Bug 510127

Summary: perl taint bug
Product: [Fedora] Fedora Reporter: Warren Togami <wtogami>
Component: perlAssignee: Marcela Mašláňová <mmaslano>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: kasal, lkundrak, mmaslano, psplicha, rc040203, tcallawa
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-20 11:26:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
a patch to work around this bug none

Description Warren Togami 2009-07-07 19:08:24 UTC
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6148
Upstream spamassassin says our perl is effected by a tainting bug.  While they have worked around the problem for now, we should verify that Fedora 12 does not generally have this problem.

Comment 1 Marcela Mašláňová 2009-07-27 06:16:58 UTC
In upstream ticket was attached new patch for spam-assassin. Would it be working only with fix in SA or have I apply patch to perl?

Comment 2 Warren Togami 2009-07-27 16:00:10 UTC
They are working around it in spamassassin, but they point out that this is a bug in perl.

Comment 3 Marcela Mašláňová 2009-07-28 08:02:54 UTC
This should be fixed in rawhide. Please test the latest perl build with patch mentioned in upstream spam assassin ticket. 
http://koji.fedoraproject.org/koji/taskinfo?taskID=1547911

Comment 4 Marcela Mašláňová 2009-07-30 12:56:03 UTC
Please let me know whether this change helped.

Comment 5 Marcela Mašláňová 2009-09-14 14:23:44 UTC
Ping?

The workaround is in perl package. What's the correct solution? They will fix it in upstream of perl or upstream of spamassassin?

Comment 6 Marcela Mašláňová 2009-10-21 06:16:08 UTC
I applied patch long time ago, so I believe it's working if no-one had any comments. Closing bug for F-12 with fix in perl-4:5.10.0-77 and higher.

Comment 7 Stepan Kasal 2009-11-24 10:19:47 UTC
Created attachment 373380 [details]
a patch to work around this bug

For the record, this is that patch introduced in perl-5.10.0-77.

Comment 8 Stepan Kasal 2009-11-24 13:11:40 UTC
The attachment from perl-5.10.0-77 proved to cause weird problems, see bug #528572, so it is safer to back it out.  It was a workaround for one particular instance of the problem, anyway.

The real problem is discussed upstream:
http://rt.perl.org/rt3//Public/Bug/Display.html?id=67962

As of now, no solution for this bug is available.

Since SpamAssassin contain a work aruound for this issue, I do not think this has to be F-12 blocker.

Comment 9 Marcela Mašláňová 2010-01-20 11:26:42 UTC
I suppose this was also fixed by perl-5.10.1.