Description of problem: An automated security update of Perl replaced my 84841 byte file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/List/Util/Util.so with a 36168 byte truncated version. A CPAN force install of Scalar::Util put the file back. The file is used to supply the weaken() subroutine to Spoon.pm, which is used by Kwiki wiki. Version-Release number of selected component (if applicable): perl-5.8.8-10.el5_0.2.i386.rpm How reproducible: always Steps to Reproduce: 1. note Util.so file size before rpm 2. rpm -Uvh perl-5.8.8-10.el5_0.2.i386.rpm 3. note Util.so file size after rpm 4. run programs (like kwiki wiki) the depend on Spoon and Util.so, note crash 5. CPAN download Scalar::Util, note restored file size 6. successfully run programs (like kwiki wiki) the depend on Spoon and Util.so Actual results: Expected results: Additional info: Kwiki wiki is available from www.kwiki.org, Spoon from CPAN
what version were you running prior to the upgrade? i just did a quick size comparison on the orig and new file for versions perl-5.8.8-10: orig perl-5.8.8-10.el5_0.1: new # size Util.so.* text data bss dec hex filename 34002 668 4 34674 8772 Util.so.new 34218 668 4 34890 884a Util.so.orig
Build perl-5.8.8-10.el5_0.1 was deleted. I check builds perl-5.8.8-10.el5_0.2.i386.rpm, perl-5.8.8-10.i386.rpm and perl-5.8.8-12.el5.i386.rpm. There wasn't any differences. I'm closing this bug, because this must be fixed in previous builds. If your problem persist please reopen this bug.
It seems that this bug resurfaced again in the RHEL5.2 perl-5.8.8-10.el5_2.3.x86_64.rpm package. What I did: - coming from RHEL5.1 (all update to latest at the time) - yum update perl - run programs that depends on Scalar::Util XS version (e.g. using XML::Twig) which scream all over the place - perl -MCPAN -e 'force install "Scalar::Util"' - run again same programs; all works again. (I seem to unable to reopen this bug...)
This is pretty nasty reproducer;-) I ran into this problem also on Fedora. I didn't find any other solution than update Scalar::Util package on the last version in perl package. I'm not sure, where's the problem, because XS support is builtin in perl. Packages which use Scalar::Util required the last version, if you used anything from cpan.
Indeed, in RHEL-5 the modules bundled with perl rpm go to the same directory as where cpan installs updated versions (site_perl). This implies that each time perl itself is updated, all modules bundled in it are reset to their original versions; you have to reinstall the updated versions you need for your perl software (kwiki in your case). We shall consider updating module List::Utils in the main perl for the next Erratum, if other bugs force an update. But it would not be useful to issue an Erratum only for this bug.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Here is a short command to test if XS version of Scalar::Util is functional: $ perl -MScalar::Util=dualvar -e 1 is only avaliable with the XS version at -e line 0 BEGIN failed--compilation aborted.
A recipe to reproduce the problem with RHEL 5.2: 0) start with an installation of RHEL which contains perl <= 5.8.8-12.el5 1) as root, do: for module in Scalar-List-Utils-1.19 IO-All-0.38 Spoon-0.24For each of the above modules, re Kwiki-0.39 Kwiki-Cache-0.11 Spork-0.20 do grab $module.tar.gz from CPAN (hint: http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Scalar-List-Utils-1.19.tar.gz, others http://search.cpan.org/CPAN/authors/id/I/IN/INGY/$module.tar.gz) tar zxf $module.tar.gz cd $module perl Makefile.PL make make install done 2) mkdir exper1 && cd exper1 && spork -new (observe that it succeeded) 3) update perl to another version <= 5.8.8-12.el5 (or emulate it: rpm -e perl --nodeps; yum install perl) 4) $ mkdir exper2 && cd exper2 $ spork -new Undefined subroutine &Scalar::Util::weaken called at (eval 71) line 4.
Explanation of the above reproducer: ad 1) all those modules install themselves to site_perl subdirectory, with one exception: Scalar-List-Utils-1.19 installs itself to "archdir", i.e., /usr/%{_lib}/perl5/5.8.8/%{_arch}-linux-thread-multi If you try "rpm -V perl" after "make install" in Scalar-List-Utils-1.19, you can see that the file /usr/%{_lib}/perl5/5.8.8/%{_arch}-linux-thread-multi/auto/List/Util/Util.so has been overwritten by a new version. All the subsequent module installation somehow relay on that new version of Util.so. ad 3) during the update, Util.so is replaced by the original one... ad 4) But spork (or Kwiki) does seem to require Scalar-List-Utils-1.19 to work properly. As described in the original bug report, when you do "make install" in Scalar-List-Utils-1.19 again, spork works. And if you update to perl-5.8.8-14.el5, spork works. The size difference of Util.so mentioned in comment #0 (the orig. description) is not important: perl.rpm contains stripped Util.so, with debug information stored in perl-debuginfo.rpm; that causes the huge size difference.
> This is pretty nasty reproducer;-) --Marcela, in comment #4 This is also true about my reproducer in comment #11. If we suppose that XS version of Scalar::Util should be functional, and that is measured by the command "perl -MScalar::Util=dualvar -e 1" (see comment #8), then things get really simple: with perl-5.8.8-10.el5_2.3 the command fails, while with perl-5.8.8-14.el5 it succeeds. But if you want it more complicated, it is also possible: The user needed "XS version of Scalar::Util" which does not work with the version packed in perl-5.8.8-10.el5_2.3, so they updated the module Scalar-List-Utils to 1.19, as available on CPAN. But that module installs by default to "archlib", not sitearch, so it installed to the same location where the built-in version lives. This means that an update of perl.rpm overrided this user installed version. The fact that the module "lives" in the archlib and thus will be overwritten by every perl update, is one of the reasons for packing the latest version of Scalar-List-Utils in the perl rpm.
Finally, I've found the shortest working reproducer, here it is: 1) install Scalar::Util module from CPAN: perl -MCPAN -e shell cpan> force install "Scalar::Util" cpan> quit or perl -MCPAN -e 'force install "Scalar::Util"' The latter is nicer, but the force would not work for me here, don't know why, it reports "Scalar::Util is up to date" :-( 2) reinstall/upgrade the perl package rpm -Uvh --force perl-current-or-newer-version.rpm 3) perl -MScalar::Util=dualvar -e 1 The last step should work flawlessly for fixed packages, and report the following error for the broken ones: is only avaliable with the XS version at -e line 0 BEGIN failed--compilation aborted. That's it!
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0117.html
http://www.todayloan.co.uk
The bug has come back with perl-5.8.8-32.el5_5.2
To prevent overwriting your manually installed CPAN modules by package updates, please install them in the site_perl directory. This is now the default in RHEL6. See bug 594768 for details.
This bug has come back with 4:perl-5.8.8-38.el5_8.x86_64