Works like a charm! Bug raised (6415).
Thanks very much sir! Chris -----Original Message----- From: Mark Martinec [mailto:mark.martinec...@ijs.si] Sent: April 18, 2010 5:48 PM To: users@spamassassin.apache.org Subject: Re: Open of auto-whitelist file failed: Insecure dependency in eval... On Sunday April 18 2010 21:33:20 Chris Welch wrote: > I just upgraded a CentOS 5.4 system to Spamassassin 3.3.1. The upgrade was > done by a CPAN install with Perl. > > The previous version (3.2.5) had worked flawlessly for a couple of years. > However, the upgraded version reports an error in the spamd.log file: > > Sun Apr 18 15:21:10 2010 [7966] warn: auto-whitelist: > open of auto-whitelist file failed: > Insecure dependency in eval while running with -T switch > at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Util.pm line 996. Yes, a bug when you use a configuration directive auto_whitelist_db_modules. Either avoid its use, or apply the patch below. Please open a bug report, so that we can properly fold it into the next version. Index: lib/Mail/SpamAssassin/DBBasedAddrList.pm =================================================================== --- lib/Mail/SpamAssassin/DBBasedAddrList.pm (revision 935407) +++ lib/Mail/SpamAssassin/DBBasedAddrList.pm (working copy) @@ -24,7 +24,7 @@ use Fcntl; use Mail::SpamAssassin::PersistentAddrList; -use Mail::SpamAssassin::Util; +use Mail::SpamAssassin::Util qw(untaint_var); use Mail::SpamAssassin::Logger; our @ISA = qw(Mail::SpamAssassin::PersistentAddrList); @@ -54,6 +54,7 @@ }; my @order = split (' ', $main->{conf}->{auto_whitelist_db_modules}); + untaint_var(\...@order); my $dbm_module = Mail::SpamAssassin::Util::first_available_module (@order); if (!$dbm_module) { die "auto-whitelist: cannot find a usable DB package from auto_whitelist_db_modules: " . Mark
