Closed
Bug 285700
Opened 20 years ago
Closed 19 years ago
Bugzilla does not work file File::Spec 0.82 anymore (taint error)
Categories
(Bugzilla :: Bugzilla-General, defect, P2)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: jremillardshop, Assigned: justdave)
Details
Attachments
(1 file, 4 obsolete files)
|
4.18 KB,
patch
|
LpSolit
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1 Bugzilla was completly broken because of taint issues. There is a function on file::spec that was tainting the paths needed by the template toolkit to find the templates. index.cgi would not even come up. I upgrade to the version 3.05 and bugzilla was fixed. The stable version of Debain ships with version 0.82. You probably need to up the requirements in checksetuo.pl. This problem was observed on the latest in CVS. Reproducible: Always
|
||
Comment 1•20 years ago
|
||
Quite true I tried File::Spec 0.90 and it identifies itself as 0.9 and fails the up-to-date checks Another of my sites has 0.87 and that does work PathTools-3.00 was cranky about installing, so I went to 3.05 and it is fine. Landfill runs 3.04 Ubuntu ships with 0.87 Colin tried tip with 0.87 and it works We should probably bump the requirements to 0.87 The only question is... does this result from Bugzilla changes or Template Toolkit changes? I have not yet confirmed that the 0.87 sites are not running an older (ok) Template Toolkit
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Target Milestone: --- → Bugzilla 2.20
|
|
||
Comment 2•20 years ago
|
||
My observations... 0.82 does not work with TT 2.13 0.87 does work with TT 2.14 3.04 does work with TT 2.13 3.05 does work with TT 2.13
|
Reporter | |
Comment 3•20 years ago
|
||
I am running Template v2.08. It is probably broken by anything older than 2.13. v2.08 and v0.82 are both listed as the minimal versions in bugzilla and they don't work together on the latest version.
|
||
Comment 4•20 years ago
|
||
It seems safe to me to just bump up the requirement. Have we figured out exactly what the bug is? I also see 0.87 working on landfill. I vote to just bump the requirement to 0.87.
Flags: blocking2.20?
Summary: Bugzilla does not work file File::Spec 0.82 anymore → Bugzilla does not work file File::Spec 0.82 anymore (taint error)
Version: unspecified → 2.19.2
|
||
Comment 5•20 years ago
|
||
(In reply to comment #1) > I tried File::Spec 0.90 and it identifies itself as 0.9 and fails the up-to-date > checks This is bug 257933.
|
|
||
Comment 6•19 years ago
|
||
It seems like this is what we need to do. I haven't actually reproduced the issue, but it seems that Joel and Jason both have (the bug is marked as NEW). 0.87 is pretty old, anyhow -- it shouldn't be a problem to require it.
|
|
||
Comment 7•19 years ago
|
||
And this really is a blocker, since our versions ought to be correct for the release.
Flags: blocking2.20? → blocking2.20+
|
|
||
Updated•19 years ago
|
Whiteboard: [patch awaiting review]
|
||
Comment 8•19 years ago
|
||
Can you change it in the documentation too, please :)
Comment on attachment 189577 [details] [diff] [review] Bump to 0.87 our minimum version of activestate perl is 5.8.1, which ships with File::Spec version 0.86. either drop File::Spec from 0.87 to 0.86 or bump up activestate perl to 5.8.3. i'd lean towards 0.87 and increasing the activestate version
Attachment #189577 -
Flags: review?(bugzilla) → review-
|
|
||
Comment 10•19 years ago
|
||
Since glob is the Win32 Guy, I take his advice. :-)
Attachment #189577 -
Attachment is obsolete: true
Attachment #189645 -
Flags: review?(bugzilla)
|
||
Comment 11•19 years ago
|
||
Comment on attachment 189645 [details] [diff] [review] Use glob's suggestion and also do docs r=glob
Attachment #189645 -
Flags: review?(bugzilla) → review+
|
||
Comment 12•19 years ago
|
||
To avoid breaking as many existing installations as possible, we should be as conservative as possible with requirement increases. It may be easy for us to upgrade our own systems, but it's not easy for everyone to do so. So if File::Spec 0.86 works, we should continue to require only ActiveState Perl 5.8.1, even if we recommend 5.8.3 for other reasons.
|
Assignee | |
Comment 13•19 years ago
|
||
Comment on attachment 189645 [details] [diff] [review] Use glob's suggestion and also do docs I'm with Myk. Lets find out if 0.86 works or not first before we bump the minimum perl on win32.
Attachment #189645 -
Flags: review-
|
|
Assignee | |
Updated•19 years ago
|
Flags: approval?
Whiteboard: [patch awaiting review]
|
|
Assignee | |
Comment 14•19 years ago
|
||
I will point out, though, that from my experience (it's been a few years though) ActiveState Perl on Win32 is significantly easier to upgrade than perl on Linux (mostly because you don't have half the utilities on the operating system depending on the version of Perl you're running).
|
||
Updated•19 years ago
|
Whiteboard: [info needed]
|
|
||
Comment 15•19 years ago
|
||
Fwiw, this works for a long time now (read: months) stable on Windows with File::Spec v0.82.
|
|
Assignee | |
Comment 16•19 years ago
|
||
Or someone could just look for the relevant bugfix in the ChangeLog: 0.84 Wed Jul 9 22:21:23 CDT 2003 - When running under taint mode and perl >= 5.8, all the tmpdir() implementations now avoid returning a tainted path. So we need to require 0.84. Which solves the Win32 problem.
Assignee: mkanat → justdave
Status: ASSIGNED → NEW
|
|
Assignee | |
Comment 17•19 years ago
|
||
Attachment #189645 -
Attachment is obsolete: true
Attachment #191712 -
Flags: review?(LpSolit)
|
|
Assignee | |
Comment 18•19 years ago
|
||
Comment on attachment 191712 [details] [diff] [review] Patch v3 (tip and 2.20) updated patch coming up, I missed a few things
Attachment #191712 -
Flags: review?(LpSolit)
|
|
Assignee | |
Comment 19•19 years ago
|
||
This updates checksetup.pl, the release notes, the docs, and several of the tests that did direct checks.
Attachment #191712 -
Attachment is obsolete: true
Attachment #191716 -
Flags: review?(LpSolit)
|
|
Assignee | |
Updated•19 years ago
|
Whiteboard: [info needed] → [patch waiting review]
|
|
Assignee | |
Comment 20•19 years ago
|
||
ok, discussion with LpSolit on IRC and a quick look at bug 135543 comment 23 and onwards seems to indicate that the direct version checks for File::Spec 0.82 in the tests were because of an incompatibility with Perl 5.00503. We have since added a check that requires Perl 5.6.1, so these are no longer necessary at all. Just getting rid of them now, so if we ever bump versions again we no longer have to change them.
Attachment #191716 -
Attachment is obsolete: true
Attachment #191729 -
Flags: review?(LpSolit)
|
|
||
Comment 21•19 years ago
|
||
Comment on attachment 191729 [details] [diff] [review] Patch v5 (tip and 2.20) r=LpSolit
Attachment #191729 -
Flags: review?(LpSolit) → review+
|
|
||
Updated•19 years ago
|
Flags: approval?
Flags: approval2.20?
Whiteboard: [patch waiting review]
|
|
||
Updated•19 years ago
|
Attachment #191716 -
Flags: review?(LpSolit)
|
|
Assignee | |
Comment 22•19 years ago
|
||
trunk: Checking in checksetup.pl; /cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v <-- checksetup.pl new revision: 1.421; previous revision: 1.420 done Checking in docs/rel_notes.txt; /cvsroot/mozilla/webtools/bugzilla/docs/rel_notes.txt,v <-- rel_notes.txt new revision: 1.33; previous revision: 1.32 done Checking in docs/xml/Bugzilla-Guide.xml; /cvsroot/mozilla/webtools/bugzilla/docs/xml/Bugzilla-Guide.xml,v <-- Bugzilla-Guide.xml new revision: 1.54; previous revision: 1.53 done Checking in t/004template.t; /cvsroot/mozilla/webtools/bugzilla/t/004template.t,v <-- 004template.t new revision: 1.36; previous revision: 1.35 done Checking in t/005no_tabs.t; /cvsroot/mozilla/webtools/bugzilla/t/005no_tabs.t,v <-- 005no_tabs.t new revision: 1.13; previous revision: 1.12 done Checking in t/008filter.t; /cvsroot/mozilla/webtools/bugzilla/t/008filter.t,v <-- 008filter.t new revision: 1.18; previous revision: 1.17 done Checking in t/009bugwords.t; /cvsroot/mozilla/webtools/bugzilla/t/009bugwords.t,v <-- 009bugwords.t new revision: 1.3; previous revision: 1.2 done Checking in t/Support/Templates.pm; /cvsroot/mozilla/webtools/bugzilla/t/Support/Templates.pm,v <-- Templates.pm new revision: 1.14; previous revision: 1.13 done 2.20 branch: Checking in checksetup.pl; /cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v <-- checksetup.pl new revision: 1.412.2.4; previous revision: 1.412.2.3 done Checking in docs/rel_notes.txt; /cvsroot/mozilla/webtools/bugzilla/docs/rel_notes.txt,v <-- rel_notes.txt new revision: 1.32.2.1; previous revision: 1.32 done Checking in docs/xml/Bugzilla-Guide.xml; /cvsroot/mozilla/webtools/bugzilla/docs/xml/Bugzilla-Guide.xml,v <-- Bugzilla-Guide.xml new revision: 1.50.2.2; previous revision: 1.50.2.1 done Checking in t/004template.t; /cvsroot/mozilla/webtools/bugzilla/t/004template.t,v <-- 004template.t new revision: 1.35.4.1; previous revision: 1.35 done Checking in t/005no_tabs.t; /cvsroot/mozilla/webtools/bugzilla/t/005no_tabs.t,v <-- 005no_tabs.t new revision: 1.12.10.1; previous revision: 1.12 done Checking in t/008filter.t; /cvsroot/mozilla/webtools/bugzilla/t/008filter.t,v <-- 008filter.t new revision: 1.17.6.1; previous revision: 1.17 done Checking in t/009bugwords.t; /cvsroot/mozilla/webtools/bugzilla/t/009bugwords.t,v <-- 009bugwords.t new revision: 1.2.10.1; previous revision: 1.2 done Checking in t/Support/Templates.pm; /cvsroot/mozilla/webtools/bugzilla/t/Support/Templates.pm,v <-- Templates.pm new revision: 1.13.10.1; previous revision: 1.13 done
Status: NEW → RESOLVED
Closed: 19 years ago
Flags: approval?
Flags: approval2.20?
Flags: approval2.20+
Flags: approval+
Resolution: --- → FIXED
|
||
Comment 23•19 years ago
|
||
So, can we only require the newer version if perl is 5.8.x? 5.6.1 came with an older File::Spec version, and since its Core, its a bit of a pain to upgrade.
You need to log in
before you can comment on or make changes to this bug.
Description
•