Package: twiki
Version: 20040902-3
Problem occured after upgrading:
twiki 20040902-1.1 -> 20040902-3
apache2-common 2.0.53-5 -> 2.0.54-2
(other packages were also upgraded at the same time, complete list below)
Perl v5.8.4
Linux twiki 2.4.25 #1 SMP Fri Mar 5 10:32:46 EST 2004 i686 GNU/Linux
libc6 version 2.3.2.ds1-21
Problem description
-------------------
Immediately after upgrading Apache and TWiki as described above we
started getting this error:
Insecure dependency in exec while running with -T switch at
/usr/share/perl5/TWiki.pm line 3454.
Whenever we clicked the "Diffs" link on a TWiki topic.
The problem seems to start on line 378 of /usr/share/perl5/TWiki/UI/RDiff.pm
my $rev1 = $query->param( "rev1" );
At this point rev1 (and rev2) are tainted.
On line 410 (411 for rev2) they are run through a regexp:
$rev1 =~ s/r?1\.//go; # cut 'r' and major
but it does not seem sufficient to untaint them.
Changing the line to something like:
($rev1) = $rev1 =~ /r?1\.(\d*)/; # cut 'r' and major
does work.
Complete aptitude log from upgrade:
[EMAIL PROTECTED]:~# more /var/log/aptitude
Aptitude 0.2.15.8: log report
Sun May 1 13:44:01 2005
IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.
Will install 72 packages, and remove 0 packages.
633kB bytes of disk space will be freed
===============================================================================
[HOLD] ldap-utils
[HOLD] mutt
[UPGRADE] apache2-common 2.0.53-5 -> 2.0.54-2
[UPGRADE] apache2-mpm-prefork 2.0.53-5 -> 2.0.54-2
[UPGRADE] apache2-utils 2.0.53-5 -> 2.0.54-2
[UPGRADE] aptitude 0.2.15.8-1 -> 0.2.15.9-2
[UPGRADE] base-config 2.53.7 -> 2.53.8
[UPGRADE] cpp-3.3 1:3.3.5-8 -> 1:3.3.5-12
[UPGRADE] dash 0.5.2-2 -> 0.5.2-4
[UPGRADE] debconf 1.4.30.11 -> 1.4.30.13
[UPGRADE] debconf-i18n 1.4.30.11 -> 1.4.30.13
[UPGRADE] debconf-utils 1.4.30.11 -> 1.4.30.13
[UPGRADE] fakeroot 1.2.2 -> 1.2.10
[UPGRADE] findutils 4.1.20-5 -> 4.1.20-6
[UPGRADE] g++-3.3 1:3.3.5-8 -> 1:3.3.5-12
[UPGRADE] gcc-3.3 1:3.3.5-8 -> 1:3.3.5-12
[UPGRADE] gcc-3.3-base 1:3.3.5-8 -> 1:3.3.5-12
[UPGRADE] glibc-doc 2.3.2.ds1-20 -> 2.3.2.ds1-21
[UPGRADE] grep-dctrl 2.1.9 -> 2.1.10
[UPGRADE] grub 0.95+cvs20040624-16 -> 0.95+cvs20040624-17
[UPGRADE] hotplug 0.0.20040329-21 -> 0.0.20040329-22
[UPGRADE] initrd-tools 0.1.77 -> 0.1.78
[UPGRADE] irqbalance 0.12-1 -> 0.12-2
[UPGRADE] kernel-package 8.125 -> 8.132
[UPGRADE] libapache2-mod-auth-pam 1.1.1-4.1 -> 1.1.1-6
[UPGRADE] libapache2-mod-perl2 1.999.20-1 -> 1.999.21-1
[UPGRADE] libapr0 2.0.53-5 -> 2.0.54-2
[UPGRADE] libc6 2.3.2.ds1-20 -> 2.3.2.ds1-21
[UPGRADE] libc6-dev 2.3.2.ds1-20 -> 2.3.2.ds1-21
[UPGRADE] libc6-i686 2.3.2.ds1-20 -> 2.3.2.ds1-21
[UPGRADE] libcupsys2-gnutls10 1.1.23-7 -> 1.1.23-10
[UPGRADE] libdbd-mysql-perl 2.9003-4 -> 2.9006-1
[UPGRADE] libfreetype6 2.1.7-2.3 -> 2.1.7-2.4
[UPGRADE] libfreetype6-dev 2.1.7-2.3 -> 2.1.7-2.4
[UPGRADE] libglib2.0-0 2.6.3-1 -> 2.6.4-1
[UPGRADE] libglib2.0-dev 2.6.3-1 -> 2.6.4-1
[UPGRADE] libltdl3 1.5.6-4 -> 1.5.6-6
[UPGRADE] libmysqlclient12 4.0.24-2 -> 4.0.24-5
[UPGRADE] libnet-ldap-perl 0.3202-2 -> 0.3202-3
[UPGRADE] libnss-ldap 220-1 -> 238-1
[UPGRADE] libpam-krb5 1.0-10 -> 1.0-12
[UPGRADE] libqt3-compat-headers 3:3.3.3-8 -> 3:3.3.4-3
[UPGRADE] libqt3-headers 3:3.3.3-8 -> 3:3.3.4-3
[UPGRADE] libqt3c102-mt 3:3.3.3-8 -> 3:3.3.4-3
[UPGRADE] libsensors3 1:2.9.0-19 -> 1:2.9.1-1
[UPGRADE] libstdc++5 1:3.3.5-8 -> 1:3.3.5-12
[UPGRADE] libstdc++5-3.3-dev 1:3.3.5-8 -> 1:3.3.5-12
[UPGRADE] liburi-perl 1.30-1 -> 1.35-1
[UPGRADE] libusb-0.1-4 2:0.1.10a-6 -> 2:0.1.10a-8
[UPGRADE] libxft2 2.1.2-6 -> 2.1.7-1
[UPGRADE] locales 2.3.2.ds1-20 -> 2.3.2.ds1-21
[UPGRADE] mysql-client 4.0.24-2 -> 4.0.24-5
[UPGRADE] mysql-common 4.0.24-2 -> 4.0.24-5
[UPGRADE] mysql-server 4.0.24-2 -> 4.0.24-5
[UPGRADE] nano 1.2.4-3 -> 1.2.4-5
[UPGRADE] nscd 2.3.2.ds1-20 -> 2.3.2.ds1-21
[UPGRADE] pdksh 5.2.14-17 -> 5.2.14-18
[UPGRADE] pkg-config 0.15.0-4 -> 0.16.0-1
[UPGRADE] po-debconf 0.8.22 -> 0.8.23
[UPGRADE] qt3-dev-tools 3:3.3.3-8 -> 3:3.3.4-3
[UPGRADE] rsync 2.6.3-2 -> 2.6.4-2
[UPGRADE] samba 3.0.10-1 -> 3.0.14a-1
[UPGRADE] samba-common 3.0.10-1 -> 3.0.14a-1
[UPGRADE] sharutils 1:4.2.1-11 -> 1:4.2.1-13
[UPGRADE] shorewall 2.2.2-1 -> 2.2.3-1
[UPGRADE] sudo 1.6.8p7-1 -> 1.6.8p7-1.1
[UPGRADE] twiki 20040902-1.1 -> 20040902-3
[UPGRADE] udev 0.056-1 -> 0.056-2
[UPGRADE] ulogd 1.02-1 -> 1.02-2
[UPGRADE] usbutils 0.70-2 -> 0.70-5
[UPGRADE] vim 1:6.3-067+2 -> 1:6.3-068+4
[UPGRADE] vim-common 1:6.3-067+2 -> 1:6.3-068+4
[UPGRADE] winbind 3.0.10-1 -> 3.0.14a-1
[UPGRADE] zsh 4.2.4-8 -> 4.2.5-7
===============================================================================
Log complete.
Aptitude 0.2.15.9: log report
Sun May 1 13:47:03 2005
IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.
Will install 0 packages, and remove 0 packages.
===============================================================================
[HOLD] ldap-utils
[HOLD] mutt
===============================================================================
Log complete.
Aptitude 0.2.15.9: log report
Sun May 1 13:47:13 2005
IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.
Will install 4 packages, and remove 3 packages.
799kB of disk space will be used
===============================================================================
[REMOVE, NOT USED] libiodbc2
[REMOVE, NOT USED] libltdl3
[REMOVE, NOT USED] libslp1
[INSTALL, DEPENDENCIES] libdb4.3
[INSTALL, DEPENDENCIES] libldap-2.2-7
[UPGRADE] ldap-utils 2.1.30-3 -> 2.2.23-1
[UPGRADE] mutt 1.5.6-20040907+3 -> 1.5.9-1
===============================================================================
Log complete.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
