Bug 823948

Summary: Review Request: perl-Lexical-SealRequireHints - Prevent leakage of lexical hints
Product: [Fedora] Fedora Reporter: Jitka Plesnikova <jplesnik>
Component: Package ReviewAssignee: Petr Pisar <ppisar>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: notting, package-review, ppisar
Target Milestone: ---Flags: ppisar: fedora-review+
gwync: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-24 15:26:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 823989    

Description Jitka Plesnikova 2012-05-22 13:53:56 UTC
Spec URL: http://jplesnik.fedorapeople.org/perl-Lexical-SealRequireHints/perl-Lexical-SealRequireHints.spec
SRPM URL: http://jplesnik.fedorapeople.org/perl-Lexical-SealRequireHints/perl-Lexical-SealRequireHints-0.007-1.fc18.src.rpm
Description: This module works around two historical bugs in Perl's handling of the %^H (lexical hints) variable. One bug causes lexical state in one file to leak into another that is required/used from it. This bug, [perl #68590], was present from Perl 5.6 up to Perl 5.10, fixed in Perl 5.11.0. The second bug causes lexical state (normally a blank %^H once the first bug is fixed) to leak outwards from utf8.pm, if it is automatically loaded during Unicode regular expression matching, into whatever source is compiling at the time of the regexp match. This bug, [perl #73174], was present from Perl 5.8.7 up to Perl 5.11.5, fixed in Perl 5.12.0.
Fedora Account System Username: jplesnik

Comment 1 Petr Pisar 2012-05-24 11:34:35 UTC
Source file is original. Ok.
Summary verified from lib/Lexical/SealRequireHints.pm. Ok.
License verified from lib/Lexical/SealRequireHints.pm. Ok.
Description verified from lib/Lexical/SealRequireHints.pm. Ok.
URL and Source0 are usable. Ok.
XS code presents, BuildArch is Ok.

TODO: Do no package useless META.json (installation instructions) and README (copy of POD).

TODO: Declare conflict with `perl(B::Hooks::OP::Check) < 0.19' (Build.PL:96, 
Changes:45).

All tests pass. Ok.

$ rpmlint  perl-Lexical-SealRequireHints.spec  ../SRPMS/perl-Lexical-SealRequireHints-0.007-1.fc18.src.rpm ../RPMS/x86_64/perl-Lexical-SealRequireHints-*
perl-Lexical-SealRequireHints.x86_64: W: private-shared-object-provides /usr/lib64/perl5/vendor_perl/auto/Lexical/SealRequireHints/SealRequireHints.so SealRequireHints.so()(64bit)
perl-Lexical-SealRequireHints.x86_64: W: private-shared-object-provides /usr/lib64/perl5/vendor_perl/auto/Lexical/SealRequireHints/SealRequireHints.so SealRequireHints.so()(64bit)
perl-Lexical-SealRequireHints-debuginfo.x86_64: E: description-line-too-long C This package provides debug information for package perl-Lexical-SealRequireHints.
3 packages and 1 specfiles checked; 1 errors, 2 warnings.

FIX: Filter private libraries from Provides by calling `%{?perl_default_filter}' before %description section.

$ rpm -q -lv -p ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm 
drwxr-xr-x    2 root    root                        0 May 24 07:24 /usr/lib64/perl5/vendor_perl/Lexical
-rw-r--r--    1 root    root                     9451 May 24 07:24 /usr/lib64/perl5/vendor_perl/Lexical/SealRequireHints.pm
drwxr-xr-x    2 root    root                        0 May 24 07:24 /usr/lib64/perl5/vendor_perl/auto/Lexical
drwxr-xr-x    2 root    root                        0 May 24 07:24 /usr/lib64/perl5/vendor_perl/auto/Lexical/SealRequireHints
-rwxr-xr-x    1 root    root                     6088 May 24 07:24 /usr/lib64/perl5/vendor_perl/auto/Lexical/SealRequireHints/SealRequireHints.so
drwxr-xr-x    2 root    root                        0 May 24 07:25 /usr/share/doc/perl-Lexical-SealRequireHints-0.007
-rw-r--r--    1 root    root                     4777 Feb 11 06:16 /usr/share/doc/perl-Lexical-SealRequireHints-0.007/Changes
-rw-r--r--    1 root    root                     1376 Feb 11 06:16 /usr/share/doc/perl-Lexical-SealRequireHints-0.007/META.json
-rw-r--r--    1 root    root                     2739 Feb 11 06:16 /usr/share/doc/perl-Lexical-SealRequireHints-0.007/README
-rw-r--r--    1 root    root                     4204 May 24 07:24 /usr/share/man/man3/Lexical::SealRequireHints.3pm.gz
File permissions and layout are Ok.

$ rpm -q --requires -p ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm |sort |uniq -c
      1 libc.so.6()(64bit)
      1 libc.so.6(GLIBC_2.2.5)(64bit)
      1 perl(:MODULE_COMPAT_5.14.2)
      1 rpmlib(CompressedFileNames) <= 3.0.4-1
      1 rpmlib(FileDigests) <= 4.6.0-1
      1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
      1 rpmlib(PayloadIsXz) <= 5.2-1
      1 rtld(GNU_HASH)
Binary requires are Ok.

$ rpm -q --provides -p ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm |sort |uniq -c
      1 perl(Lexical::SealRequireHints) = 0.007
      1 perl-Lexical-SealRequireHints = 0.007-1.fc18
      1 perl-Lexical-SealRequireHints(x86-64) = 0.007-1.fc18
      1 SealRequireHints.so()(64bit)
FIX: Do not export private library `SealRequireHints.so()(64bit)'.

$ resolvedeps rawhide ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm 
Binary dependencies resolvable. Ok.

Package builds in F18 (http://koji.fedoraproject.org/koji/taskinfo?taskID=4097615). Ok.

Otherwise package is in line with Fedora and Perl packaging guidelines.


Please correct all `FIX' issues, consider fixing `TODO' items and provide new spec file.

Resolution: Package NOT approved.

Comment 2 Jitka Plesnikova 2012-05-24 12:39:43 UTC
Updated.

Comment 3 Petr Pisar 2012-05-24 12:56:03 UTC
Spec file changes:

--- perl-Lexical-SealRequireHints.spec.old      2012-05-22 09:21:13.000000000 -0400
+++ perl-Lexical-SealRequireHints.spec  2012-05-24 08:39:20.000000000 -0400
@@ -17,6 +17,9 @@
 BuildRequires:  perl(threads)
 BuildRequires:  perl(Thread::Semaphore)
 Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Conflicts:      perl(B:Hooks::OP::Check) < 0.19
+
+%{?perl_default_filter}

 %description
 This module works around two historical bugs in Perl's handling of the %^H
@@ -46,7 +49,7 @@
 ./Build test

 %files
-%doc Changes META.json README
+%doc Changes
 %{perl_vendorarch}/auto/*
 %{perl_vendorarch}/Lexical*
 %{_mandir}/man3/*


> TODO: Do no package useless META.json (installation instructions) and README > (copy of POD).
-%doc Changes META.json README
+%doc Changes
Ok.

> TODO: Declare conflict with `perl(B::Hooks::OP::Check) < 0.19' (Build.PL:96,
> Changes:45).
+Conflicts:      perl(B:Hooks::OP::Check) < 0.19
Ok.

> FIX: Filter private libraries from Provides by calling
> `%{?perl_default_filter}' before %description section.
$ rpmlint perl-Lexical-SealRequireHints.spec ../SRPMS/perl-Lexical-SealRequireHints-0.007-1.fc18.src.rpm ../RPMS/x86_64/perl-Lexical-SealRequireHints-*
perl-Lexical-SealRequireHints-debuginfo.x86_64: E: description-line-too-long C This package provides debug information for package perl-Lexical-SealRequireHints.
3 packages and 1 specfiles checked; 1 errors, 0 warnings.
Ok.

> FIX: Do not export private library `SealRequireHints.so()(64bit)'.
$ rpm -q --provides -p ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm |sort |uniq -c
      1 perl(Lexical::SealRequireHints) = 0.007
      1 perl-Lexical-SealRequireHints = 0.007-1.fc18
      1 perl-Lexical-SealRequireHints(x86-64) = 0.007-1.fc18
Binary provides are Ok.

Resolution: Package APPROVED.

Comment 4 Jitka Plesnikova 2012-05-24 13:15:54 UTC
New Package SCM Request
=======================
Package Name: perl-Lexical-SealRequireHints
Short Description: Prevent leakage of lexical hints
Owners: jplesnik mmaslano ppisar psabata
Branches:
InitialCC: perl-sig

Comment 5 Gwyn Ciesla 2012-05-24 14:49:03 UTC
Git done (by process-git-requests).

Comment 6 Jitka Plesnikova 2012-05-24 15:26:57 UTC
Thank you for the review and the repository.