Bugzilla 3.0.3. Submitting bug attachment gives: Insecure dependency in sprintf while running with -T switch at (eval 42) line 6., referer: .... attachment.cgi?bugid=806&action=enter

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bugzilla 3.0.3. Submitting bug attachment gives: Insecure dependency in sprintf while running with -T switch at (eval 42) line 6., referer: .... attachment.cgi?bugid=806&action=enter

van der Merwe, Ben
Hi,
 
I am getting this error whenever you try to submit an attachment to a
bug. Is there any work around? Any way to turn the tainting or checking
off?
Would it help to rever to an earlier Perl version or something?
 
Thank you.
 
The Apache error.log contains this:
 
[Fri Feb 08 09:50:13 2008] [error] [client 10.4.0.19] Premature end of
script headers: attachment.cgi, referer: http ....
attachment.cgi?bugid=806&action=enter
[Fri Feb 08 09:50:13 2008] [error] [client 10.4.0.19] Insecure
dependency in sprintf while running with -T switch at (eval 42) line 6.,
referer: http .... attachment.cgi?bugid=806&action=enter
 
I am running the latest stable release of everything:

MySQL 5.0.51
Perl v5.10.0.1002
Apache 2.2.8
PHP5.2.5
Bugzilla 3.0.3
Windows XP SP2
 
Perl checksetup.pl  gives:

* This is Bugzilla 3.0.3 on perl 5.10.0
* Running on WinXP/.Net Build 2600 (Service Pack 2)
 
Checking perl modules...
Checking for             CGI (v2.93)   ok: found v3.29
Checking for        TimeDate (v2.21)   ok: found v2.22
Checking for             DBI (v1.41)   ok: found v1.601
Checking for       PathTools (v0.84)   ok: found v3.2501
Checking for Template-Toolkit (v2.12)   ok: found v2.19
Checking for      Email-Send (v2.16)   ok: found v2.192
Checking for Email-MIME-Modifier (any)     ok: found v1.442
 
Checking available perl DBD modules...
Checking for          DBD-Pg (v1.45)    not found
Checking for       DBD-mysql (v2.9003) ok: found v4.005
 
The following Perl modules are optional:
Checking for              GD (v1.20)   ok: found v2.35
Checking for     Template-GD (any)      not found
Checking for           Chart (v1.0)     not found
Checking for         GDGraph (any)     ok: found v1.44
Checking for      GDTextUtil (any)     ok: found v0.86
Checking for        XML-Twig (any)     ok: found v3.32
Checking for      MIME-tools (v5.406)  ok: found v5.425
Checking for     libwww-perl (any)     ok: found v2.036
Checking for     PatchReader (v0.9.4)  ok: found v0.9.5
Checking for      PerlMagick (any)      not found
Checking for       perl-ldap (any)     ok: found v0.34
Checking for       SOAP-Lite (any)     ok: found v0.69
Checking for     HTML-Parser (v3.40)   ok: found v3.56
Checking for   HTML-Scrubber (any)     ok: found v0.08
Checking for Email-MIME-Attachment-Stripper (any)      not found
Checking for     Email-Reply (any)     ok: found v1.202
Checking for        mod_perl (v1.999022)  not found
Checking for             CGI (v3.11)   ok: found v3.29
 
* NOTE: You must run any commands listed below as Administrator.
 
***********************************************************************
* Note For Windows Users                                              *
***********************************************************************
* In order to install the modules listed below, you first have to run *
* the following command as an Administrator:                          *
*                                                                     *
*   ppm repo add theory58S http://theoryx5.uwinnipeg.ca/ppms
<http://theoryx5.uwinnipeg.ca/ppms>           *
*                                                                     *
* Then you have to do (also as an Administrator):                     *
*                                                                     *
*   ppm repo up theory58S                                             *
*                                                                     *
* Do that last command over and over until you see "theory58S" at the *
* top of the displayed list.                                          *
***********************************************************************
**********************************************************************
* OPTIONAL MODULES                                                   *
**********************************************************************
* Certain Perl modules are not required by Bugzilla, but by          *
* installing the latest version you gain access to additional        *
* features.                                                          *
*                                                                    *
* The optional modules you do not have installed are listed below,   *
* with the name of the feature they enable. If you want to install   *
* one of these modules, just run the appropriate command in the      *
* "COMMANDS TO INSTALL" section.                                     *
**********************************************************************
 
***********************************************************************
*                    MODULE NAME * ENABLES FEATURE(S)                 *
***********************************************************************
*                    Template-GD * Graphical Reports                  *
* Email-MIME-Attachment-Stripper * Inbound Email                      *
*                          Chart * New Charts, Old Charts             *
*                     PerlMagick * Optionally Convert BMP Attachments to
PNGs *
*                       mod_perl * mod_perl                           *
***********************************************************************
COMMANDS TO INSTALL:
 
    Template-GD: ppm install Template-GD
Email-MIME-Attachment-Stripper: ppm install
Email-MIME-Attachment-Stripper
          Chart: ppm install Chart
     PerlMagick: ppm install PerlMagick
       mod_perl: ppm install mod_perl
Reading ./localconfig...
 
OPTIONAL NOTE: If you want to be able to use the 'difference between two
patches' feature of Bugzilla (which requires the PatchReader Perl module
as well), you should install patchutils from:
 
    http://cyberelk.net/tim/patchutils/
<http://cyberelk.net/tim/patchutils/>
 

The following variables are no longer used in ./localconfig, and
should be removed: severities, platforms, opsys, priorities
 
Checking for       DBD-mysql (v2.9003) ok: found v4.005
Checking for           MySQL (v4.1.2)  ok: found v5.0.51a-community-nt
 
Removing existing compiled templates ...
Precompiling templates...
 
 


This e-mail is confidential and intended only for the individual(s) to whom
it is addressed. If you or your organisation is not an intended recipient of
this e-mail, please notify the sender by replying and do not read or
disseminate its information. Please delete all copies from your system. KBC
is liable neither for the proper or complete transmission of the information
contained in this communication nor for any delay in its receipt. Opinions,
conclusions and other information in this message and attachments that do not
relate to the official business of KBC are neither given nor endorsed by it.
Even though the Mailcontrol Virus Centre has checked this message for
all known viruses, you should carry out your own virus checks before opening
any attachments. Thank you for your co-operation. www.kbcat.com
_______________________________________________
support-bugzilla mailing list
[hidden email]
https://lists.mozilla.org/listinfo/support-bugzilla
PLEASE put [hidden email] in the To: field when you reply.
Reply | Threaded
Open this post in threaded view
|

RE: Bugzilla 3.0.3. Submitting bug attachment gives: Insecure dependencyin sprintf while running with -T switch at (eval 42) line 6., referer: .... attachment.cgi?bugid=806&action=enter

jdpond
Ben,

This is a Perl v5.10.0.1002 issue with CGI.pm.  See:
http://aspn.activestate.com/ASPN/Mail/Message/perl5-porters/3602288

You'll need to revert and make sure you also roll back any CGI modules you
included with:

"ppm install CGI"

by running

"ppm remove CGI"

Sorry, but that's the only answer I've found.

Jack

"'Why Sir Churchill, you are drunk!' 'And you are ugly, but I shall be sober
in the morning!'" -- a conversation between Lady Nancy Astor and Sir Winston
Leonard Spencer Churchill(1874-1965)

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf
> Of van der Merwe, Ben
> Sent: Friday, February 08, 2008 12:32 PM
> To: [hidden email]
> Subject: Bugzilla 3.0.3. Submitting bug attachment gives:
> Insecure dependencyin sprintf while running with -T switch at
> (eval 42) line 6.,referer: .... attachment.cgi?bugid=806&action=enter
>
> Hi,
>  
> I am getting this error whenever you try to submit an
> attachment to a bug. Is there any work around? Any way to
> turn the tainting or checking off?
> Would it help to rever to an earlier Perl version or something?
>  
> Thank you.
>  
> The Apache error.log contains this:
>  
> [Fri Feb 08 09:50:13 2008] [error] [client 10.4.0.19]
> Premature end of script headers: attachment.cgi, referer: http ....
> attachment.cgi?bugid=806&action=enter
> [Fri Feb 08 09:50:13 2008] [error] [client 10.4.0.19]
> Insecure dependency in sprintf while running with -T switch
> at (eval 42) line 6.,
> referer: http .... attachment.cgi?bugid=806&action=enter
>  
> I am running the latest stable release of everything:
>
> MySQL 5.0.51
> Perl v5.10.0.1002
> Apache 2.2.8
> PHP5.2.5
> Bugzilla 3.0.3
> Windows XP SP2
>  
> Perl checksetup.pl  gives:
>
> * This is Bugzilla 3.0.3 on perl 5.10.0
> * Running on WinXP/.Net Build 2600 (Service Pack 2)
>  
> Checking perl modules...
> Checking for             CGI (v2.93)   ok: found v3.29
> Checking for        TimeDate (v2.21)   ok: found v2.22
> Checking for             DBI (v1.41)   ok: found v1.601
> Checking for       PathTools (v0.84)   ok: found v3.2501
> Checking for Template-Toolkit (v2.12)   ok: found v2.19
> Checking for      Email-Send (v2.16)   ok: found v2.192
> Checking for Email-MIME-Modifier (any)     ok: found v1.442
>  
> Checking available perl DBD modules...
> Checking for          DBD-Pg (v1.45)    not found
> Checking for       DBD-mysql (v2.9003) ok: found v4.005
>  
> The following Perl modules are optional:
> Checking for              GD (v1.20)   ok: found v2.35
> Checking for     Template-GD (any)      not found
> Checking for           Chart (v1.0)     not found
> Checking for         GDGraph (any)     ok: found v1.44
> Checking for      GDTextUtil (any)     ok: found v0.86
> Checking for        XML-Twig (any)     ok: found v3.32
> Checking for      MIME-tools (v5.406)  ok: found v5.425
> Checking for     libwww-perl (any)     ok: found v2.036
> Checking for     PatchReader (v0.9.4)  ok: found v0.9.5
> Checking for      PerlMagick (any)      not found
> Checking for       perl-ldap (any)     ok: found v0.34
> Checking for       SOAP-Lite (any)     ok: found v0.69
> Checking for     HTML-Parser (v3.40)   ok: found v3.56
> Checking for   HTML-Scrubber (any)     ok: found v0.08
> Checking for Email-MIME-Attachment-Stripper (any)      not found
> Checking for     Email-Reply (any)     ok: found v1.202
> Checking for        mod_perl (v1.999022)  not found
> Checking for             CGI (v3.11)   ok: found v3.29
>  
> * NOTE: You must run any commands listed below as Administrator.
>  
> **************************************************************
> *********
> * Note For Windows Users                                      
>         *
> **************************************************************
> *********
> * In order to install the modules listed below, you first
> have to run *
> * the following command as an Administrator:                  
>         *
> *                                                            
>         *
> *   ppm repo add theory58S http://theoryx5.uwinnipeg.ca/ppms
> <http://theoryx5.uwinnipeg.ca/ppms>           *
> *                                                            
>         *
> * Then you have to do (also as an Administrator):            
>         *
> *                                                            
>         *
> *   ppm repo up theory58S                                    
>         *
> *                                                            
>         *
> * Do that last command over and over until you see
> "theory58S" at the *
> * top of the displayed list.                                  
>         *
> **************************************************************
> *********
> **********************************************************************
> * OPTIONAL MODULES                                                   *
> **********************************************************************
> * Certain Perl modules are not required by Bugzilla, but by          *
> * installing the latest version you gain access to additional        *
> * features.                                                          *
> *                                                                    *
> * The optional modules you do not have installed are listed below,   *
> * with the name of the feature they enable. If you want to install   *
> * one of these modules, just run the appropriate command in the      *
> * "COMMANDS TO INSTALL" section.                                     *
> **********************************************************************
>  
> **************************************************************
> *********
> *                    MODULE NAME * ENABLES FEATURE(S)        
>         *
> **************************************************************
> *********
> *                    Template-GD * Graphical Reports          
>         *
> * Email-MIME-Attachment-Stripper * Inbound Email              
>         *
> *                          Chart * New Charts, Old Charts    
>         *
> *                     PerlMagick * Optionally Convert BMP
> Attachments to
> PNGs *
> *                       mod_perl * mod_perl                  
>         *
> **************************************************************
> *********
> COMMANDS TO INSTALL:
>  
>     Template-GD: ppm install Template-GD
> Email-MIME-Attachment-Stripper: ppm install
> Email-MIME-Attachment-Stripper
>           Chart: ppm install Chart
>      PerlMagick: ppm install PerlMagick
>        mod_perl: ppm install mod_perl
> Reading ./localconfig...
>  
> OPTIONAL NOTE: If you want to be able to use the 'difference
> between two patches' feature of Bugzilla (which requires the
> PatchReader Perl module as well), you should install patchutils from:
>  
>     http://cyberelk.net/tim/patchutils/
> <http://cyberelk.net/tim/patchutils/>
>  
>
> The following variables are no longer used in ./localconfig,
> and should be removed: severities, platforms, opsys, priorities
>  
> Checking for       DBD-mysql (v2.9003) ok: found v4.005
> Checking for           MySQL (v4.1.2)  ok: found v5.0.51a-community-nt
>  
> Removing existing compiled templates ...
> Precompiling templates...
>  
>  
>
>
> This e-mail is confidential and intended only for the
> individual(s) to whom it is addressed. If you or your
> organisation is not an intended recipient of this e-mail,
> please notify the sender by replying and do not read or
> disseminate its information. Please delete all copies from
> your system. KBC is liable neither for the proper or complete
> transmission of the information contained in this
> communication nor for any delay in its receipt. Opinions,
> conclusions and other information in this message and
> attachments that do not relate to the official business of
> KBC are neither given nor endorsed by it.
> Even though the Mailcontrol Virus Centre has checked this
> message for all known viruses, you should carry out your own
> virus checks before opening any attachments. Thank you for
> your co-operation. www.kbcat.com
> _______________________________________________
> support-bugzilla mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/support-bugzilla
> PLEASE put [hidden email] in the To:
> field when you reply.

_______________________________________________
support-bugzilla mailing list
[hidden email]
https://lists.mozilla.org/listinfo/support-bugzilla
PLEASE put [hidden email] in the To: field when you reply.