Bug 375621 - packages from CPAN dependent on Scalar::Util don't work
packages from CPAN dependent on Scalar::Util don't work
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: perl (Show other bugs)
i686 Linux
low Severity high
: ---
: ---
Assigned To: Marcela Mašláňová
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2007-11-11 03:50 EST by Keith Lofstrom
Modified: 2012-12-05 11:53 EST (History)
10 users (show)

See Also:
Fixed In Version: perl-5.8.8-10.el5_0.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 493353 (view as bug list)
Last Closed: 2009-01-20 16:11:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Keith Lofstrom 2007-11-11 03:50:44 EST
Description of problem:
An automated security update of Perl replaced my 84841 byte file 
with a 36168 byte truncated version.  A CPAN force install of
Scalar::Util put the file back.  The file is used to supply the
weaken() subroutine to Spoon.pm, which is used by Kwiki wiki. 

Version-Release number of selected component (if applicable):

How reproducible: always

Steps to Reproduce:
1.  note Util.so file size before rpm
2.  rpm -Uvh perl-5.8.8-10.el5_0.2.i386.rpm
3.  note Util.so file size after rpm
4.  run programs (like kwiki wiki) the depend on Spoon and Util.so, note crash
5.  CPAN download Scalar::Util, note restored file size
6.  successfully run programs (like kwiki wiki) the depend on Spoon and Util.so

Actual results:

Expected results:

Additional info:  Kwiki wiki is available from  www.kwiki.org, Spoon from CPAN
Comment 1 Ben Levenson 2007-11-21 14:24:14 EST
what version were you running prior to the upgrade?

i just did a quick size comparison on the orig and new file for versions 
perl-5.8.8-10: orig
perl-5.8.8-10.el5_0.1: new

# size Util.so.*
   text    data     bss     dec     hex filename
  34002     668       4   34674    8772 Util.so.new
  34218     668       4   34890    884a Util.so.orig
Comment 2 Marcela Mašláňová 2008-04-30 07:05:13 EDT
Build perl-5.8.8-10.el5_0.1 was deleted. I check builds
perl-5.8.8-10.el5_0.2.i386.rpm, perl-5.8.8-10.i386.rpm and
perl-5.8.8-12.el5.i386.rpm. There wasn't any differences.

I'm closing this bug, because this must be fixed in previous builds. If your
problem persist please reopen this bug.
Comment 3 Paul Bijnens 2008-06-27 06:13:40 EDT
It seems that this bug resurfaced again in the RHEL5.2
perl-5.8.8-10.el5_2.3.x86_64.rpm package.

What I did:
- coming from RHEL5.1 (all update to latest at the time)
- yum update perl
- run programs that depends on Scalar::Util XS version (e.g. using XML::Twig)
   which scream all over the place
- perl -MCPAN -e 'force install "Scalar::Util"'
- run again same programs; all works again.
(I seem to unable to reopen this bug...)
Comment 4 Marcela Mašláňová 2008-06-27 07:56:10 EDT
This is pretty nasty reproducer;-)

I ran into this problem also on Fedora. I didn't find any other solution than
update Scalar::Util package on the last version in perl package. I'm not sure,
where's the problem, because XS support is builtin in perl. Packages which use
Scalar::Util required the last version, if you used anything from cpan.
Comment 5 Stepan Kasal 2008-06-30 12:44:39 EDT
Indeed, in RHEL-5 the modules bundled with perl rpm go to the same directory as
where cpan installs updated versions (site_perl).  This implies that each time
perl itself is updated, all modules bundled in it are reset to their original
versions; you have to reinstall the updated versions you need for your perl
software (kwiki in your case).
We shall consider updating module List::Utils in the main perl for the next
Erratum, if other bugs force an update.  But it would not be useful to issue an
Erratum only for this bug.
Comment 7 RHEL Product and Program Management 2008-07-01 10:34:20 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 8 Paul Bijnens 2008-07-02 04:25:49 EDT
Here is a short command to test if XS version of Scalar::Util
is functional:

   $ perl -MScalar::Util=dualvar -e 1
    is only avaliable with the XS version at -e line 0
   BEGIN failed--compilation aborted.
Comment 11 Stepan Kasal 2008-08-13 08:53:06 EDT
A recipe to reproduce the problem with RHEL 5.2:

0) start with an installation of RHEL which contains perl <= 5.8.8-12.el5

1) as root, do:
for module in
Spoon-0.24For each of the above modules, re
grab $module.tar.gz from CPAN
    (hint: http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Scalar-List-Utils-1.19.tar.gz, others http://search.cpan.org/CPAN/authors/id/I/IN/INGY/$module.tar.gz)
tar zxf $module.tar.gz
cd $module
perl Makefile.PL
make install

2) mkdir exper1 && cd exper1 && spork -new
    (observe that it succeeded)

3) update perl to another version <= 5.8.8-12.el5
   (or emulate it: rpm -e perl --nodeps; yum install perl)

4) $ mkdir exper2 && cd exper2
$ spork -new
Undefined subroutine &Scalar::Util::weaken called at (eval 71) line 4.
Comment 12 Stepan Kasal 2008-08-13 09:37:12 EDT
Explanation of the above reproducer:

ad 1) all those modules install themselves to site_perl subdirectory, with one exception: Scalar-List-Utils-1.19 installs itself to "archdir", i.e., /usr/%{_lib}/perl5/5.8.8/%{_arch}-linux-thread-multi
If you try "rpm -V perl" after "make install" in Scalar-List-Utils-1.19, you can see that the file
has been overwritten by a new version.

All the subsequent module installation somehow relay on that new version of Util.so.

ad 3) during the update, Util.so is replaced by the original one...
ad 4) But spork (or Kwiki) does seem to require Scalar-List-Utils-1.19 to work properly.
As described in the original bug report, when you do "make install" in Scalar-List-Utils-1.19 again, spork works.
And if you update to perl-5.8.8-14.el5, spork works.

The size difference of Util.so mentioned in comment #0 (the orig. description) is not important: perl.rpm contains stripped Util.so, with debug information stored in perl-debuginfo.rpm; that causes the huge size difference.
Comment 13 Stepan Kasal 2008-08-13 09:57:25 EDT
> This is pretty nasty reproducer;-)
 --Marcela, in comment #4
This is also true about my reproducer in comment #11.

If we suppose that XS version of Scalar::Util should be functional, and that is measured by the command "perl -MScalar::Util=dualvar -e 1" (see comment #8), then things get really simple: with perl-5.8.8-10.el5_2.3 the command fails, while with perl-5.8.8-14.el5 it succeeds.

But if you want it more complicated, it is also possible:
The user needed "XS version of Scalar::Util" which does not work with the version packed in perl-5.8.8-10.el5_2.3, so they updated the module Scalar-List-Utils to 1.19, as available on CPAN.  But that module installs by default to "archlib", not sitearch, so it installed to the same location where the built-in version lives.  This means that an update of perl.rpm overrided this user installed version.
The fact that the module "lives" in the archlib and thus will be overwritten by every perl update, is one of the reasons for packing the latest version of Scalar-List-Utils in the perl rpm.
Comment 14 Petr Šplíchal 2008-08-14 08:01:52 EDT
Finally, I've found the shortest working reproducer, here it is:

1) install Scalar::Util module from CPAN:

   perl -MCPAN -e shell
   cpan> force install "Scalar::Util"
   cpan> quit


   perl -MCPAN -e 'force install "Scalar::Util"'

   The latter is nicer, but the force would not work for me here,
   don't know why, it reports "Scalar::Util is up to date" :-(

2) reinstall/upgrade the perl package

   rpm -Uvh --force perl-current-or-newer-version.rpm

3) perl -MScalar::Util=dualvar -e 1

The last step should work flawlessly for fixed packages, and report the following error for the broken ones:

   is only avaliable with the XS version at -e line 0
   BEGIN failed--compilation aborted.

That's it!
Comment 18 errata-xmlrpc 2009-01-20 16:11:12 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Comment 20 derek hosewood 2010-07-08 05:21:18 EDT
Comment 21 Frank Thommen 2010-11-25 05:38:26 EST
The bug has come back with perl-5.8.8-32.el5_5.2
Comment 22 Petr Šplíchal 2010-11-25 12:14:26 EST
To prevent overwriting your manually installed CPAN modules by
package updates, please install them in the site_perl directory.
This is now the default in RHEL6. See bug 594768 for details.
Comment 23 Todd Zervas 2012-10-30 09:32:24 EDT
This bug has come back with 4:perl-5.8.8-38.el5_8.x86_64

Note You need to log in before you can comment on or make changes to this bug.