Bug 7854 - undef error - Insecure dependency in exec while running with -T switch at /usr/share/perl5/Mail/Mailer/sendmail.pm line 22.
: undef error - Insecure dependency in exec while running with -T switch at /us...
Status: RESOLVED FIXED
Product: maemo.org Website
Bugzilla
: 5.0
: All Maemo
: High major with 2 votes (vote)
: ---
Assigned To: Karsten Bräckelmann
: Ferenc Szekely
:
:
:
:
  Show dependency tree
 
Reported: 2010-01-12 16:22 UTC by Andre Klapper
Modified: 2010-12-17 13:21 UTC (History)
7 users (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Andre Klapper (reporter) maemo.org 2010-01-12 16:22:36 UTC
EXACT STEPS LEADING TO PROBLEM: 
1. Add a comment or file a new bug report and click "Submit".

ACTUAL OUTCOME:
Comment added, but

Bugzilla has suffered an internal error.
URL: https://bugs.maemo.org/process_bug.cgi
undef error - Insecure dependency in exec while running with -T switch at
/usr/share/perl5/Mail/Mailer/sendmail.pm line 22.

REPRODUCIBILITY:
less than 1/10 - seen by two users plus me two times
Comment 1 Andre Klapper (reporter) maemo.org 2010-01-12 16:23:11 UTC
CC'ing Ferenc as I have not seen this before the server move.
Comment 2 EC 2010-01-12 16:31:24 UTC
Thanks for opening this, I'll comment here if I encounter the bug again.
Comment 3 Andre Klapper (reporter) maemo.org 2010-01-13 00:22:23 UTC
Quim and me suspect this to happen in case of non-ascii chars.
See for example the subject of https://bugs.maemo.org/show_bug.cgi?id=7863 .

This makes people add duplicate reports and contacts, hence raising issue.
Comment 4 Lucas Maneos 2010-01-13 02:39:14 UTC
The submission is succesful, it's the bugmail sending that fails (thus making
dupes more likely).  Just happened to me when submitting bug 7849 comment 2,
but it worked fine (assuming a complete bug listing, including all comments is
fine) after changing the non-ASCII chars in the summary to ASCII.

There's probably an untaint regex that needs to be expanded to also match UTF
(printable) characters somewhere...
Comment 5 Marcin Juszkiewicz 2010-01-15 15:51:05 UTC
bug #8052 was another one which got hit by it.
Comment 6 Lucas Maneos 2010-01-17 06:37:47 UTC
And bug 7707 is another victim with an entirely ASCII summary...
Comment 7 Anderson Lizardo 2010-01-19 19:35:52 UTC
I just got hit in my own bug report:

https://bugs.maemo.org/show_bug.cgi?id=8280

It contains a non-ASCII character on it (probably UTF-8)

In this case it happened when submitting a new bug report, not when commenting
an existing one.
Comment 8 bob+maemo 2010-01-22 15:47:04 UTC
I can reproduce this 100% of the time, commenting on bug #6615.  The content of
the comment doesn't matter.  The bug is triggered with the comment "test" or
even with an the comment box empty.

Unfortunaely because bugzilla is running over https I can't show you a packet
capture.  But I'm not sure that would help.  The bug is pretty specific about 
/usr/share/perl5/Mail/Mailer/sendmail.pm line 22, it looks like a server-side
problem.

Since I can reproduce it, send me a mail if you'd like me to try something.
Comment 9 Vincent Lefevre 2010-01-22 15:53:35 UTC
(In reply to comment #8)
> I can reproduce this 100% of the time, commenting on bug #6615.

Ditto for me on bug #6615.
Comment 10 Vincent Lefevre 2010-01-22 16:00:27 UTC
BTW, concerning bug #6615, bug #6615 comment #144 is the last mail I received.
Comment 11 Vincent Lefevre 2010-01-22 16:03:58 UTC
(In reply to comment #10)
> BTW, concerning bug #6615, bug #6615 comment #144 is the last mail I received.

bug #6615 comment #145 contains a non-ASCII character (see   in the HTML
source).
Comment 12 Lucas Maneos 2010-01-22 20:08:27 UTC
(In reply to comment #8)
> I can reproduce this 100% of the time, commenting on bug #6615.  The content of
> the comment doesn't matter.  The bug is triggered with the comment "test" or
> even with an the comment box empty.

Based on my experience with bug 7849 (comment 4), whenever new bugmail is
generated bugzilla tries to include all previous failed comments as well. So,
once the bug is triggered all subsequent comments will also fail.

(In reply to comment #11)
> bug #6615 comment #145 contains a non-ASCII character (see   in the HTML
> source).

Hm, I don't see it (apart from the   in the comment header line, which all
comments have).
Comment 13 Vincent Lefevre 2010-01-22 20:25:46 UTC
(In reply to comment #12)
> Hm, I don't see it (apart from the   in the comment header line, which all
> comments have).

Quoting the source... See after ||.

<pre id="comment_text_145">(In reply to <a
href="show_bug.cgi?id=6615#c143">comment #143</a>)
<span class="quote">&gt; The "]; then" needs to be on the same line with the
rest of the test (or you
&gt; need to tell shell with "\" as the last character on line that the line
&gt; continues to next line).</span>

Sorry, misread that line.  "||" can be used, but then it needs to be like this:
[ test1 ] ||&nbsp;[ test2 ], "||" cannot be inside brackets.  And as Lucas
stated,
-a &amp; -o can be used inside the brackets.
</pre>
Comment 14 Lucas Maneos 2010-01-22 20:39:30 UTC
(In reply to comment #13)
> Quoting the source... See after ||.

Thanks, it appears as a literal UTF-8 non-breaking space character here rather
than an HTML character entity reference (tried firefox, epiphany as well as
good old GET), probably a server-side encoding thing.

(In reply to comment #6)
> And bug 7707 is another victim with an entirely ASCII summary...

But the second character in bug 7707 comment 2 is non-ASCII.
Comment 15 Andrea Borgia 2010-01-27 12:05:27 UTC
(In reply to comment #3)

> Quim and me suspect this to happen in case of non-ascii chars.
> See for example the subject of https://bugs.maemo.org/show_bug.cgi?id=7863 .

I got it by this bug when submitting the report for bug #8484 but not when
submitting my second comment.
Comment 16 Andre Klapper (reporter) maemo.org 2010-02-17 01:29:37 UTC
This should be fixed now - haven't seen it for a while.
Comment 17 bob+maemo 2010-02-17 04:01:46 UTC
That's a terrible justification for closing a bug.  You have no idea if it's
fixed.
Comment 18 Andre Klapper (reporter) maemo.org 2010-02-17 12:37:02 UTC
Okay, turn this into a "I do know that Ferenc worked on this a few weeks ago,
that we had some bugmail downtime at that day, and I am very sure that this is
fixed now"? :-)
Sorry, I should have been more clear initially already.