| Date | Commit message (Collapse) |
|---|
|
|
|
|
|
CVE-2016-1238: avoid loading Net::LocalCfg from default .
|
|
This accidentally overrode the timeout() in Net::FTP's $IOCLASS. Instead,
we now document that timeout() needs to be provided by the Net::Cmd
sub-class (normally by inheriting from IO::Socket::INET or similar (which
in turn inherit from IO::Socket, which provides timeout()), which most
users seem to do anyway).
Similarly, document that close() most also be provided (normally by
inheriting from IO::Handle, which IO::Socket::INET or similar also do, via
IO::Socket).
This fixes CPAN RT#116345. Thanks to ppisar@redhat.com for the analysis.
|
|
Net::Cfg treats Net::LocalCfg as an optional load, if a site does not
have Net::LocalCfg in the standard places perl will attempt to load
it from the . entry in @INC.
If the current directory happens to be world writable (like /tmp) an
attacker can create Net/LocalCfg.pm to run code as any user that
runs code that loads Net::Cfg in that directory.
This patch temporarily removes the default . entry from @INC when
loading Net::LocalCfg to prevent that.
|
|
|
|
|
|
|
|
Previuosly, subclasses were required to provide a timeout() function, but
this was not documented anywhere!
Fixes CPAN RT#110978.
|
|
See https://rt.cpan.org/Ticket/Display.html?id=104545
|
|
Include decoded (from base64) negotiation for SASL.
|
|
Adapted from PR#26.
|
|
Correct innd/nnrpd confusion in relation to Reader option
|
|
Adapt tests to Test2 revision of Test::More::note().
|
|
In each of the three t/*_ipv6.t test files, a helper subroutine was defined
whose last statement was an invocation of Test::More::note(). Under the old
Test::Builder framework, note() would always have returned a defined value of
0. However, in the Test2 framework -- which is in Perl 5 blead as of 5.25.2
-- note() calls the release() method from lib/Test2/API/Context.pm -- and
release() has a bare return, which is treated as 'undef' in scalar context.
Perl's exit function wants to return a non-negative integer value. Hence, we
should guarantee that these helper subroutines -- which are invoked by exit()
calls in each of the three files -- explicitly return 0 upon success.
|
|
Text is prefixed with (decoded) and appears before on sends and after
on receives.
|
|
In the 'Reader' paragraph of the 'Constructor' section, the text has
nnrpd and innd the wrong way round
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=51962
|
|
|
|
|
|
|
|
|
|
Fix syswrite in Net::Cmd
|
|
POD fix escape of > character
|
|
fix pop3 demo program
|
|
minor POD error
|
|
fix smtp demo program
|
|
|
|
Two other methods in Net::Cmd did syswrite() calls, both
without a loop or timeout. This replaces those with a call
to the new, common _syswrite_with_timeout() method, which
does both correctly and restarts after EINTR.
|
|
|
|
C<Debug => 1> doesn't render correctly because of the embedded ">".
|
|
Getopt::Long requires that implicit option variables ($opt_XXX) be declared with "our" and not "my". At least using Getopt::Long 2.38 / perl 5.14, this results in the $opt_* never getting any values filled in.
|
|
should close an =over with a =back before starting a new =head1, or you get the following errors from perldoc:
POD ERRORS
Hey! The above document had some coding errors, which are explained below:
Around line 36:
You forgot a '=back' before '=head1'
Around line 42:
=back without =over
|
|
Getopt::Long requires that implicit option variables ($opt_XXX) be declared with "our" and not "my".
|
|
|
|
Based on a patch by Jan Viktorin <viktorin@rehivetech.com>. Fixes CPAN
RT#106183.
|
|
|
|
|
|
We do not need to check the lower bound since we only support Perl 5.8.1
and higher anyway.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
https://github.com/ColMelvin/perl-libnet into ColMelvin-use-MLSD-for-more-robustness
|
|
|
|
|
|
let FTP, NNTP, POP3, SMTP restrict Domain to IPv4 even if IPv6 is sup…
|
|
fix a typo in pod
|
|
The data passed to datasend() should already be encoded, but it can
sometimes happen that the string holding the octets gets accidentally
upgraded and it was wrong for datasend() to treat it differently in
that case.
Fixes CPAN RT#104433. Many thanks to Ricardo and Aristotle for their help
on the ticket.
|