Bug 2130625 (perl-Inline-epel9)
Summary: | Please branch and build perl-Inline in epel9 | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Michel Lind <michel> |
Component: | perl-Inline | Assignee: | Jitka Plesnikova <jplesnik> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | epel9 | CC: | caillon+fedoraproject, jplesnik, kasal, mspacek, perl-devel, ppisar, rhughes, rstrode, sandmann |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | perl-Inline-0.86-10.el9 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-21 01:13:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2130628, 2130630 | ||
Bug Blocks: | 2130616 |
Description
Michel Lind
2022-09-28 18:01:18 UTC
FEDORA-EPEL-2022-a935feca4a has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a935feca4a FEDORA-EPEL-2022-a935feca4a has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a935feca4a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. perl-Inline-0.86-10.el9 damages multi-line environment variables. A reproducer with perl-Inline-C: $ rm -rf _Inline; perl -Ilib -e 'use Inline Config => UNTAINT => 1; use Inline C => q{void foo(void) { return; }};' In Inline::env_untaint() : Blindly untainting tainted fields in %ENV. In Inline::check_config_file(): Blindly untainting Inline configuration file information. In Inline::env_untaint() : Blindly untainting tainted fields in %ENV. In Inline::obj_untaint() : Blindly untainting tainted fields in Inline object. sh: which: line 1: syntax error: unexpected end of file sh: error importing function definition for `which' sh: which: line 1: syntax error: unexpected end of file sh: error importing function definition for `which' sh: which: line 1: syntax error: unexpected end of file sh: error importing function definition for `which' The error messages come from bash because BASH_FUNC_which%%=() shell function set in /etc/profile.d/which2.sh (which-2.21-28.el9). It's not reproducible in Fedora 38 because "which" package stopped defining the shell function. The environment variable is damaged in Inline::env_untaint() with this regular expression: for (keys %ENV) { ($ENV{$_}) = $ENV{$_} =~ /(.*)/; } That was confirmed with a debugging warnings around the regexp: UNTAIN BEFORE: BASH_FUNC_which%%=() { ( alias; eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@ } at ../../perl-Inline/Inline-0.86/lib/Inline.pm line 1089. UNTAIN AFTER: BASH_FUNC_which%%=() { ( alias; at ../../perl-Inline/Inline-0.86/lib/Inline.pm line 1091. A pure Inline reproducer: $ perl -Ilib -e 'use Inline; $ENV{foo}="a\nb"; Inline::env_untaint(); print "<$ENV{foo}>\n"' In Inline::env_untaint() : Blindly untainting tainted fields in %ENV. <a> A fix is posted at <https://github.com/ingydotnet/inline-pm/pull/80>. FEDORA-EPEL-2022-a935feca4a has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report. |