Item1322: ChartPlugin gives "insecure dependency" error
Priority: Urgent
Current State: Closed
Released In:
Target Release: n/a
viewing the System.ChartPlugin page produces:
Insecure dependency in eval while running with -T switch at /usr/lib/perl5/GD.pm line 95.
at /usr/lib/perl5/GD.pm line 95
GD::AUTOLOAD() called at /var/www/foswiki/core/lib/Foswiki/Plugins/ChartPlugin/Chart.pm line 1041
Foswiki::Plugins::ChartPlugin::Chart::makeChart('Foswiki::Plugins::ChartPlugin::Chart=HASH(0xa24b700)') called at /var/www/foswiki/core/lib/Foswiki/Plugins/ChartPlugin.pm line 532
Foswiki::Plugins::ChartPlugin::_makeChart('Foswiki::Plugins::ChartPlugin=HASH(0xa24b630)', undef, 'ChartPlugin', 'System') called at /var/www/foswiki/core/lib/Foswiki/Plugins/ChartPlugin.pm line 593
Foswiki::Plugins::ChartPlugin::commonTagsHandler('<!--\x{a} * Set SHORTDESCRIPTION = Create PNG or GIF charts to ...', 'ChartPlugin', 'System', 0, 'Foswiki::Meta=HASH(0x9e2f618)') called at /var/www/foswiki/core/lib/Foswiki/Plugin.pm line 281
Foswiki::Plugin::invoke('Foswiki::Plugin=HASH(0x9cf7da0)', 'commonTagsHandler', '<!--\x{a} * Set SHORTDESCRIPTION = Create PNG or GIF charts to ...', 'ChartPlugin', 'System', 0, 'Foswiki::Meta=HASH(0x9e2f618)') called at /var/www/foswiki/core/lib/Foswiki/Plugins.pm line 320
Foswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0x9a3d818)', 'commonTagsHandler', '<!--\x{a} * Set SHORTDESCRIPTION = Create PNG or GIF charts to ...', 'ChartPlugin', 'System', 0, 'Foswiki::Meta=HASH(0x9e2f618)') called at /var/www/foswiki/core/lib/Foswiki.pm line 2808
Foswiki::expandMacros('Foswiki=HASH(0x962a9b0)', '<!--\x{a} * Set SHORTDESCRIPTION = Create PNG or GIF charts to ...', 'Foswiki::Meta=HASH(0x9e2f618)') called at /var/www/foswiki/core/lib/Foswiki/Meta.pm line 1978
Foswiki::Meta::expandMacros('Foswiki::Meta=HASH(0x9e2f618)', '<!--\x{a} * Set SHORTDESCRIPTION = Create PNG or GIF charts to ...') called at /var/www/foswiki/core/lib/Foswiki/UI/View.pm line 391
Foswiki::UI::View::_prepare('<!--\x{a} * Set SHORTDESCRIPTION = Create PNG or GIF charts to ...', 'Foswiki::Meta=HASH(0x9e2f618)', 0) called at /var/www/foswiki/core/lib/Foswiki/UI/View.pm line 371
Foswiki::UI::View::view('Foswiki=HASH(0x962a9b0)') called at /var/www/foswiki/core/lib/Foswiki/UI.pm line 183
Foswiki::UI::__ANON__() called at /var/www/foswiki/core/lib/CPAN/lib//Error.pm line 379
eval {...} called at /var/www/foswiki/core/lib/CPAN/lib//Error.pm line 371
Error::subs::try('CODE(0x977f3f0)', 'HASH(0x9e2f398)') called at /var/www/foswiki/core/lib/Foswiki/UI.pm line 252
Foswiki::UI::execute('Foswiki::Request=HASH(0x99e0e18)', 'CODE(0x99e0a18)', 'view', 1) called at /var/www/foswiki/core/lib/Foswiki/UI.pm line 121
Foswiki::UI::handleRequest('Foswiki::Request=HASH(0x99e0e18)') called at /var/www/foswiki/core/lib/Foswiki/Engine/CGI.pm line 26
Foswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0x98c2580)') called
--
WillNorris - 19 Mar 2009
I also got this error, but only when running with perl 5.10.0. With perl 5.8.8 it worked fine... for some reason perl 5.10.0 thinks
$AUTOLOAD
is insecure... probably a bug in
GD.pm
--
GilmarSantosJr - 04 Apr 2009
interesting, i have perl 5.8.8
r17311:~# perl --version
This is perl, v5.8.8 built for i486-linux-gnu-thread-multi
--
WillNorris - 04 Apr 2009
I just hit this again when installing Foswiki on Ubuntu 8.10 Intrepid (seen before on a previous TWiki install), and thought I'd come here to see if there was a better fix. The key thing is having perl 5.10.
A sort of fix can be obtained by replacing the variable
gdStyled
with the constant
-2
in
foswiki/lib/Foswiki/Plugins/ChartPlugin/Chart.pm
, as per the support ticket on TWiki
http://twiki.org/cgi-bin/view/Support/ChartPluginWithInsecureDependencies (look at the end for the useful stuff).
I won't pretend to know what this is caused by, but it does need to be fixed!
--
EdMcDonagh - 07 Apr 2009
I was bit by this too, and after considerable digging solved it with a line BEGIN { gdStyled; gdTransparent; } just after the use strict; in lib/Foswiki/Plugins/ChartPlugin/Chart.pm.
I'm assuming that the gdTransparent needs to be in there too as it's used in Chart.pm and also EXPORT'ed the same way from GD.pm. I too new to perl's intricacies to fully grasp the tainting rules. In any case, this code is working on my servers now.
--
DonWennick - 12 Jun 2009
This issue has been open here now for nearly a year, and on the TWiki for a year before that! What needs to happen to get one of these fixes into the released code? Both seem to work, but every time there is an update the fix needs to be reapplied.
Yours in hope!
--
EdMcDonagh - 02 Mar 2010
I also use
ChartPlugin daily on two different sites but by Centos distros seem to have different versions of GD that do not display the problem
It is awfully hard to reproduce a taint issue and resolve it when it is most likely in a CPAN library.
So you guys need to help me with as much information as possible.
First thing is - please update the plugin to the latest released version from January this year.
A lot of the code was changed. There is nothing that fits with the error messages and the code lines. We need you guys with the errors to give us a new up to date error update. We need the whole shebang either attached as a text file or included here in verbatim.
I also need to know which version of the GD CPAN module you run. And I need you to come back here every day the next 2-3 weeks and replay when we have more questions.
When we cannot reproduce we rely on YOU guys to provide feedback and test debug code.
--
KennethLavrsen - 02 Mar 2010
Thank you Kenneth. I'll do what I can to help from this end!
I am running:
- Foswiki 1.0.9-1 from Sven's debian repository
- foswiki-chartplugin 100108-204
- libgd-gd2-perl 1:2.39-2 - if you can tell me how to get the GD CPAN module version, I will get it for you.
Here is the error message generated:
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] Insecure dependency in eval while running with -T switch at /usr/lib/perl5/GD.pm line 95., referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] at /usr/lib/perl5/GD.pm line 95, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tGD::AUTOLOAD() called at /var/lib/foswiki/lib/Foswiki/Plugins/ChartPlugin/Chart.pm line 1041, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::Plugins::ChartPlugin::Chart::makeChart('Foswiki::Plugins::ChartPlugin::Chart=HASH(0x21ca2a8)') called at /var/lib/foswiki/lib/Foswiki/Plugins/ChartPlugin.pm line 532, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::Plugins::ChartPlugin::_makeChart('Foswiki::Plugins::ChartPlugin=HASH(0x21ca170)', undef, 'TestTopic6', 'Sandbox') called at /var/lib/foswiki/lib/Foswiki/Plugins/ChartPlugin.pm line 593, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::Plugins::ChartPlugin::commonTagsHandler('*Table 2:*\\x{a}%TABLE{name="exampleTable2"}%\\x{a}| *Year* | *1998* | ...', 'TestTopic6', 'Sandbox', 0, 'Foswiki::Meta=HASH(0x1b726c8)') called at /var/lib/foswiki/lib/Foswiki/Plugin.pm line 273, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::Plugin::invoke('Foswiki::Plugin=HASH(0x16d9670)', 'commonTagsHandler', '*Table 2:*\\x{a}%TABLE{name="exampleTable2"}%\\x{a}| *Year* | *1998* | ...', 'TestTopic6', 'Sandbox', 0, 'Foswiki::Meta=HASH(0x1b726c8)') called at /var/lib/foswiki/lib/Foswiki/Plugins.pm line 316, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::Plugins::dispatch('Foswiki::Plugins=HASH(0xf440e8)', 'commonTagsHandler', '*Table 2:*\\x{a}%TABLE{name="exampleTable2"}%\\x{a}| *Year* | *1998* | ...', 'TestTopic6', 'Sandbox', 0, 'Foswiki::Meta=HASH(0x1b726c8)') called at /var/lib/foswiki/lib/Foswiki.pm line 3046, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::handleCommonTags('Foswiki=HASH(0x95d028)', '*Table 2:*\\x{a}%TABLE{name="exampleTable2"}%\\x{a}| *Year* | *1998* | ...', 'Sandbox', 'TestTopic6', 'Foswiki::Meta=HASH(0x1b726c8)') called at /var/lib/foswiki/lib/Foswiki/UI/View.pm line 388, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::UI::View::_prepare('*Table 2:*\\x{a}%TABLE{name="exampleTable2"}%\\x{a}| *Year* | *1998* | ...', 'Foswiki=HASH(0x95d028)', 'Sandbox', 'TestTopic6', 'Foswiki::Meta=HASH(0x1b726c8)', 0) called at /var/lib/foswiki/lib/Foswiki/UI/View.pm line 368, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::UI::View::view('Foswiki=HASH(0x95d028)') called at /var/lib/foswiki/lib/Foswiki/UI.pm line 304, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::UI::__ANON__() called at /usr/share/perl5/Error.pm line 416, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \teval {...} called at /usr/share/perl5/Error.pm line 408, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tError::subs::try('CODE(0xa33728)', 'HASH(0x1b722d8)') called at /var/lib/foswiki/lib/Foswiki/UI.pm line 391, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::UI::_execute('Foswiki::Request=HASH(0xf44520)', 'CODE(0xf43ec0)', 'view', 1) called at /var/lib/foswiki/lib/Foswiki/UI.pm line 275, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::UI::handleRequest('Foswiki::Request=HASH(0xf44520)') called at /var/lib/foswiki/lib/Foswiki/Engine/CGI.pm line 29, referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
[Wed Mar 03 12:54:10 2010] [error] [client 192.168.141.161] \tFoswiki::Engine::CGI::run('Foswiki::Engine::CGI=HASH(0xd70e78)') called at /var/lib/foswiki/bin/view line 45., referer: http://fuday/foswiki/bin/edit/Sandbox/TestTopicAUTOINC0?foswiki_redirect_cache=b8b2acacda5d827512c5202972ed74dd
I hope this is what you need.
--
EdMcDonagh - 03 Mar 2010
perl -MGD -e 'print $GD::VERSION'
--
WillNorris - 10 Mar 2010
In which case, it is as per the libgd-gd2-perl version, ie 2.39. Thanks Will.
--
EdMcDonagh - 12 Mar 2010
i've attached a version to
Sandbox.Beta.ChartPlugin which fixes the problem on my system. please let me know how it works for you guys.
--
WillNorris - 14 Mar 2010
Thanks Will. As I don't typically use the extensions repositories on this install (I use the debian repository instead), I installed this by copying everything in the
lib/Foswiki/Plugins
folder from the tgz archive over the existing copies.
And everything works as it should do! Thank you very much Will. Is this sufficient testing to get this as the released version?
Let me know if I need to do more.
--
EdMcDonagh - 15 Mar 2010
great! that's confirmation enough for me to publish this updated version to
Extensions.ChartPlugin proper. thanks for letting me know.
(actually, btw, the way things work,
ChartPlugin should have been updated at
http://fosiki.com/Foswiki_debian/pool/main/f/ within 24 hours of my checkin.)
--
WillNorris - 18 Mar 2010
http://twiki.org/cgi-bin/view/Support/ChartPluginWithInsecureDependencies
--
WillNorris - 18 Mar 2010