Open of auto-whitelist file failed: Insecure dependency in eval...

2010-04-18 Thread Chris Welch 
I just upgraded a CentOS 5.4 system to Spamassassin 3.3.1.  The upgrade was
done by a CPAN install with Perl.

The previous version (3.2.5) had worked flawlessly for a couple of years.
However, the upgraded version reports an error in the spamd.log file:

Sun Apr 18 15:21:10 2010 [7966] warn: auto-whitelist: open of auto-whitelist
file failed: Insecure dependency in eval while running with -T switch at
/usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Util.pm line 996.

I tried numerous permission changes but can't clear the error.

Spamassassin is launched using:

/usr/bin/spamd -u exim -s /var/log/spamd.log -i 0.0.0.0 -A
192.168.0.0/24,127.0.0.1 -d

Running perl v 5.8.8

It doesn't report any problems with the Bayes databases.  They are updated
without error.  The auto-whitelist DB is configured to be store at the same
location.

Spamassassin is running fine otherwise and properly flagging spam and non
spam messages.  The only problem appears to be that AWL is failed.

Any suggestions to resolve the problem would be appreciated.

Tx much!

Chris

RE: Open of auto-whitelist file failed: Insecure dependency in eval...

2010-04-18 Thread Chris Welch 
Works like a charm!

Bug raised (6415).

Thanks very much sir!

Chris

-Original Message-
From: Mark Martinec [mailto:mark.martinec...@ijs.si] 
Sent: April 18, 2010 5:48 PM
To: users@spamassassin.apache.org
Subject: Re: Open of auto-whitelist file failed: Insecure dependency in
eval...

On Sunday April 18 2010 21:33:20 Chris Welch wrote:

 I just upgraded a CentOS 5.4 system to Spamassassin 3.3.1.  The upgrade
was
 done by a CPAN install with Perl.
 
 The previous version (3.2.5) had worked flawlessly for a couple of years.
 However, the upgraded version reports an error in the spamd.log file:
 
 Sun Apr 18 15:21:10 2010 [7966] warn: auto-whitelist:
  open of auto-whitelist file failed:
  Insecure dependency in eval while running with -T switch
  at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Util.pm line 996.

Yes, a bug when you use a configuration directive auto_whitelist_db_modules.
Either avoid its use, or apply the patch below.

Please open a bug report, so that we can properly fold it into
the next version.


Index: lib/Mail/SpamAssassin/DBBasedAddrList.pm
===
--- lib/Mail/SpamAssassin/DBBasedAddrList.pm(revision 935407)
+++ lib/Mail/SpamAssassin/DBBasedAddrList.pm(working copy)
@@ -24,7 +24,7 @@
 use Fcntl;
 
 use Mail::SpamAssassin::PersistentAddrList;
-use Mail::SpamAssassin::Util;
+use Mail::SpamAssassin::Util qw(untaint_var);
 use Mail::SpamAssassin::Logger;
 
 our @ISA = qw(Mail::SpamAssassin::PersistentAddrList);
@@ -54,6 +54,7 @@
   };
 
   my @order = split (' ', $main-{conf}-{auto_whitelist_db_modules});
+  untaint_var(\...@order);
   my $dbm_module = Mail::SpamAssassin::Util::first_available_module
(@order);
   if (!$dbm_module) {
 die auto-whitelist: cannot find a usable DB package from
auto_whitelist_db_modules:  .



Mark