Fails to work with Perl 5.18

[gregoa]

Forwarded from http://bugs.debian.org/722159

After the upgrade from Perl 5.14 to 5.18 spampd doesn't start:

Sep  8 17:53:05 trantor spampd[3693]: Process Backgrounded
Sep  8 17:53:05 trantor spampd[3693]: 2013/09/08-17:53:05 Insecure dependency in open while running with -T switch at /usr/share/perl5/Net/Server/Daemonize.pm line 75.#012#012  at line 180 in file /usr/share/perl5/Net/Server.pm
Sep  8 17:53:05 trantor spampd[3693]: 2013/09/08-17:53:05 Server closing!

[mpaperno]

Thanks for reporting. I pushed a possible fix, based on the related postgrey bug/fix. Unfortunately I have no way to test this, so please let me know how it goes.

Cheers, -Max

[gregoa]

Thanks, I'll ask the original but submitter for a test & feedback.

[gregoa]

According to http://bugs.debian.org/722159#24 , the patch did not fix the submitter's problem :/

(Maybe you could try to work this out together? Copypasting between the Debian BTS and github seems a bit inefficient ...)

[meskes]

The following patch fixes the problem for me. I didn't check if untainting less variables would be sufficient, too, though.

Michael

--- spampd 2013-11-04 16:03:52.000000000 +0100 +++ /usr/sbin/spampd 2013-11-04 16:05:05.000000000 +0100 @@ -900,6 +900,22 @@ usage(0); }

+# Untaint some options provided by admin command line. +$pidfile =~ /^(.)$/; +$pidfile = $1; + +$relayhost =~ /^(.)$/; +$relayhost = $1; + +$relayport =~ /^(.)$/; +$relayport = $1; + +$host =~ /^(.)$/; +$host = $1; + +$port =~ /^(.*)$/; +$port = $1; + if ( $options{tagall} ) { $tagall = 1; } if ( $options{'log-rules-hit'} ) { $rh = 1; } if ( $options{debug} ) { $debug = 1; $nsloglevel = 4; }

[mpaperno]

Thanks Michael! Update pushed. Marking issue closed for now. Gregor, thanks for your time as well.

-Max

[Nagilum23]

The regexps are incomplete. Better use this: http://paste.ubuntu.com/6993312/