On Sunday April 18 2010 21:33:20 Chris Welch wrote:
> I just upgraded a CentOS 5.4 system to Spamassassin 3.3.1. The upgrade was
> done by a CPAN install with Perl.
>
> The previous version (3.2.5) had worked flawlessly for a couple of years.
> However, the upgraded version reports an error in the spamd.log file:
>
> Sun Apr 18 15:21:10 2010 [7966] warn: auto-whitelist:
> open of auto-whitelist file failed:
> Insecure dependency in eval while running with -T switch
> at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Util.pm line 996.
Yes, a bug when you use a configuration directive auto_whitelist_db_modules.
Either avoid its use, or apply the patch below.
Please open a bug report, so that we can properly fold it into
the next version.
Index: lib/Mail/SpamAssassin/DBBasedAddrList.pm
===================================================================
--- lib/Mail/SpamAssassin/DBBasedAddrList.pm (revision 935407)
+++ lib/Mail/SpamAssassin/DBBasedAddrList.pm (working copy)
@@ -24,7 +24,7 @@
use Fcntl;
use Mail::SpamAssassin::PersistentAddrList;
-use Mail::SpamAssassin::Util;
+use Mail::SpamAssassin::Util qw(untaint_var);
use Mail::SpamAssassin::Logger;
our @ISA = qw(Mail::SpamAssassin::PersistentAddrList);
@@ -54,6 +54,7 @@
};
my @order = split (' ', $main->{conf}->{auto_whitelist_db_modules});
+ untaint_var(\...@order);
my $dbm_module = Mail::SpamAssassin::Util::first_available_module (@order);
if (!$dbm_module) {
die "auto-whitelist: cannot find a usable DB package from
auto_whitelist_db_modules: " .
Mark
