Released fix for taint errors

John Wilcock john at tradoc.fr
Mon Jun 27 08:35:13 IST 2011 

Le 25/06/2011 22:14, Jules Field a écrit :
> I have just released version 4.84.1 beta, which I hope will avoid the
> taint errors that have been plaguing people running new versions of Perl.
>
> Please let me know how you get on.
>
> Sorry for the lack of contact, I've been really busy at work and some
> other stuff isn't going too well right now.
>
> Many thanks to all of you for providing support for users despite my
> absence, it is very much appreciated!

Hi Jules,

Firstly, good luck with the "other stuff".

Secondly, thanks for this fix. You're nearly there, but there are a few 
left I'm afraid:

> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/5.12.3/x86_64-linux/IO/File.pm line 185, <$fh> line 6.
> Insecure dependency in open while running with -T switch at /usr/lib64/perl5/vendor_perl/5.12.3/x86_64-linux/IO/File.pm line 185.
> Insecure dependency in chown while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 1381.
> Insecure dependency in chown while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 1381.
> Insecure dependency in chown while running with -T switch at /usr/lib/MailScanner/MailScanner/Message.pm line 1381.

This is on a gentoo box, so perl modules may not be the same versions as 
those in your tarballs. See MailScanner --version output below:

> This is Perl version 5.012003 (5.12.3)
>
> This is MailScanner version 4.84.1
> Module versions are:
> 1.00    AnyDBM_File
> 1.30    Archive::Zip
> 0.23    bignum
> 1.17    Carp
> 2.02401 Compress::Zlib
> 1.119   Convert::BinHex
> 0.17    Convert::TNEF
> 2.125   Data::Dumper
> 2.27    Date::Parse
> 1.03    DirHandle
> 1.06    Fcntl
> 2.78    File::Basename
> 2.18    File::Copy
> 2.02    FileHandle
> 2.08_01 File::Path
> 0.22    File::Temp
> 0.92    Filesys::Df
> 3.64    HTML::Entities
> 3.67    HTML::Parser
> 3.57    HTML::TokeParser
> 1.25    IO
> 1.14    IO::File
> 1.13    IO::Pipe
> 2.06    Mail::Header
> 1.89_01 Math::BigInt
> 0.24    Math::BigRat
> 3.08    MIME::Base64
> 5.427   MIME::Decoder
> 5.427   MIME::Decoder::UU
> 5.427   MIME::Head
> 5.427   MIME::Parser
> 3.08    MIME::QuotedPrint
> 5.427   MIME::Tools
> 0.14    Net::CIDR
> 1.25    Net::IP
> 0.19    OLE::Storage_Lite
> 1.04    Pod::Escapes
> 3.14    Pod::Simple
> 1.19    POSIX
> 1.23    Scalar::Util
> 1.87_01 Socket
> 2.20    Storable
> 1.4     Sys::Hostname::Long
> 0.27    Sys::Syslog
> missing Test::Pod
> 0.94    Test::Simple
> 1.9719  Time::HiRes
> 1.02    Time::localtime
>
> Optional module versions are:
> 1.54    Archive::Tar
> 0.23    bignum
> missing Business::ISBN
> missing Business::ISBN::Data
> missing Data::Dump
> 1.82    DB_File
> 1.31    DBD::SQLite
> 1.615   DBI
> 1.16    Digest
> 1.01    Digest::HMAC
> 2.39    Digest::MD5
> 2.12    Digest::SHA1
> 1.01    Encode::Detect
> 0.17016 Error
> 0.2703  ExtUtils::CBuilder
> 2.2205  ExtUtils::ParseXS
> 2.38    Getopt::Long
> missing Inline
> missing IO::String
> 1.10    IO::Zlib
> 2.23    IP::Country
> missing Mail::ClamAV
> 3.003002        Mail::SpamAssassin
> v2.007  Mail::SPF
> missing Mail::SPF::Query
> 0.3607  Module::Build
> missing Net::CIDR::Lite
> 0.66    Net::DNS
> v0.003  Net::DNS::Resolver::Programmable
> missing Net::LDAP
>  4.028  NetAddr::IP
> missing Parse::RecDescent
> missing SAVI
> 3.17    Test::Harness
> missing Test::Manifest
> 2.02    Text::Balanced
> 1.55    URI
> 0.82    version
> missing YAML


John.

-- 
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

More information about the MailScanner mailing list