Michael, > more perl 5.8.9 issues? Or did I miss a patch in between testing updates > and patching? > > Mar 22 23:00:27 mx1 amavis[34688]: (34688-15) (!)Decoding of p002 (Zip > archive data, at least v2.0 to extract) failed, leaving it unpacked: > Insecure dependency in sysopen while running with -T switch at > /usr/local/lib/perl5/5.8.9/mach/IO/File.pm line 180. > happening since I upgraded to perl 5.8.9 (I HATE perl upgrades) > > I THINK I had these and patches installed. (from amavisd-new ports) > > - $mp->open($mbxname, O_APPEND|O_WRONLY, 0640) > + # O_WRONLY etc. can become tainted in Perl5.8.9 > [perlbug #62502] > + $mp->open($mbxname, untaint(O_APPEND|O_WRONLY), 0640) > > is this TWO different issues?
It would be a patch chunk '@@ -21931,7 +21936,8 @@' in FreeBSD ports. It is not clear which of the IO::File::open calls fails, it can be either the call from do_unzip (supposedly fixed by a workaround patch), or directly called from Archive::Zip::read, over which we have no control. It is probably caused by the same perl 5.8.9 bug. Somehow it wasn't happening here, or I would have investigated it. The perl people apparently have no will or manpower in fixing it for 5.8.*. Now that perl 5.10.0 is in FreeBSD ports, the situation is less serious. > pkg_info | grep -i 'p5.*zlib' > p5-Compress-Raw-Zlib-2.008 Low-Level Interface to zlib compression library > p5-Compress-Zlib-2.008 Perl5 interface to zlib compression library > p5-IO-Compress-Zlib-2.008 Perl5 interface for reading and writing of > (g)zip files > p5-IO-Zlib-1.07 IO:: style interface to Compress::Zlib > > upgraded to freebsd ports 2.6.2_2,1 just to make sure I didn't miss a patch > (but I was running 2.6.2_1,1) > > (I don't see p5-IO-Zlib 2.0 in freebsd ports or on cpan, what is this > referring to? Zip archive data, at least v2.0 to extract) The IO::Zlib was used by Archive::Tar, which is no longer supported or needed by amavisd. It is the archivers/p5-IO-Zlib in ports. The "Zip archive data, at least v2.0 to extract" is what the file(1) utility reports, it is a version of a zip format. Mark ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
