: distro == rhel
enabled: true
because: private tests are accesible only within rhel pipeline
discover:
- name: rhel
how: fmf
url: https://pkgs.devel.redhat.com/git/tests/perl-HTTP-Daemon
execute:
how: tmt

View File

@ -1 +0,0 @@
SHA512 (HTTP-Daemon-6.01.tar.gz) = 8d2b8cd9c9386defb256457e160492d78cd6a7d962514522c62d6f8d3dd1cb6f7019b7a1a70b13f340ef54538eef02629a13861864f2f79306f1da7255fa887b