https://bugzilla.redhat.com/show_bug.cgi?id=2130625 --- Comment #4 from Petr Pisar <ppisar@xxxxxxxxxx> --- perl-Inline-0.86-10.el9 damages multi-line environment variables. A reproducer with perl-Inline-C: $ rm -rf _Inline; perl -Ilib -e 'use Inline Config => UNTAINT => 1; use Inline C => q{void foo(void) { return; }};' In Inline::env_untaint() : Blindly untainting tainted fields in %ENV. In Inline::check_config_file(): Blindly untainting Inline configuration file information. In Inline::env_untaint() : Blindly untainting tainted fields in %ENV. In Inline::obj_untaint() : Blindly untainting tainted fields in Inline object. sh: which: line 1: syntax error: unexpected end of file sh: error importing function definition for `which' sh: which: line 1: syntax error: unexpected end of file sh: error importing function definition for `which' sh: which: line 1: syntax error: unexpected end of file sh: error importing function definition for `which' The error messages come from bash because BASH_FUNC_which%%=() shell function set in /etc/profile.d/which2.sh (which-2.21-28.el9). It's not reproducible in Fedora 38 because "which" package stopped defining the shell function. The environment variable is damaged in Inline::env_untaint() with this regular expression: for (keys %ENV) { ($ENV{$_}) = $ENV{$_} =~ /(.*)/; } That was confirmed with a debugging warnings around the regexp: UNTAIN BEFORE: BASH_FUNC_which%%=() { ( alias; eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@ } at ../../perl-Inline/Inline-0.86/lib/Inline.pm line 1089. UNTAIN AFTER: BASH_FUNC_which%%=() { ( alias; at ../../perl-Inline/Inline-0.86/lib/Inline.pm line 1091. A pure Inline reproducer: $ perl -Ilib -e 'use Inline; $ENV{foo}="a\nb"; Inline::env_untaint(); print "<$ENV{foo}>\n"' In Inline::env_untaint() : Blindly untainting tainted fields in %ENV. <a> A fix is posted at <https://github.com/ingydotnet/inline-pm/pull/80>. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2130625 _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
