Bug 2130625 (perl-Inline-epel9)
| Summary: | Please branch and build perl-Inline in epel9 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Michel Lind <michel> |
| Component: | perl-Inline | Assignee: | Jitka Plesnikova <jplesnik> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | epel9 | CC: | caillon+fedoraproject, jplesnik, kasal, mspacek, perl-devel, ppisar, rhughes, rstrode, sandmann |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | perl-Inline-0.86-10.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-21 01:13:41 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2130628, 2130630 | ||
| Bug Blocks: | 2130616 | ||
|
Description
Michel Lind
2022-09-28 18:01:18 UTC
FEDORA-EPEL-2022-a935feca4a has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a935feca4a FEDORA-EPEL-2022-a935feca4a has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a935feca4a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. perl-Inline-0.86-10.el9 damages multi-line environment variables.
A reproducer with perl-Inline-C:
$ rm -rf _Inline; perl -Ilib -e 'use Inline Config => UNTAINT => 1; use Inline C => q{void foo(void) { return; }};'
In Inline::env_untaint() : Blindly untainting tainted fields in %ENV.
In Inline::check_config_file(): Blindly untainting Inline configuration file information.
In Inline::env_untaint() : Blindly untainting tainted fields in %ENV.
In Inline::obj_untaint() : Blindly untainting tainted fields in Inline object.
sh: which: line 1: syntax error: unexpected end of file
sh: error importing function definition for `which'
sh: which: line 1: syntax error: unexpected end of file
sh: error importing function definition for `which'
sh: which: line 1: syntax error: unexpected end of file
sh: error importing function definition for `which'
The error messages come from bash because BASH_FUNC_which%%=() shell function set in /etc/profile.d/which2.sh (which-2.21-28.el9). It's not reproducible in Fedora 38 because "which" package stopped defining the shell function.
The environment variable is damaged in Inline::env_untaint() with this regular expression:
for (keys %ENV) {
($ENV{$_}) = $ENV{$_} =~ /(.*)/;
}
That was confirmed with a debugging warnings around the regexp:
UNTAIN BEFORE: BASH_FUNC_which%%=() { ( alias;
eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@
} at ../../perl-Inline/Inline-0.86/lib/Inline.pm line 1089.
UNTAIN AFTER: BASH_FUNC_which%%=() { ( alias; at ../../perl-Inline/Inline-0.86/lib/Inline.pm line 1091.
A pure Inline reproducer:
$ perl -Ilib -e 'use Inline; $ENV{foo}="a\nb"; Inline::env_untaint(); print "<$ENV{foo}>\n"'
In Inline::env_untaint() : Blindly untainting tainted fields in %ENV.
<a>
A fix is posted at <https://github.com/ingydotnet/inline-pm/pull/80>.
FEDORA-EPEL-2022-a935feca4a has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report. |