Closed Bug 938300 Opened 11 years ago Closed 11 years ago

vers_cmp() incorrectly compares module versions

Categories

(Bugzilla :: Installation & Upgrading, defect)

Product:
Bugzilla
Component:
Installation & Upgrading
Version:
4.4.1
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.2

People

(Reporter: e.lasman, Assigned: LpSolit)

References

(
URL
)

Details

Attachments

(2 files, 4 obsolete files)

patch for trunk, v2.2
9.12 KB, patch
mail
: review+
Details | Diff | Splinter Review
patch for 4.4, v1
2.15 KB, patch
mail
: review+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.71 (KHTML, like Gecko) Version/7.0 Safari/537.71

Steps to reproduce:

After installing bugzilla44 from freebsd pkg system or ports ./checksetup.pl script doesn't accept DBI module of version 1.63 as valid.


Actual results:

root@bsd-test:/usr/local/www/bugzilla # ./checksetup.pl 
* This is Bugzilla 4.4.1 on perl 5.16.3
* Running on FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013     root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC

Checking perl modules...
Checking for               CGI.pm (v3.51)     ok: found v3.63 
Checking for           Digest-SHA (any)       ok: found v5.71 
Checking for             TimeDate (v2.23)     ok: found v2.24 
Checking for             DateTime (v0.28)     ok: found v1.03 
Checking for    DateTime-TimeZone (v0.71)     ok: found v1.63 
Checking for                  DBI (v1.614)    found v1.63 
Checking for     Template-Toolkit (v2.22)     ok: found v2.25 
Checking for           Email-Send (v2.04)     ok: found v2.199 
Checking for           Email-MIME (v1.904)    ok: found v1.925 
Checking for                  URI (v1.37)     ok: found v1.60 
Checking for       List-MoreUtils (v0.32)     ok: found v0.33 
Checking for    Math-Random-ISAAC (v1.0.1)    ok: found v1.004 

Checking available perl DBD modules...
Checking for               DBD-Pg (v2.7.0)    not found 
Checking for            DBD-mysql (v4.001)    ok: found v4.025 
Checking for           DBD-SQLite (v1.29)     ok: found v1.40 
Checking for           DBD-Oracle (v1.19)     not found 

The following Perl modules are optional:
Checking for                   GD (v1.20)     ok: found v2.50 
defined(@array) is deprecated at /usr/local/lib/perl5/site_perl/5.16/Chart/Base.pm line 181.
	(Maybe you should just omit the defined()?)
defined(@array) is deprecated at /usr/local/lib/perl5/site_perl/5.16/Chart/Base.pm line 233.
	(Maybe you should just omit the defined()?)
Checking for                Chart (v2.1)      ok: found v2.4.6 
Checking for          Template-GD (any)       ok: found v1.56 
Checking for           GDTextUtil (any)       ok: found v0.86 
Checking for              GDGraph (any)       ok: found v1.48 
Checking for           MIME-tools (v5.406)    ok: found v5.504 
Checking for          libwww-perl (any)       ok: found v6.05 
Checking for             XML-Twig (any)       ok: found v3.44 
Checking for          PatchReader (v0.9.6)    ok: found v0.9.6 
Checking for            perl-ldap (any)       not found 
Checking for          Authen-SASL (any)       ok: found v2.16 
Checking for         Net-SMTP-SSL (v1.01)     ok: found v1.01 
Checking for           RadiusPerl (any)       not found 
Checking for            SOAP-Lite (v0.712)    ok: found v0.716 
Checking for          XMLRPC-Lite (v0.712)    ok: found v0.716 
Checking for             JSON-RPC (any)       ok: found v1.03 
Checking for              JSON-XS (v2.0)      ok: found v3.01 
Checking for           Test-Taint (any)       ok: found v1.06 
Checking for          HTML-Parser (v3.67)     ok: found v3.71 
Checking for        HTML-Scrubber (any)       ok: found v0.11 
Checking for               Encode (v2.21)     ok: found v2.44_01 
Checking for        Encode-Detect (any)       ok: found v1.01 
Checking for          Email-Reply (any)       ok: found v1.202 
Checking for HTML-FormatText-WithLinks (v0.13)     ok: found v0.14 
Checking for          TheSchwartz (v1.07)     ok: found v1.10 
Checking for       Daemon-Generic (any)       ok: found v0.84 
Checking for             mod_perl (v1.999022) not found 
Checking for     Apache-SizeLimit (v0.96)     not found 
Checking for        File-MimeInfo (any)       ok: found v0.16 
Checking for           IO-stringy (any)       ok: found v2.110 
Checking for          mod_headers (any)       ok 
Checking for          mod_expires (any)       ok 
Checking for              mod_env (any)       ok 
***********************************************************************
* REQUIRED MODULES                                                    *
***********************************************************************
* Bugzilla requires you to install some Perl modules which are either *
* missing from your system, or the version on your system is too old. *
* See below for commands to install these modules.                    *
***********************************************************************
* OPTIONAL MODULES                                                    *
***********************************************************************
* Certain Perl modules are not required by Bugzilla, but by           *
* installing the latest version you gain access to additional         *
* features.                                                           *
*                                                                     *
* The optional modules you do not have installed are listed below,    *
* with the name of the feature they enable. Below that table are the  *
* commands to install each module.                                    *
***********************************************************************
*      MODULE NAME * ENABLES FEATURE(S)                               *
***********************************************************************
*        perl-ldap * LDAP Authentication                              *
*       RadiusPerl * RADIUS Authentication                            *
*         mod_perl * mod_perl                                         *
* Apache-SizeLimit * mod_perl                                         *
***********************************************************************
COMMANDS TO INSTALL OPTIONAL MODULES:

      perl-ldap: /usr/local/bin/perl5.16.3 install-module.pl Net::LDAP
     RadiusPerl: /usr/local/bin/perl5.16.3 install-module.pl Authen::Radius
       mod_perl: /usr/local/bin/perl5.16.3 install-module.pl mod_perl2
Apache-SizeLimit: /usr/local/bin/perl5.16.3 install-module.pl Apache2::SizeLimit

COMMANDS TO INSTALL REQUIRED MODULES (You *must* run all these commands
and then re-run checksetup.pl):

    /usr/local/bin/perl5.16.3 install-module.pl DBI

To attempt an automatic install of every required and optional module
with one command, do:

  /usr/local/bin/perl5.16.3 install-module.pl --all

*** Installation aborted. Read the messages above. ***

root@bsd-test:/usr/local/www/bugzilla # 



Expected results:

Script accepts p5-DBI-1.628 and expecting to accept version 1.630 too unless there are specific issues with this version yet I can't find any mention of such.
URL: https://rt.cpan.org/Public/Bug/Displa...
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: p5-DBI-1.63 module doesn't pass as valid → DBI 1.630 is seen as 1.63 by checksetup.pl
Attached patch patch for trunk, v1 (obsolete) — Splinter Review 
version.pm is automatically loaded by |use 5.10.1|.

For 4.4 (and below), I will have to |use version| explicitly as we still support oldish Perl 5.8.x. Backport coming.
Assignee: installation → LpSolit
Status: NEW → ASSIGNED
Attachment #8333898 - Flags: review?(glob)
Attached patch patch for trunk, v1.1 (obsolete) — Splinter Review 
Forgot to fix POD, which is no longer accurate.
Attachment #8333898 - Attachment is obsolete: true
Attachment #8333898 - Flags: review?(glob)
Attachment #8333900 - Flags: review?(glob)
This is major enough to prevent Bugzilla from being installed. So it's a blocker, even for 4.2.8, IMO.
Severity: normal → major
Flags: blocking4.4.2+
Flags: blocking4.2.8+
Summary: DBI 1.630 is seen as 1.63 by checksetup.pl → vers_cmp() incorrectly compares module versions
Target Milestone: --- → Bugzilla 4.2
Attached patch patch for trunk, v2 (obsolete) — Splinter Review 
vers_cmp() was also used by query.cgi and Version.pm to sort product versions. As they can be any random string, version->new() was dying if the version was not a valid one. So I moved vers_cmp() into Version.pm and used version->new() directly where needed.

For 4.4 and older, I will write a less invasive patch.
Attachment #8333900 - Attachment is obsolete: true
Attachment #8333900 - Flags: review?(glob)
Attachment #8333947 - Flags: review?(glob)
Attached patch patch for trunk, v2.1 (obsolete) — Splinter Review 
There was a bug with Chart which bumped from 2.3 to 2.4.1, but as reported here:

https://rt.cpan.org/Public/Bug/Display.html?id=28218

2.4.1 < 2.3, because they translate to 2.004001 < 2.300. That's why I had to bump the min requirement for Chart. This should be fine as Chart 2.3 and older have all been deleted from CPAN, probably due to this bug.
Attachment #8333947 - Attachment is obsolete: true
Attachment #8333947 - Flags: review?(glob)
Attachment #8334041 - Flags: review?(glob)
DB server versions do not follow Perl syntax, e.g. Mageia has version "5.5.28-MariaDB" which is not a valid Perl version (due to the appended -MariaDB). So now I only use version->new() for Perl modules only, and still use vers_cmp() for DB servers. Sorry for the spam. :)
Attachment #8334041 - Attachment is obsolete: true
Attachment #8334041 - Flags: review?(glob)
Attachment #8334079 - Flags: review?(glob)
Bugzilla 4.4.x still supports Perl 5.8.x, which doesn't load version.pm by default, which is why I have to |use version|. I left vers_cmp() alone though it's really a Bugzilla::Version function to me. But let's not be invasive on a stable branch.

About Chart, I cannot bump the minimum requirement on a stable branch, so we require the fake 2.1.0 version, which translates internally to 2.001, so that we catch both older releases (2.1 == 2.100) and newer releases (2.4.1 == 2.004001).
Attachment #8335240 - Flags: review?(glob)
The only way to fix this bug in 4.2.8 is to first commit the patch from bug 781672 and then use the same patch as for 4.4, else version->new($vnum) fails if it gets an invalid version. So either bug 781672 must be retargetted to 4.2, or this bug is wontfix for 4.2.
Attachment #8334079 - Flags: review?(glob) → review?(simon)
Attachment #8335240 - Flags: review?(glob) → review?(simon)
Attachment #8334079 - Flags: review?(simon) → review+
Attachment #8335240 - Flags: review?(simon) → review+
Flags: approval?
Flags: approval4.4?
Flags: approval4.2?
bug 781672 needs to land on 4.2 first before this one. a=me with that in mind.
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval4.2?
Flags: approval4.2+
Flags: approval+
For Bugzilla 5.0, we must relnote that we now require Chart 2.4.1 instead of 2.1.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified install-module.pl
modified query.cgi
modified Bugzilla/DB.pm
modified Bugzilla/Version.pm
modified Bugzilla/Install/Requirements.pm
modified Bugzilla/Install/Util.pm
Committed revision 8821.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.4/
modified Bugzilla/Install/Requirements.pm
Committed revision 8638.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/
modified Bugzilla/Install/Requirements.pm
Committed revision 8240.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Keywords: relnote
Resolution: --- → FIXED
Added to relnotes for 4.4.2.
Upgrading my Bugzilla Installtion from 4.4 to 4.4.2 made the checksetup.pl give me the following error:

* This is Bugzilla 4.4.2 on perl 5.12.4
* Running on Linux 3.2.12-gentoo #1 SMP Fri Jun 15 16:00:34 CEST 2012

Checking perl modules...
Checking for               CGI.pm (v3.51)     ok: found v3.52 
Checking for           Digest-SHA (any)       ok: found v5.47 
Checking for             TimeDate (v2.23)     ok: found v2.24 
Checking for             DateTime (v0.28)     ok: found v1.03 
Invalid version format (non-numeric data) at Bugzilla/Install/Requirements.pm line 707.

----------------------

I could fix it by exchanging the line 707 in Requirements.pm from

    my $vok = ($vnum ne '-1' && version->new($vnum) >= version->new($wanted)) ? 1 : 0;

to

    my $vok = (vers_cmp($vnum,$wanted) > -1);


After this, I got the following checksetup.pl output:

* This is Bugzilla 4.4.2 on perl 5.12.4
* Running on Linux 3.2.12-gentoo #1 SMP Fri Jun 15 16:00:34 CEST 2012

Checking perl modules...
Checking for               CGI.pm (v3.51)     ok: found v3.52 
Checking for           Digest-SHA (any)       ok: found v5.47 
Checking for             TimeDate (v2.23)     ok: found v2.24 
Checking for             DateTime (v0.28)     ok: found v1.03 
Checking for    DateTime-TimeZone (v0.71)     ok: found v1.59 
Checking for                  DBI (v1.54)     ok: found v1.618 
Checking for     Template-Toolkit (v2.22)     ok: found v2.24 
Checking for           Email-Send (v2.04)     ok: found v2.198 
Checking for           Email-MIME (v1.904)    ok: found v1.907 
Checking for                  URI (v1.37)     ok: found v1.59 
Checking for       List-MoreUtils (v0.32)     ok: found v0.33 
Checking for    Math-Random-ISAAC (v1.0.1)    ok: found v1.004 

Checking available perl DBD modules...
Checking for               DBD-Pg (v2.7.0)    not found 
Checking for            DBD-mysql (v4.001)    ok: found v4.017 
Checking for           DBD-SQLite (v1.29)     ok: found v1.37 
Checking for           DBD-Oracle (v1.19)     not found 

The following Perl modules are optional:
Checking for                   GD (v1.20)     ok: found v2.46 
Checking for                Chart (v2.1.0)    ok: found v2.4.1 
Checking for          Template-GD (any)       ok: found v1.56 
Checking for           GDTextUtil (any)       ok: found v0.86 
Checking for              GDGraph (any)       ok: found v1.44 
Checking for           MIME-tools (v5.406)    ok: found v5.427 
Checking for          libwww-perl (any)       ok: found v6.03 
Checking for             XML-Twig (any)       ok: found v3.39 
Checking for          PatchReader (v0.9.6)    ok: found v0.9.6 
Checking for            perl-ldap (any)       ok: found v0.39 
Checking for          Authen-SASL (any)       ok: found v2.12 
Checking for         Net-SMTP-SSL (v1.01)     ok: found v1.01 
Checking for           RadiusPerl (any)       ok: found v0.14 
Checking for            SOAP-Lite (v0.712)    ok: found v0.712 
Checking for          XMLRPC-Lite (v0.712)    ok: found v0.712 
Checking for             JSON-RPC (any)       ok: found v0.96 
Checking for              JSON-XS (v2.0)      ok: found v2.32 
Checking for           Test-Taint (any)       ok: found v1.04 
Checking for          HTML-Parser (v3.40)     ok: found v3.69 
Checking for        HTML-Scrubber (any)       ok: found v0.08 
Checking for               Encode (v2.21)     ok: found v2.40 
Checking for        Encode-Detect (any)       ok: found v1.01 
Checking for          Email-Reply (any)       ok: found v1.202 
Checking for HTML-FormatText-WithLinks (v0.13)     ok: found v0.14 
defined(%hash) is deprecated at lib/Data/ObjectDriver/Driver/DBD.pm line 14, <DATA> line 275.
        (Maybe you should just omit the defined()?)
Checking for          TheSchwartz (v1.07)     ok: found v1.07 
Checking for       Daemon-Generic (any)       ok: found v0.61 
Checking for             mod_perl (v1.999022) ok: found v2.000007 
Checking for     Apache-SizeLimit (v0.96)     ok: found v0.96 
Checking for        File-MimeInfo (any)       ok: found v0.15 
Checking for           IO-stringy (any)       ok: found v2.110 
WARNING: We could not check the configuration of Apache. This sometimes
happens when you are not running checksetup.pl as root. To see the
problem we ran into, run: /usr/sbin/apache2 -t -D DUMP_MODULES

Reading ./localconfig...
Checking for            DBD-mysql (v4.001)    ok: found v4.017 
Checking for                MySQL (v5.0.15)   ok: found v5.1.61-log 

Removing existing compiled templates...
Precompiling templates...done.
Fixing file permissions...
Checking for             GraphViz (any)       ok 
checksetup.pl complete.

------------------------------------

With this, Bugzilla seems to be running fine as expected...

------------------------------------

Some version information of the machine:

~# perl -Mversion -wE 'say $version::VERSION' is
0.94

~# perl -wE 'eval "require Apache2::SizeLimit"; say Apache2::SizeLimit->VERSION'
0.96

~# perl --version
This is perl 5, version 12, subversion 4 (v5.12.4) built for x86_64-linux
------------------------------------

What should I do now? Version 4.4.2 is stable, why does this happen?
(In reply to b.cropp from comment #16)

> Invalid version format (non-numeric data) at
> Bugzilla/Install/Requirements.pm line 707.

It would be interesting to know which (invalid) version it gets. If you know how to hack version.pm, please make it more verbose.


> I could fix it by exchanging the line 707 in Requirements.pm from
> 
>     my $vok = ($vnum ne '-1' && version->new($vnum) >=
> version->new($wanted)) ? 1 : 0;
> 
> to
> 
>     my $vok = (vers_cmp($vnum,$wanted) > -1);

You are reverting what we did in this bug. This may fix your issue, but introduces new ones. So that's not the right fix.


> ~# perl -wE 'eval "require Apache2::SizeLimit"; say
> Apache2::SizeLimit->VERSION'
> 0.96

Your issue is unrelated to Apache2::SizeLimit. It's more likely related to DateTime::TimeZone. You should try this, from the bugzilla/ root directory:

perl -Mlib=lib -MDateTime::TimeZone -wE 'my $v = DateTime::TimeZone->VERSION; say $v; my $o = version->new($v); say $o'

It should return twice the same version, in your case 1.59.
(In reply to Frédéric Buclin from comment #17)
> (In reply to b.cropp from comment #16)
> 
> > Invalid version format (non-numeric data) at
> > Bugzilla/Install/Requirements.pm line 707.
> 
> It would be interesting to know which (invalid) version it gets. If you know
> how to hack version.pm, please make it more verbose.
> 

Sorry, I am no developer, so I don't know how to do that.

> 
> > I could fix it by exchanging the line 707 in Requirements.pm from
> > 
> >     my $vok = ($vnum ne '-1' && version->new($vnum) >=
> > version->new($wanted)) ? 1 : 0;
> > 
> > to
> > 
> >     my $vok = (vers_cmp($vnum,$wanted) > -1);
> 
> You are reverting what we did in this bug. This may fix your issue, but
> introduces new ones. So that's not the right fix.

Of course. "fix" wasn't the right word, workaround in that case would be better... ;-)

> 
> 
> > ~# perl -wE 'eval "require Apache2::SizeLimit"; say
> > Apache2::SizeLimit->VERSION'
> > 0.96
> 
> Your issue is unrelated to Apache2::SizeLimit. It's more likely related to
> DateTime::TimeZone. You should try this, from the bugzilla/ root directory:
> 
> perl -Mlib=lib -MDateTime::TimeZone -wE 'my $v =
> DateTime::TimeZone->VERSION; say $v; my $o = version->new($v); say $o'
> 
> It should return twice the same version, in your case 1.59.

# perl -Mlib=lib -MDateTime::TimeZone -wE 'my $v = DateTime::TimeZone->VERSION; say $v; my $o = version->new($v); say $o'
1.59
1.59
Thanks for the testing. Could you jump into our IRC channel to talk a bit about your issue? I'm there for the next 20 minutes. The channel is: irc://irc.mozilla.org/bugzilla
(In reply to Frédéric Buclin from comment #19)
> Thanks for the testing. Could you jump into our IRC channel to talk a bit
> about your issue? I'm there for the next 20 minutes. The channel is:
> irc://irc.mozilla.org/bugzilla

Thanks again Frédéric for your help yesterday at IRC !

After further investigation, I updated the whole machine. Now checksetup.pl works as expected!

I think it was a faulty Perl version/module, especially:

old version: perl-core/version-0.940.0 --> new version: perl-core/version-0.990.100

The machine runs now:

This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux
Keywords: relnote
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: