Bug 6815

Summary: Use of uninitialized value $origip
Product: Spamassassin Reporter: Boyd Stephen Smith Jr. <bss>
Component: RulesAssignee: SpamAssassin Developer Mailing List <dev>
Status: RESOLVED INVALID    
Severity: minor CC: bss, kmcgrail
Priority: P2    
Version: 3.3.1   
Target Milestone: Undefined   
Hardware: PC   
OS: Linux   
Whiteboard:

Description Boyd Stephen Smith Jr. 2012-07-12 04:22:32 UTC 
Mentioned on user's list in 2010 against 3.3.1 in Debian Lenny:
http://www.gossamer-threads.com/lists/spamassassin/users/151981

I did a quick search for "origip" in Bugzilla and only found 1 unrelated bug.  The "Possible Duplicates" listed by Bugzilla don't mention AutoWhitelist.pm.

I'm now getting the same warnings earlier today from 3.3.1 (!) in my Debian Squeeze VPS:
Use of uninitialized value $origip in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/AutoWhitelist.pm line 346.

It's good to know this isn't a security issue, but it was a bit concerning.  I'm hoping this bug will result in a patch landing in SVN.  With Wheezy already frozen, I expect Debian users like me will be seeing these messages for a couple more years.

I don't know if I have chosen the correct component in Bugzilla.
Comment 1 Kevin A. McGrail 2012-07-15 20:47:08 UTC 
Based on the information in the thread, SVN includes a check if $result is defined as well as $origip.  

The fact that a distribution uses an older version of SpamAssassin is not a concern for the project, sorry.  

You might want to consider maintaining SA outside of your Debian package management.

Regards,
KAM
Comment 2 Boyd Stephen Smith Jr. 2012-07-15 21:22:15 UTC 
Sorry for the noise.  What I saw of the thread didn't say the patch had made it into SVN, but rather than an issue should be opened so that it would be added to SVN.  Apparently the patch was included in r931606, thanks!
Comment 3 Kevin A. McGrail 2012-07-15 21:27:18 UTC 
(In reply to comment #2)
> Sorry for the noise.  What I saw of the thread didn't say the patch had made
> it into SVN, but rather than an issue should be opened so that it would be
> added to SVN.  Apparently the patch was included in r931606, thanks!

No worries!