[Bps-public-commit] Net-Server-Coro branch, master, updated. 0.9-5-ga466919
Alex Vandiver
alexmv at bestpractical.com
Mon Sep 5 01:36:38 EDT 2011
The branch, master has been updated
via a466919b27b09696fb51e9d162c99a2f8d843e0b (commit)
via f8770af63c896299f8b40bd3bdc71bec1c54093e (commit)
via a5370d514482662cb76277cb605a3561887bfde3 (commit)
via cac0c89881b96c4c0febe1946321ece70a86eaf6 (commit)
via 69d6184fa7a8e022672e8e9511d030415d8cafa4 (commit)
from a0731152cc6c7f615f27ca2d0a7e7a9dd0d990e8 (commit)
Summary of changes:
.gitignore | 3 +-
Changes | 8 ++++++
META.yml | 4 +-
SIGNATURE | 34 +++++++++++++-------------
inc/Module/Install.pm | 4 +-
inc/Module/Install/Base.pm | 2 +-
inc/Module/Install/Can.pm | 2 +-
inc/Module/Install/Fetch.pm | 2 +-
inc/Module/Install/Makefile.pm | 2 +-
inc/Module/Install/Metadata.pm | 9 ++++---
inc/Module/Install/Win32.pm | 2 +-
inc/Module/Install/WriteAll.pm | 2 +-
lib/Net/Server/Coro.pm | 2 +-
lib/Net/Server/Proto/Coro.pm | 53 +++++++++++++++++++++++----------------
14 files changed, 74 insertions(+), 55 deletions(-)
- Log -----------------------------------------------------------------
commit 69d6184fa7a8e022672e8e9511d030415d8cafa4
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Sun Sep 4 23:45:35 2011 -0400
Perl 5.14 deprecated TIEHANDLE calls on scalar typeglobs without an explicit *
From perl5140delta.pod:
=head2 Tie functions on scalars holding typeglobs
Calling a tie function (C<tie>, C<tied>, C<untie>) with a scalar
argument acts on a filehandle if the scalar happens to hold a
typeglob.
This is a long-standing bug that will be removed in Perl 5.16, as
there is currently no way to tie the scalar itself when it holds a
typeglob, and no way to untie a scalar that has had a typeglob
assigned to it.
Thus, make the typeglobs explicit, which is handily also backwards
compatible.
diff --git a/lib/Net/Server/Proto/Coro.pm b/lib/Net/Server/Proto/Coro.pm
index 7bd1a5d..7e07222 100644
--- a/lib/Net/Server/Proto/Coro.pm
+++ b/lib/Net/Server/Proto/Coro.pm
@@ -11,32 +11,32 @@ sub new_from_fh {
my $fh = shift or return;
my $self = do { local *Coro::Handle };
- tie $self, 'Net::Server::Proto::Coro::FH', fh => $fh, @_;
+ tie *$self, 'Net::Server::Proto::Coro::FH', fh => $fh, @_;
bless \$self, ref $class ? ref $class : $class;
}
-sub NS_host { tied( ${+shift} )->[0]->NS_host(@_) };
-sub NS_port { tied( ${+shift} )->[0]->NS_port(@_) };
-sub NS_proto { tied( ${+shift} )->[0]->NS_proto(@_) };
-sub sockport { tied( ${+shift} )->[0]->sockport(@_) };
-sub connect { tied( ${+shift} )->[0]->connect(@_) };
-sub reconnect { tied( ${+shift} )->[0]->reconnect(@_) };
+sub NS_host { tied( *${+shift} )->[0]->NS_host(@_) };
+sub NS_port { tied( *${+shift} )->[0]->NS_port(@_) };
+sub NS_proto { tied( *${+shift} )->[0]->NS_proto(@_) };
+sub sockport { tied( *${+shift} )->[0]->sockport(@_) };
+sub connect { tied( *${+shift} )->[0]->connect(@_) };
+sub reconnect { tied( *${+shift} )->[0]->reconnect(@_) };
sub accept {
my $self = shift;
- my $socket = tied( ${$self} )->[0];
+ my $socket = tied( *${$self} )->[0];
while (1) {
$self->readable or return;
my ( $fh, $peername ) = $socket->accept;
if ($peername) {
my $socket = $self->new_from_fh(
$fh,
- forward_class => tied( ${$self} )->[7],
- expects_ssl => tied( ${$self} )->[9],
- server_cert => tied( ${$self} )->[12],
- server_key => tied( ${$self} )->[13],
+ forward_class => tied( *${$self} )->[7],
+ expects_ssl => tied( *${$self} )->[9],
+ server_cert => tied( *${$self} )->[12],
+ server_key => tied( *${$self} )->[13],
);
return wantarray ? ( $socket, $peername ) : $socket;
}
@@ -46,24 +46,24 @@ sub accept {
}
sub expects_ssl {
- my $self = tied ${ $_[0] };
+ my $self = tied *${ $_[0] };
$self->[9] = shift if @_;
return $self->[9];
}
sub is_ssl {
- my $self = tied ${ $_[0] };
+ my $self = tied *${ $_[0] };
return $self->[10] ? 1 : 0;
}
-sub start_SSL { Net::Server::Proto::Coro::FH::start_SSL( tied ${+shift}, @_) }
-sub read { Net::Server::Proto::Coro::FH::READ ( tied ${$_[0]}, $_[1], $_[2], $_[3]) }
-sub sysread { Net::Server::Proto::Coro::FH::READ ( tied ${$_[0]}, $_[1], $_[2], $_[3]) }
-sub syswrite { Net::Server::Proto::Coro::FH::WRITE ( tied ${$_[0]}, $_[1], $_[2], $_[3]) }
-sub print { Net::Server::Proto::Coro::FH::WRITE ( tied ${+shift}, join "", @_) }
-sub printf { Net::Server::Proto::Coro::FH::PRINTF ( tied ${+shift}, @_) }
-sub fileno { Net::Server::Proto::Coro::FH::FILENO ( tied ${$_[0]}) }
-sub close { Net::Server::Proto::Coro::FH::CLOSE ( tied ${$_[0]}) }
+sub start_SSL { Net::Server::Proto::Coro::FH::start_SSL( tied *${+shift}, @_) }
+sub read { Net::Server::Proto::Coro::FH::READ ( tied *${$_[0]}, $_[1], $_[2], $_[3]) }
+sub sysread { Net::Server::Proto::Coro::FH::READ ( tied *${$_[0]}, $_[1], $_[2], $_[3]) }
+sub syswrite { Net::Server::Proto::Coro::FH::WRITE ( tied *${$_[0]}, $_[1], $_[2], $_[3]) }
+sub print { Net::Server::Proto::Coro::FH::WRITE ( tied *${+shift}, join "", @_) }
+sub printf { Net::Server::Proto::Coro::FH::PRINTF ( tied *${+shift}, @_) }
+sub fileno { Net::Server::Proto::Coro::FH::FILENO ( tied *${$_[0]}) }
+sub close { Net::Server::Proto::Coro::FH::CLOSE ( tied *${$_[0]}) }
package Net::Server::Proto::Coro::FH;
use base qw/Coro::Handle::FH/;
commit cac0c89881b96c4c0febe1946321ece70a86eaf6
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Sun Sep 4 23:50:46 2011 -0400
Catch and warn of possible CVE-2011-0411 attacks
This class of attacks is possible when an existing connection is
upgraded to use TLS after being established. A malicious attacker could
craft a man-in-the-middle attack wherein the "STARTTLS" command sent by
the client has additional malicious application-level commands appended
in the same packet. The client and server are then left to complete the
TLS handshake on their own.
If the server does not clear the buffer during TLS authentication, it
will assume that the remaining commands in the buffer (inserted by the
attacker before TLS was established) were sent _after_ TLS was
established, and possibly run them with elevated privileges. This
attack is particularly dangerous if the protocol makes use of SSL client
certificates to authenticate the client.
To prevent this, explicitly clear the handle's buffer while TLS is being
negotiated.
diff --git a/lib/Net/Server/Proto/Coro.pm b/lib/Net/Server/Proto/Coro.pm
index 7e07222..f716a84 100644
--- a/lib/Net/Server/Proto/Coro.pm
+++ b/lib/Net/Server/Proto/Coro.pm
@@ -260,6 +260,15 @@ sub start_SSL {
$_[0][10] = Net::SSLeay::new($ctx);
Net::SSLeay::set_fd( $_[0][10], fileno( $_[0][0] ) );
+ # Purge any remaining contents of the read buffer. This prevents
+ # plaintext injection attacks wherein attackers could cause
+ # nominally SSL-only commands to be executed by appending them to
+ # the end of a STARTTLS.
+ if (length $_[0][3]) {
+ warn "SSL accept with pending plaintext (attempted CVE-2011-0411 attack?)\n";
+ $_[0][3] = "";
+ }
+
while (1) {
my $rv = Net::SSLeay::accept($_[0][10]);
if ( $rv < 0 ) {
commit a5370d514482662cb76277cb605a3561887bfde3
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Sep 5 00:00:05 2011 -0400
Upgrade Module::Install
diff --git a/.gitignore b/.gitignore
index 4681772..926156a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
Makefile
Makefile.old
+MYMETA.yml
blib
pm_to_blib
-Net-Server-Coro-*.tar.gz
+Net-Server-Coro-*.tar.gz
\ No newline at end of file
diff --git a/META.yml b/META.yml
index 8cfe3fc..04c6ffe 100644
--- a/META.yml
+++ b/META.yml
@@ -7,7 +7,7 @@ build_requires:
configure_requires:
ExtUtils::MakeMaker: 6.42
distribution_type: module
-generated_by: 'Module::Install version 1.00'
+generated_by: 'Module::Install version 1.01'
license: mit
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
diff --git a/inc/Module/Install.pm b/inc/Module/Install.pm
index 8ee839d..74caf9c 100644
--- a/inc/Module/Install.pm
+++ b/inc/Module/Install.pm
@@ -31,7 +31,7 @@ BEGIN {
# This is not enforced yet, but will be some time in the next few
# releases once we can make sure it won't clash with custom
# Module::Install extensions.
- $VERSION = '1.00';
+ $VERSION = '1.01';
# Storage for the pseudo-singleton
$MAIN = undef;
@@ -467,4 +467,4 @@ sub _CLASS ($) {
1;
-# Copyright 2008 - 2010 Adam Kennedy.
+# Copyright 2008 - 2011 Adam Kennedy.
diff --git a/inc/Module/Install/Base.pm b/inc/Module/Install/Base.pm
index b55bda3..d3662c9 100644
--- a/inc/Module/Install/Base.pm
+++ b/inc/Module/Install/Base.pm
@@ -4,7 +4,7 @@ package Module::Install::Base;
use strict 'vars';
use vars qw{$VERSION};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.01';
}
# Suspend handler for "redefined" warnings
diff --git a/inc/Module/Install/Can.pm b/inc/Module/Install/Can.pm
index 71ccc27..276409a 100644
--- a/inc/Module/Install/Can.pm
+++ b/inc/Module/Install/Can.pm
@@ -9,7 +9,7 @@ use Module::Install::Base ();
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.01';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
diff --git a/inc/Module/Install/Fetch.pm b/inc/Module/Install/Fetch.pm
index ec1f106..093cb7a 100644
--- a/inc/Module/Install/Fetch.pm
+++ b/inc/Module/Install/Fetch.pm
@@ -6,7 +6,7 @@ use Module::Install::Base ();
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.01';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
diff --git a/inc/Module/Install/Makefile.pm b/inc/Module/Install/Makefile.pm
index 5dfd0e9..4c71003 100644
--- a/inc/Module/Install/Makefile.pm
+++ b/inc/Module/Install/Makefile.pm
@@ -8,7 +8,7 @@ use Fcntl qw/:flock :seek/;
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.01';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
diff --git a/inc/Module/Install/Metadata.pm b/inc/Module/Install/Metadata.pm
index cfe45b3..3b01e09 100644
--- a/inc/Module/Install/Metadata.pm
+++ b/inc/Module/Install/Metadata.pm
@@ -6,7 +6,7 @@ use Module::Install::Base ();
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.01';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
@@ -515,6 +515,7 @@ sub __extract_license {
'GNU Free Documentation license' => 'unrestricted', 1,
'GNU Affero General Public License' => 'open_source', 1,
'(?:Free)?BSD license' => 'bsd', 1,
+ 'Artistic license 2\.0' => 'artistic_2', 1,
'Artistic license' => 'artistic', 1,
'Apache (?:Software )?license' => 'apache', 1,
'GPL' => 'gpl', 1,
@@ -550,9 +551,9 @@ sub license_from {
sub _extract_bugtracker {
my @links = $_[0] =~ m#L<(
- \Qhttp://rt.cpan.org/\E[^>]+|
- \Qhttp://github.com/\E[\w_]+/[\w_]+/issues|
- \Qhttp://code.google.com/p/\E[\w_\-]+/issues/list
+ https?\Q://rt.cpan.org/\E[^>]+|
+ https?\Q://github.com/\E[\w_]+/[\w_]+/issues|
+ https?\Q://code.google.com/p/\E[\w_\-]+/issues/list
)>#gx;
my %links;
@links{@links}=();
diff --git a/inc/Module/Install/Win32.pm b/inc/Module/Install/Win32.pm
index edc18b4..3139a63 100644
--- a/inc/Module/Install/Win32.pm
+++ b/inc/Module/Install/Win32.pm
@@ -6,7 +6,7 @@ use Module::Install::Base ();
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.01';
@ISA = 'Module::Install::Base';
$ISCORE = 1;
}
diff --git a/inc/Module/Install/WriteAll.pm b/inc/Module/Install/WriteAll.pm
index d0f6599..1f724a7 100644
--- a/inc/Module/Install/WriteAll.pm
+++ b/inc/Module/Install/WriteAll.pm
@@ -6,7 +6,7 @@ use Module::Install::Base ();
use vars qw{$VERSION @ISA $ISCORE};
BEGIN {
- $VERSION = '1.00';
+ $VERSION = '1.01';
@ISA = qw{Module::Install::Base};
$ISCORE = 1;
}
commit f8770af63c896299f8b40bd3bdc71bec1c54093e
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Sep 5 00:05:52 2011 -0400
Version 1.0 releng
diff --git a/Changes b/Changes
index b8e5aef..eb7ef83 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,10 @@
Revision history for Net-Server-Coro
+1.0 Mon Sep 5 00:03:17 2011
+ * Catch and watn of possible CVE-2011-0411 attacks
+ * No longer make use of a bug in perl pre 5.14 wherein TIEHANDLE
+ happened to be called on scalars containing typeglobs
+
0.9 Sun Nov 15 11:53:17 2010
* Change socket code to work with Net::Server >= 0.99
diff --git a/META.yml b/META.yml
index 04c6ffe..6dd6cdf 100644
--- a/META.yml
+++ b/META.yml
@@ -23,4 +23,4 @@ requires:
Net::Server: 0
resources:
license: http://opensource.org/licenses/mit-license.php
-version: 0.9
+version: 1.0
diff --git a/lib/Net/Server/Coro.pm b/lib/Net/Server/Coro.pm
index 686184a..56ebddc 100644
--- a/lib/Net/Server/Coro.pm
+++ b/lib/Net/Server/Coro.pm
@@ -12,7 +12,7 @@ use Socket ();
use base qw(Net::Server);
use Net::Server::Proto::Coro;
-$VERSION = 0.9;
+$VERSION = '1.0';
=head1 NAME
commit a466919b27b09696fb51e9d162c99a2f8d843e0b
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Sep 5 01:35:30 2011 -0400
Version 1.1 releng -- now with working signature
diff --git a/Changes b/Changes
index eb7ef83..97b2c41 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,8 @@
Revision history for Net-Server-Coro
+1.1 Mon Sep 5 01:15:17 2011
+ * Fix SIGNATURE; no code changes
+
1.0 Mon Sep 5 00:03:17 2011
* Catch and watn of possible CVE-2011-0411 attacks
* No longer make use of a bug in perl pre 5.14 wherein TIEHANDLE
diff --git a/META.yml b/META.yml
index 6dd6cdf..847db97 100644
--- a/META.yml
+++ b/META.yml
@@ -23,4 +23,4 @@ requires:
Net::Server: 0
resources:
license: http://opensource.org/licenses/mit-license.php
-version: 1.0
+version: 1.1
diff --git a/SIGNATURE b/SIGNATURE
index 545eea9..2c6dcb5 100644
--- a/SIGNATURE
+++ b/SIGNATURE
@@ -1,5 +1,5 @@
This file contains message digests of all files listed in MANIFEST,
-signed via the Module::Signature module, version 0.66.
+signed via the Module::Signature module, version 0.68.
To verify the content in this distribution, first make sure you have
Module::Signature installed, then type:
@@ -14,26 +14,26 @@ not run its Makefile.PL or Build.PL.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-SHA1 869df37c1c6060ca00d810f31d0651bbf8992099 Changes
+SHA1 ac7e68c653531d1ce2bd614f4f6323523ca3f13a Changes
SHA1 6560e9fb53ffae9afbaddb4919987a778d7cfd88 MANIFEST
-SHA1 360220d22ff33aade281f065379db9707b447ad3 META.yml
+SHA1 4aa331a928d60ab527995fd4ed691f0ee2b8c612 META.yml
SHA1 bc22590cf5cc348fedc293e8ea39bcdc72ad897f Makefile.PL
SHA1 f5333026061a6f347e7f2a3ce8bb6847081c200c certs/server-cert.pem
SHA1 4b963cd4c2b0a7e073241b4bac727cb6f96276f8 certs/server-key.pem
-SHA1 7305dbe2904416e28decb05396988a5d51d578be inc/Module/Install.pm
-SHA1 129960509127732258570c122042bc48615222e1 inc/Module/Install/Base.pm
-SHA1 cf3356ed9a5bd2f732527ef9e7bc5ef4458c8a93 inc/Module/Install/Can.pm
-SHA1 bf0a3e1977effc2832d7a813a76dce3f31b437b6 inc/Module/Install/Fetch.pm
-SHA1 b721c93ca5bc9a6aa863b49af15f1b1de6125935 inc/Module/Install/Makefile.pm
-SHA1 026cc0551a0ad399d195e395b46bdf842e115192 inc/Module/Install/Metadata.pm
-SHA1 5457015ea5a50e93465bf2dafa29feebd547f85b inc/Module/Install/Win32.pm
-SHA1 051e7fa8063908befa3440508d0584a2497b97db inc/Module/Install/WriteAll.pm
-SHA1 065dd4af2c257ca8c73fbfc8aea67d328a03e156 lib/Net/Server/Coro.pm
-SHA1 ae1343edb7b6ce667e7f1f8ed3bfea423ab9e84a lib/Net/Server/Proto/Coro.pm
+SHA1 7b4ae50ebac72d20761171c4c2b50c206344ea40 inc/Module/Install.pm
+SHA1 d9fe55a427fe2fd75b5029afeeaa61b592e07f79 inc/Module/Install/Base.pm
+SHA1 62d3922826d9f89f20c185e7031ac8f028504745 inc/Module/Install/Can.pm
+SHA1 dc809f64fb70a26b069a36f8d3d353d520dbb7e1 inc/Module/Install/Fetch.pm
+SHA1 73ab91490a628452cc140db72ef9d13a1326d211 inc/Module/Install/Makefile.pm
+SHA1 8ce3f2b414e4617e6233dd4ba10830f8c5d672ec inc/Module/Install/Metadata.pm
+SHA1 3b0acd2eeac93a0afe48120f5648f0db362e5bbf inc/Module/Install/Win32.pm
+SHA1 f08924f051e623f8e09fa6a121993c4a9cf7d9eb inc/Module/Install/WriteAll.pm
+SHA1 54655ac2ab1391198f3951d05eb5cc3df80dab8b lib/Net/Server/Coro.pm
+SHA1 b50d07e251da5fe7a638845d2881e02c776d8465 lib/Net/Server/Proto/Coro.pm
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.10 (GNU/Linux)
+Version: GnuPG v1.4.11 (GNU/Linux)
-iEYEARECAAYFAkzgvUEACgkQMflWJZZAbqDsbgCfVgOJKMXilRg119irH62VaMpF
-LUgAoK6DmhGnHVRB1nobfCDc1h2L2YYI
-=bgZT
+iEYEARECAAYFAk5kX3QACgkQMflWJZZAbqDslgCgmV60MHIs64nSwzhvq/ZF6Nnr
+rHgAn3L7F4M/nt+LU533sUxi2fTrxSEu
+=FCqq
-----END PGP SIGNATURE-----
diff --git a/lib/Net/Server/Coro.pm b/lib/Net/Server/Coro.pm
index 56ebddc..1724460 100644
--- a/lib/Net/Server/Coro.pm
+++ b/lib/Net/Server/Coro.pm
@@ -12,7 +12,7 @@ use Socket ();
use base qw(Net::Server);
use Net::Server::Proto::Coro;
-$VERSION = '1.0';
+$VERSION = '1.1';
=head1 NAME
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list