https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6884
--- Comment #7 from Mark Martinec <[email protected]> --- The reason why it happens to give consistent results on Jenkins, and why it fails in 2/3 of runs on my host is in a version of perl: perl5176delta - what is new for perl v5.17.6 Per process hash randomization The seed used by Perl's hash function is now random. This means that the order which keys/values will be returned from functions like "keys()", "values()", and "each()" will differ from run to run. This change was introduced to make Perl's hashes more robust to algorithmic complexity attacks, and also because we discovered that it exposes hash ordering dependency bugs and makes them easier to track down. Toolchain maintainers might want to invest in additional infrastructure to test for things like this. Running tests several times in a row and then comparing results will make it easier to spot hash order dependencies in code. Authors are strongly encouraged not to expose the key order of Perl's hashes to insecure audiences. Lucily/unluckily this exposes a bug in SA::Plugin::URIDNSBL::complete_dnsbl_lookup where a hit is inappropriately scored for all rules with the same subrule filter. -- You are receiving this mail because: You are the assignee for the bug.
