Fails to work with Perl 5.18

[gregoa]

Forwarded from http://bugs.debian.org/722159

After the upgrade from Perl 5.14 to 5.18 spampd doesn't start:

Sep  8 17:53:05 trantor spampd[3693]: Process Backgrounded
Sep  8 17:53:05 trantor spampd[3693]: 2013/09/08-17:53:05 Insecure dependency in open while running with -T switch at /usr/share/perl5/Net/Server/Daemonize.pm line 75.#012#012  at line 180 in file /usr/share/perl5/Net/Server.pm
Sep  8 17:53:05 trantor spampd[3693]: 2013/09/08-17:53:05 Server closing!

[mpaperno]

Thanks for reporting. I pushed a possible fix, based on the related postgrey bug/fix. Unfortunately I have no way to test this, so please let me know how it goes.

Cheers,
-Max

[gregoa]

Thanks, I'll ask the original but submitter for a test & feedback.

[gregoa]

According to http://bugs.debian.org/722159#24 , the patch did not fix the submitter's problem :/

(Maybe you could try to work this out together? Copypasting between the Debian BTS and github seems a bit inefficient ...)

[meskes]

The following patch fixes the problem for me. I didn't check if untainting less variables would be sufficient, too, though.

Michael

--- spampd 2013-11-04 16:03:52.000000000 +0100
+++ /usr/sbin/spampd 2013-11-04 16:05:05.000000000 +0100
@@ -900,6 +900,22 @@
usage(0);
}

+# Untaint some options provided by admin command line.
+$pidfile =~ /^(.)$/;
+$pidfile = $1;
+
+$relayhost =~ /^(.)$/;
+$relayhost = $1;
+
+$relayport =~ /^(.)$/;
+$relayport = $1;
+
+$host =~ /^(.)$/;
+$host = $1;
+
+$port =~ /^(.*)$/;
+$port = $1;
+
if ( $options{tagall} ) { $tagall = 1; }
if ( $options{'log-rules-hit'} ) { $rh = 1; }
if ( $options{debug} ) { $debug = 1; $nsloglevel = 4; }

[mpaperno]

Thanks Michael! Update pushed. Marking issue closed for now. Gregor, thanks for your time as well.

-Max

[Nagilum23]

The regexps are incomplete. Better use this:
http://paste.ubuntu.com/6993312/