[rt-users] ...lib/RT/I18N/cs.pm is tainted. not loading...

Lee Damon nomad at ee.washington.edu
Wed Feb 18 12:32:17 EST 2015


I found the problem with the "tainted" I18N/*.pm errors. It seems
I18N.pm does a path element check but doesn't know about AFS's @sys path
elements so doesn't allow for @ in names. This is the very minor change
I made to enable that. I don't know if this is going to cause problems
elsewhere, can anyone verify this for me?

: || nomad at silverfox as60-amd64-4.2.9 [77] ; diff -c lib/RT/I18N.pm
lib/RT/I18N.pm.orig
*** lib/RT/I18N.pm      2015-02-18 09:27:14.395298000 -0800
--- lib/RT/I18N.pm.orig 2015-02-18 09:26:23.718504000 -0800
***************
*** 101,107 ****

      # Load language-specific functions
      foreach my $file ( File::Glob::bsd_glob(substr(__FILE__, 0, -3) .
"/*.pm") ) {
!         unless ( $file =~ /^([-\w\s\.\/\\\@~:]+)$/ ) {
              warn("$file is tainted. not loading");
              next;
          }
--- 101,107 ----

      # Load language-specific functions
      foreach my $file ( File::Glob::bsd_glob(substr(__FILE__, 0, -3) .
"/*.pm") ) {
!         unless ( $file =~ /^([-\w\s\.\/\\~:]+)$/ ) {
              warn("$file is tainted. not loading");
              next;
          }


Sadly, this doesn't solve the problem with "rt-fulltext-indexer --all"
thinking an indexer is already running (nor does it solve my previously
posted problems with the bodies of articles not being filled in when the
article is first created).

nomad

On 2/17/15 09:29 , Lee Damon wrote:
> tl;dr: I'm attempting to upgrade from RT 3.6.4 to RT 4.2.9. After
> running make upgrade-database I get the following errors to pretty much
> every command:
> 
> [6313] [Tue Feb 17 17:00:00 2015] [warning]:
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N/cs.pm
> is tainted. not loading at
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm line
> 105.
> (/afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm:105)
> [6313] [Tue Feb 17 17:00:00 2015] [warning]:
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N/de.pm
> is tainted. not loading at
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm line
> 105.
> (/afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm:105)
> [6313] [Tue Feb 17 17:00:00 2015] [warning]:
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N/fr.pm
> is tainted. not loading at
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm line
> 105.
> (/afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm:105)
> [6313] [Tue Feb 17 17:00:00 2015] [warning]:
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N/i_default.pm
> is tainted. not loading at
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm line
> 105.
> (/afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm:105)
> [6313] [Tue Feb 17 17:00:00 2015] [warning]:
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N/ru.pm
> is tainted. not loading at
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm line
> 105.
> (/afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/I18N.pm:105)
> 
> After that error message is presented I am unable to run
> "rt-fulltext-indexer --all" because it claims an indexer is already running.
> 
> 
> Long form:
> 
> I'm using the following command to copy the existing database from the
> production server to the test server:
> 
> pg_dump -U apache rt3 > rt3.sql
> 
> I then copy rt3.sql to the test server and do the following steps to
> upgrade:
> 
> # delete old database on chum:
> sudo -u postgres psql
> drop database rt4;
> \q
> 
> # create empty database
> sudo rm -rf /var/pkgs/rt/var/*/*
> sudo /usr/nikola/pkgs/rt/sbin/rt-setup-database --action create,acl
> 
> 
> (I note that when I run rt-setup-database I get the following warnings:
> 
> [3943] [Tue Feb 17 16:44:34 2015] [warning]: DBD::Pg::st execute failed:
> ERROR:  relation "attachments_id_seq" does not exist at
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/Handle.pm
> line 452, <STDIN> line 1.
> (/afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/Handle.pm:452)
> [3943] [Tue Feb 17 16:44:34 2015] [critical]: DBD::Pg::st execute
> failed: ERROR:  relation "attachments_id_seq" does not exist at
> /afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT/Handle.pm
> line 452, <STDIN> line 1.
> (/afs/ee.washington.edu/nikola/. at sys/pkgs/rt/.4.2.9/sbin/../lib/RT.pm:388)
> 
> but as they are warnings I hope they're not fatal.)
> 
> Proceeding:
> 
> #import database on chum:
> sudo -u postgres psql rt4 < /s0/nomad/rt3.sql
> # verify that the database is rt4
> psql --list --username=apache
> 
> # upgrade from 3.x to 4.x
> sudo /etc/init.d/httpd stop
> cd /s0/nomad/as60-amd64-rt-4.2.9
> sudo make upgrade-database
>         upgrade to 3.9.8
> sudo /usr/nikola/pkgs/perl/.5.20.0/bin/perl
> /usr/nikola/pkgs/rt/etc/upgrade/upgrade-articles
> sudo make upgrade-database
>         upgrade from 3.9.8 to latest
> cd /usr/nikola/pkgs/rt
> sudo perl -I /usr/nikola/pkgs/rt/local/lib -I /usr/nikola/pkgs/rt/lib
> sbin/rt-setup-fulltext-index
> 
> *** This is the point where I start seeing the tainted messages in the
> log. Note that this isn't the only time I see the taint errors, I get
> them regularly from now on.
> 
> sudo perl -I /usr/nikola/pkgs/rt/local/lib -I /usr/nikola/pkgs/rt/lib
> sbin/rt-fulltext-indexer --all
> 
> *** At this point I am informed an indexer is running (it isn't) and
> nothing happens.
> 
> I have a bunch more steps I use to finish upgrading the database but
> they're after the error message so I'm including them only for
> completeness. Many of these steps also kick out the above taint errors.
> 
> sudo /usr/nikola/pkgs/perl/.5.20.0/bin/perl
> etc/upgrade/vulnerable-passwords --fix
> sudo /usr/nikola/pkgs/perl/.5.20.0/bin/perl -I
> /usr/nikola/pkgs/rt/local/lib -I /usr/nikola/pkgs/rt/lib
> etc/upgrade/shrink_cgm_table.pl
> sudo /usr/nikola/pkgs/perl/.5.20.0/bin/perl -I
> /usr/nikola/pkgs/rt/local/lib -I /usr/nikola/pkgs/rt/lib
> etc/upgrade/shrink_transactions_table.pl
> sudo perl -I /usr/nikola/pkgs/rt/local/lib -I /usr/nikola/pkgs/rt/lib
> etc/upgrade/4.0-customfield-checkbox-extension
> sudo sbin/rt-validator --check --resolv
>         (replace user 0 with 25)
> sudo etc/upgrade/switch-templates-to html
> 
> 
> 
> Does anyone have any hints on where I can poke to figure out what is
> causing this problem?
> 
> thanks,
> nomad
> 
> 



More information about the rt-users mailing list