vers_cmp() incorrectly compares module versions

RESOLVED FIXED in Bugzilla 4.2

Status

()

Bugzilla
Installation & Upgrading
--
major
RESOLVED FIXED
4 years ago
2 years ago

People

(Reporter: e.lasman, Assigned: Frédéric Buclin)

Tracking

4.4.1
Bugzilla 4.2
Bug Flags:
approval +
approval4.4 +
blocking4.4.2 +
approval4.2 +
blocking4.2.8 +

Details

(URL)

Attachments

(2 attachments, 4 obsolete attachments)

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9) AppleWebKit/537.71 (KHTML, like Gecko) Version/7.0 Safari/537.71

Steps to reproduce:

After installing bugzilla44 from freebsd pkg system or ports ./checksetup.pl script doesn't accept DBI module of version 1.63 as valid.


Actual results:

root@bsd-test:/usr/local/www/bugzilla # ./checksetup.pl 
* This is Bugzilla 4.4.1 on perl 5.16.3
* Running on FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013     root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC

Checking perl modules...
Checking for               CGI.pm (v3.51)     ok: found v3.63 
Checking for           Digest-SHA (any)       ok: found v5.71 
Checking for             TimeDate (v2.23)     ok: found v2.24 
Checking for             DateTime (v0.28)     ok: found v1.03 
Checking for    DateTime-TimeZone (v0.71)     ok: found v1.63 
Checking for                  DBI (v1.614)    found v1.63 
Checking for     Template-Toolkit (v2.22)     ok: found v2.25 
Checking for           Email-Send (v2.04)     ok: found v2.199 
Checking for           Email-MIME (v1.904)    ok: found v1.925 
Checking for                  URI (v1.37)     ok: found v1.60 
Checking for       List-MoreUtils (v0.32)     ok: found v0.33 
Checking for    Math-Random-ISAAC (v1.0.1)    ok: found v1.004 

Checking available perl DBD modules...
Checking for               DBD-Pg (v2.7.0)    not found 
Checking for            DBD-mysql (v4.001)    ok: found v4.025 
Checking for           DBD-SQLite (v1.29)     ok: found v1.40 
Checking for           DBD-Oracle (v1.19)     not found 

The following Perl modules are optional:
Checking for                   GD (v1.20)     ok: found v2.50 
defined(@array) is deprecated at /usr/local/lib/perl5/site_perl/5.16/Chart/Base.pm line 181.
	(Maybe you should just omit the defined()?)
defined(@array) is deprecated at /usr/local/lib/perl5/site_perl/5.16/Chart/Base.pm line 233.
	(Maybe you should just omit the defined()?)
Checking for                Chart (v2.1)      ok: found v2.4.6 
Checking for          Template-GD (any)       ok: found v1.56 
Checking for           GDTextUtil (any)       ok: found v0.86 
Checking for              GDGraph (any)       ok: found v1.48 
Checking for           MIME-tools (v5.406)    ok: found v5.504 
Checking for          libwww-perl (any)       ok: found v6.05 
Checking for             XML-Twig (any)       ok: found v3.44 
Checking for          PatchReader (v0.9.6)    ok: found v0.9.6 
Checking for            perl-ldap (any)       not found 
Checking for          Authen-SASL (any)       ok: found v2.16 
Checking for         Net-SMTP-SSL (v1.01)     ok: found v1.01 
Checking for           RadiusPerl (any)       not found 
Checking for            SOAP-Lite (v0.712)    ok: found v0.716 
Checking for          XMLRPC-Lite (v0.712)    ok: found v0.716 
Checking for             JSON-RPC (any)       ok: found v1.03 
Checking for              JSON-XS (v2.0)      ok: found v3.01 
Checking for           Test-Taint (any)       ok: found v1.06 
Checking for          HTML-Parser (v3.67)     ok: found v3.71 
Checking for        HTML-Scrubber (any)       ok: found v0.11 
Checking for               Encode (v2.21)     ok: found v2.44_01 
Checking for        Encode-Detect (any)       ok: found v1.01 
Checking for          Email-Reply (any)       ok: found v1.202 
Checking for HTML-FormatText-WithLinks (v0.13)     ok: found v0.14 
Checking for          TheSchwartz (v1.07)     ok: found v1.10 
Checking for       Daemon-Generic (any)       ok: found v0.84 
Checking for             mod_perl (v1.999022) not found 
Checking for     Apache-SizeLimit (v0.96)     not found 
Checking for        File-MimeInfo (any)       ok: found v0.16 
Checking for           IO-stringy (any)       ok: found v2.110 
Checking for          mod_headers (any)       ok 
Checking for          mod_expires (any)       ok 
Checking for              mod_env (any)       ok 
***********************************************************************
* REQUIRED MODULES                                                    *
***********************************************************************
* Bugzilla requires you to install some Perl modules which are either *
* missing from your system, or the version on your system is too old. *
* See below for commands to install these modules.                    *
***********************************************************************
* OPTIONAL MODULES                                                    *
***********************************************************************
* Certain Perl modules are not required by Bugzilla, but by           *
* installing the latest version you gain access to additional         *
* features.                                                           *
*                                                                     *
* The optional modules you do not have installed are listed below,    *
* with the name of the feature they enable. Below that table are the  *
* commands to install each module.                                    *
***********************************************************************
*      MODULE NAME * ENABLES FEATURE(S)                               *
***********************************************************************
*        perl-ldap * LDAP Authentication                              *
*       RadiusPerl * RADIUS Authentication                            *
*         mod_perl * mod_perl                                         *
* Apache-SizeLimit * mod_perl                                         *
***********************************************************************
COMMANDS TO INSTALL OPTIONAL MODULES:

      perl-ldap: /usr/local/bin/perl5.16.3 install-module.pl Net::LDAP
     RadiusPerl: /usr/local/bin/perl5.16.3 install-module.pl Authen::Radius
       mod_perl: /usr/local/bin/perl5.16.3 install-module.pl mod_perl2
Apache-SizeLimit: /usr/local/bin/perl5.16.3 install-module.pl Apache2::SizeLimit

COMMANDS TO INSTALL REQUIRED MODULES (You *must* run all these commands
and then re-run checksetup.pl):

    /usr/local/bin/perl5.16.3 install-module.pl DBI

To attempt an automatic install of every required and optional module
with one command, do:

  /usr/local/bin/perl5.16.3 install-module.pl --all

*** Installation aborted. Read the messages above. ***

root@bsd-test:/usr/local/www/bugzilla # 



Expected results:

Script accepts p5-DBI-1.628 and expecting to accept version 1.630 too unless there are specific issues with this version yet I can't find any mention of such.
(Assignee)

Updated

4 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: p5-DBI-1.63 module doesn't pass as valid → DBI 1.630 is seen as 1.63 by checksetup.pl
(Assignee)

Comment 1

4 years ago
Created attachment 8333898 [details] [diff] [review]
patch for trunk, v1

version.pm is automatically loaded by |use 5.10.1|.

For 4.4 (and below), I will have to |use version| explicitly as we still support oldish Perl 5.8.x. Backport coming.
Assignee: installation → LpSolit
Status: NEW → ASSIGNED
Attachment #8333898 - Flags: review?(glob)
(Assignee)

Comment 2

4 years ago
Created attachment 8333900 [details] [diff] [review]
patch for trunk, v1.1

Forgot to fix POD, which is no longer accurate.
Attachment #8333898 - Attachment is obsolete: true
Attachment #8333898 - Flags: review?(glob)
Attachment #8333900 - Flags: review?(glob)
(Assignee)

Comment 3

4 years ago
This is major enough to prevent Bugzilla from being installed. So it's a blocker, even for 4.2.8, IMO.
Severity: normal → major
Flags: blocking4.4.2+
Flags: blocking4.2.8+
Summary: DBI 1.630 is seen as 1.63 by checksetup.pl → vers_cmp() incorrectly compares module versions
Target Milestone: --- → Bugzilla 4.2
(Assignee)

Comment 4

4 years ago
Created attachment 8333947 [details] [diff] [review]
patch for trunk, v2

vers_cmp() was also used by query.cgi and Version.pm to sort product versions. As they can be any random string, version->new() was dying if the version was not a valid one. So I moved vers_cmp() into Version.pm and used version->new() directly where needed.

For 4.4 and older, I will write a less invasive patch.
Attachment #8333900 - Attachment is obsolete: true
Attachment #8333900 - Flags: review?(glob)
Attachment #8333947 - Flags: review?(glob)
(Assignee)

Comment 5

4 years ago
Created attachment 8334041 [details] [diff] [review]
patch for trunk, v2.1

There was a bug with Chart which bumped from 2.3 to 2.4.1, but as reported here:

https://rt.cpan.org/Public/Bug/Display.html?id=28218

2.4.1 < 2.3, because they translate to 2.004001 < 2.300. That's why I had to bump the min requirement for Chart. This should be fine as Chart 2.3 and older have all been deleted from CPAN, probably due to this bug.
Attachment #8333947 - Attachment is obsolete: true
Attachment #8333947 - Flags: review?(glob)
Attachment #8334041 - Flags: review?(glob)
(Assignee)

Comment 6

4 years ago
Created attachment 8334079 [details] [diff] [review]
patch for trunk, v2.2

DB server versions do not follow Perl syntax, e.g. Mageia has version "5.5.28-MariaDB" which is not a valid Perl version (due to the appended -MariaDB). So now I only use version->new() for Perl modules only, and still use vers_cmp() for DB servers. Sorry for the spam. :)
Attachment #8334041 - Attachment is obsolete: true
Attachment #8334041 - Flags: review?(glob)
Attachment #8334079 - Flags: review?(glob)
(Assignee)

Comment 7

4 years ago
Created attachment 8335240 [details] [diff] [review]
patch for 4.4, v1

Bugzilla 4.4.x still supports Perl 5.8.x, which doesn't load version.pm by default, which is why I have to |use version|. I left vers_cmp() alone though it's really a Bugzilla::Version function to me. But let's not be invasive on a stable branch.

About Chart, I cannot bump the minimum requirement on a stable branch, so we require the fake 2.1.0 version, which translates internally to 2.001, so that we catch both older releases (2.1 == 2.100) and newer releases (2.4.1 == 2.004001).
Attachment #8335240 - Flags: review?(glob)
(Assignee)

Comment 8

4 years ago
The only way to fix this bug in 4.2.8 is to first commit the patch from bug 781672 and then use the same patch as for 4.4, else version->new($vnum) fails if it gets an invalid version. So either bug 781672 must be retargetted to 4.2, or this bug is wontfix for 4.2.
(Assignee)

Updated

4 years ago
Attachment #8334079 - Flags: review?(glob) → review?(simon)
(Assignee)

Updated

4 years ago
Attachment #8335240 - Flags: review?(glob) → review?(simon)

Updated

4 years ago
Attachment #8334079 - Flags: review?(simon) → review+

Updated

4 years ago
Attachment #8335240 - Flags: review?(simon) → review+

Updated

4 years ago
Flags: approval?
Flags: approval4.4?
Flags: approval4.2?
bug 781672 needs to land on 4.2 first before this one. a=me with that in mind.
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval4.2?
Flags: approval4.2+
Flags: approval+
(Assignee)

Comment 10

4 years ago
For Bugzilla 5.0, we must relnote that we now require Chart 2.4.1 instead of 2.1.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified install-module.pl
modified query.cgi
modified Bugzilla/DB.pm
modified Bugzilla/Version.pm
modified Bugzilla/Install/Requirements.pm
modified Bugzilla/Install/Util.pm
Committed revision 8821.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.4/
modified Bugzilla/Install/Requirements.pm
Committed revision 8638.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/
modified Bugzilla/Install/Requirements.pm
Committed revision 8240.
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Keywords: relnote
Resolution: --- → FIXED

Updated

3 years ago
Duplicate of this bug: 947036
(Assignee)

Updated

3 years ago
Duplicate of this bug: 956496

Updated

3 years ago
Duplicate of this bug: 958486
(Assignee)

Comment 14

3 years ago
Added to relnotes for 4.4.2.
Comment hidden (spam)

Comment 16

3 years ago
Upgrading my Bugzilla Installtion from 4.4 to 4.4.2 made the checksetup.pl give me the following error:

* This is Bugzilla 4.4.2 on perl 5.12.4
* Running on Linux 3.2.12-gentoo #1 SMP Fri Jun 15 16:00:34 CEST 2012

Checking perl modules...
Checking for               CGI.pm (v3.51)     ok: found v3.52 
Checking for           Digest-SHA (any)       ok: found v5.47 
Checking for             TimeDate (v2.23)     ok: found v2.24 
Checking for             DateTime (v0.28)     ok: found v1.03 
Invalid version format (non-numeric data) at Bugzilla/Install/Requirements.pm line 707.

----------------------

I could fix it by exchanging the line 707 in Requirements.pm from

    my $vok = ($vnum ne '-1' && version->new($vnum) >= version->new($wanted)) ? 1 : 0;

to

    my $vok = (vers_cmp($vnum,$wanted) > -1);


After this, I got the following checksetup.pl output:

* This is Bugzilla 4.4.2 on perl 5.12.4
* Running on Linux 3.2.12-gentoo #1 SMP Fri Jun 15 16:00:34 CEST 2012

Checking perl modules...
Checking for               CGI.pm (v3.51)     ok: found v3.52 
Checking for           Digest-SHA (any)       ok: found v5.47 
Checking for             TimeDate (v2.23)     ok: found v2.24 
Checking for             DateTime (v0.28)     ok: found v1.03 
Checking for    DateTime-TimeZone (v0.71)     ok: found v1.59 
Checking for                  DBI (v1.54)     ok: found v1.618 
Checking for     Template-Toolkit (v2.22)     ok: found v2.24 
Checking for           Email-Send (v2.04)     ok: found v2.198 
Checking for           Email-MIME (v1.904)    ok: found v1.907 
Checking for                  URI (v1.37)     ok: found v1.59 
Checking for       List-MoreUtils (v0.32)     ok: found v0.33 
Checking for    Math-Random-ISAAC (v1.0.1)    ok: found v1.004 

Checking available perl DBD modules...
Checking for               DBD-Pg (v2.7.0)    not found 
Checking for            DBD-mysql (v4.001)    ok: found v4.017 
Checking for           DBD-SQLite (v1.29)     ok: found v1.37 
Checking for           DBD-Oracle (v1.19)     not found 

The following Perl modules are optional:
Checking for                   GD (v1.20)     ok: found v2.46 
Checking for                Chart (v2.1.0)    ok: found v2.4.1 
Checking for          Template-GD (any)       ok: found v1.56 
Checking for           GDTextUtil (any)       ok: found v0.86 
Checking for              GDGraph (any)       ok: found v1.44 
Checking for           MIME-tools (v5.406)    ok: found v5.427 
Checking for          libwww-perl (any)       ok: found v6.03 
Checking for             XML-Twig (any)       ok: found v3.39 
Checking for          PatchReader (v0.9.6)    ok: found v0.9.6 
Checking for            perl-ldap (any)       ok: found v0.39 
Checking for          Authen-SASL (any)       ok: found v2.12 
Checking for         Net-SMTP-SSL (v1.01)     ok: found v1.01 
Checking for           RadiusPerl (any)       ok: found v0.14 
Checking for            SOAP-Lite (v0.712)    ok: found v0.712 
Checking for          XMLRPC-Lite (v0.712)    ok: found v0.712 
Checking for             JSON-RPC (any)       ok: found v0.96 
Checking for              JSON-XS (v2.0)      ok: found v2.32 
Checking for           Test-Taint (any)       ok: found v1.04 
Checking for          HTML-Parser (v3.40)     ok: found v3.69 
Checking for        HTML-Scrubber (any)       ok: found v0.08 
Checking for               Encode (v2.21)     ok: found v2.40 
Checking for        Encode-Detect (any)       ok: found v1.01 
Checking for          Email-Reply (any)       ok: found v1.202 
Checking for HTML-FormatText-WithLinks (v0.13)     ok: found v0.14 
defined(%hash) is deprecated at lib/Data/ObjectDriver/Driver/DBD.pm line 14, <DATA> line 275.
        (Maybe you should just omit the defined()?)
Checking for          TheSchwartz (v1.07)     ok: found v1.07 
Checking for       Daemon-Generic (any)       ok: found v0.61 
Checking for             mod_perl (v1.999022) ok: found v2.000007 
Checking for     Apache-SizeLimit (v0.96)     ok: found v0.96 
Checking for        File-MimeInfo (any)       ok: found v0.15 
Checking for           IO-stringy (any)       ok: found v2.110 
WARNING: We could not check the configuration of Apache. This sometimes
happens when you are not running checksetup.pl as root. To see the
problem we ran into, run: /usr/sbin/apache2 -t -D DUMP_MODULES

Reading ./localconfig...
Checking for            DBD-mysql (v4.001)    ok: found v4.017 
Checking for                MySQL (v5.0.15)   ok: found v5.1.61-log 

Removing existing compiled templates...
Precompiling templates...done.
Fixing file permissions...
Checking for             GraphViz (any)       ok 
checksetup.pl complete.

------------------------------------

With this, Bugzilla seems to be running fine as expected...

------------------------------------

Some version information of the machine:

~# perl -Mversion -wE 'say $version::VERSION' is
0.94

~# perl -wE 'eval "require Apache2::SizeLimit"; say Apache2::SizeLimit->VERSION'
0.96

~# perl --version
This is perl 5, version 12, subversion 4 (v5.12.4) built for x86_64-linux
------------------------------------

What should I do now? Version 4.4.2 is stable, why does this happen?
(Assignee)

Comment 17

3 years ago
(In reply to b.cropp from comment #16)

> Invalid version format (non-numeric data) at
> Bugzilla/Install/Requirements.pm line 707.

It would be interesting to know which (invalid) version it gets. If you know how to hack version.pm, please make it more verbose.


> I could fix it by exchanging the line 707 in Requirements.pm from
> 
>     my $vok = ($vnum ne '-1' && version->new($vnum) >=
> version->new($wanted)) ? 1 : 0;
> 
> to
> 
>     my $vok = (vers_cmp($vnum,$wanted) > -1);

You are reverting what we did in this bug. This may fix your issue, but introduces new ones. So that's not the right fix.


> ~# perl -wE 'eval "require Apache2::SizeLimit"; say
> Apache2::SizeLimit->VERSION'
> 0.96

Your issue is unrelated to Apache2::SizeLimit. It's more likely related to DateTime::TimeZone. You should try this, from the bugzilla/ root directory:

perl -Mlib=lib -MDateTime::TimeZone -wE 'my $v = DateTime::TimeZone->VERSION; say $v; my $o = version->new($v); say $o'

It should return twice the same version, in your case 1.59.

Comment 18

3 years ago
(In reply to Frédéric Buclin from comment #17)
> (In reply to b.cropp from comment #16)
> 
> > Invalid version format (non-numeric data) at
> > Bugzilla/Install/Requirements.pm line 707.
> 
> It would be interesting to know which (invalid) version it gets. If you know
> how to hack version.pm, please make it more verbose.
> 

Sorry, I am no developer, so I don't know how to do that.

> 
> > I could fix it by exchanging the line 707 in Requirements.pm from
> > 
> >     my $vok = ($vnum ne '-1' && version->new($vnum) >=
> > version->new($wanted)) ? 1 : 0;
> > 
> > to
> > 
> >     my $vok = (vers_cmp($vnum,$wanted) > -1);
> 
> You are reverting what we did in this bug. This may fix your issue, but
> introduces new ones. So that's not the right fix.

Of course. "fix" wasn't the right word, workaround in that case would be better... ;-)

> 
> 
> > ~# perl -wE 'eval "require Apache2::SizeLimit"; say
> > Apache2::SizeLimit->VERSION'
> > 0.96
> 
> Your issue is unrelated to Apache2::SizeLimit. It's more likely related to
> DateTime::TimeZone. You should try this, from the bugzilla/ root directory:
> 
> perl -Mlib=lib -MDateTime::TimeZone -wE 'my $v =
> DateTime::TimeZone->VERSION; say $v; my $o = version->new($v); say $o'
> 
> It should return twice the same version, in your case 1.59.

# perl -Mlib=lib -MDateTime::TimeZone -wE 'my $v = DateTime::TimeZone->VERSION; say $v; my $o = version->new($v); say $o'
1.59
1.59
(Assignee)

Comment 19

3 years ago
Thanks for the testing. Could you jump into our IRC channel to talk a bit about your issue? I'm there for the next 20 minutes. The channel is: irc://irc.mozilla.org/bugzilla

Updated

3 years ago
Duplicate of this bug: 967497

Comment 21

3 years ago
(In reply to Frédéric Buclin from comment #19)
> Thanks for the testing. Could you jump into our IRC channel to talk a bit
> about your issue? I'm there for the next 20 minutes. The channel is:
> irc://irc.mozilla.org/bugzilla

Thanks again Frédéric for your help yesterday at IRC !

After further investigation, I updated the whole machine. Now checksetup.pl works as expected!

I think it was a faulty Perl version/module, especially:

old version: perl-core/version-0.940.0 --> new version: perl-core/version-0.990.100

The machine runs now:

This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux
(Assignee)

Updated

2 years ago
Keywords: relnote
You need to log in before you can comment on or make changes to this bug.