[Bug 2130625] Please branch and build perl-Inline in epel9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2130625



--- Comment #4 from Petr Pisar <ppisar@xxxxxxxxxx> ---
perl-Inline-0.86-10.el9 damages multi-line environment variables.

A reproducer with perl-Inline-C:

$ rm -rf _Inline; perl -Ilib -e 'use Inline Config => UNTAINT => 1; use Inline
C => q{void foo(void) { return; }};'
In Inline::env_untaint() : Blindly untainting tainted fields in %ENV.
In Inline::check_config_file(): Blindly untainting Inline configuration file
information.
In Inline::env_untaint() : Blindly untainting tainted fields in %ENV.
In Inline::obj_untaint() : Blindly untainting tainted fields in Inline object.
sh: which: line 1: syntax error: unexpected end of file
sh: error importing function definition for `which'
sh: which: line 1: syntax error: unexpected end of file
sh: error importing function definition for `which'
sh: which: line 1: syntax error: unexpected end of file
sh: error importing function definition for `which'

The error messages come from bash because BASH_FUNC_which%%=() shell function
set in /etc/profile.d/which2.sh (which-2.21-28.el9). It's not reproducible in
Fedora 38 because "which" package stopped defining the shell function.

The environment variable is damaged in Inline::env_untaint() with this regular
expression:

      for (keys %ENV) {
          ($ENV{$_}) = $ENV{$_} =~ /(.*)/;
      }

That was confirmed with a debugging warnings around the regexp:

UNTAIN BEFORE: BASH_FUNC_which%%=() {  ( alias;
 eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias
--read-functions --show-tilde --show-dot $@
} at ../../perl-Inline/Inline-0.86/lib/Inline.pm line 1089.
UNTAIN AFTER: BASH_FUNC_which%%=() {  ( alias; at
../../perl-Inline/Inline-0.86/lib/Inline.pm line 1091.

A pure Inline reproducer:

$ perl -Ilib -e 'use Inline; $ENV{foo}="a\nb"; Inline::env_untaint(); print
"<$ENV{foo}>\n"'
In Inline::env_untaint() : Blindly untainting tainted fields in %ENV.
<a>

A fix is posted at <https://github.com/ingydotnet/inline-pm/pull/80>.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2130625
_______________________________________________
perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Fedora PHP Devel]     [Kernel Devel]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite Information]

  Powered by Linux