Perl problems on FreeBSD (again)

Wed Oct 21 15:16:25 IST 2009

Mog wrote:
> 
> Kevin Kobb wrote:
>> Mog wrote:
>>> Hi all,
>>>
>>> I upgraded MailScanner last night along with a number of other ports, 
>>> which unfortunately included a micro update to Perl. On FreeBSD it 
>>> went from perl-5.10.0 to perl-5.10.1, and judging by the error 
>>> messages in the maillog, it seems that the old taint mode problem has 
>>> resurfaced:
>>>
>>> Could not use Custom Function code 
>>> /usr/local/lib/MailScanner/MailScanner/CustomFunctions/SpamWhitelist.pm, 
>>> it could not be "require"d. Make sure the last line is "1;" and the 
>>> module is correct with perl -wc (Error: Insecure dependency in 
>>> require while running with -T switch at 
>>> /usr/local/lib/MailScanner/MailScanner/Config.pm line 754.
>>>
>>> I'm seeing this same error message being shown for these files as 
>>> well: MyExample.pm, DavidHooton.pm, LastSpam.pm, 
>>> GenericSpamScanner.pm, CustomAction.pm, Ruleset-from-Function.pm and 
>>> ZMRouterDirHash.pm.
>>>
>>>
>>>  From what I understand, FreeBSD runs perl programs with the -T 
>>> option (taint mode), which is basically some additional security 
>>> check. If I'm reading this right, the additional security check (for 
>>> some reason) seems to have a problem with 'eval { require $fullfile; 
>>> };', the code used to require the CustomFunction modules MailScanner 
>>> uses:
>>>
>>>    $fullfile = "$dir/$filename";
>>>    next unless -f $fullfile and -s $fullfile;
>>>    eval { require $fullfile; };
>>>    if ($@) {
>>>      MailScanner::Log::WarnLog("Could not use Custom Function code 
>>> %s, " .
>>>                                "it could not be \"require\"d. Make 
>>> sure " .
>>>                                "the last line is \"1;\" and the 
>>> module " .
>>>                                "is correct with perl -wc (Error: %s)",
>>>                                $fullfile, $@);
>>>    }
>>>
>>>
>>> Does this makes sense to anyone? Naturally I've reported this problem 
>>> to the FreeBSD people as well to see if they can help work out what 
>>> is going on.
>>>
>>> Regards,
>>> mog
>>
>> What process did you use to upgrade MailScanner/Perl? If you used 
>> portupgrade, please give the command line you used.
> 
> Hi,
> 
> Thanks for responding.
> 
> I used something along the lines of:
> 
> portupgrade -rR perl
> perl-after-upgrade
> portupgrarde -rR mailscanner
> 
> At one point I think I removed all the perl ports, mailscanner, 
> spamassassin etc to fix dependencies and such.

I did the pretty much the same upgrade this last weekend (perl to 
5.10.1, MailScanner to 4.78.17, plus PHP 5.2.11 to fix security issues).

This is how I went about it, and everything is working fine.
1. Update your ports tree and fetch or build a new index.
2. Run portsclean -C to clean out any existing work directories.
3. Run portupgrade -fr perl... (If you don't specify -f, portupgrade 
won't rebuild packages that are up to date) This will automatically 
rebuild MailScanner, spamassassin, all perl apps.
4. perl-after-upgrade && perl-after-upgrade -f
5. Reboot

Can't guarantee this will work for you, but this is the way I do it, and 
it has always worked for me.