Bug 823948 - Review Request: perl-Lexical-SealRequireHints - Prevent leakage of lexical hints
Review Request: perl-Lexical-SealRequireHints - Prevent leakage of lexical hints
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Petr Pisar
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 823989
  Show dependency treegraph
 
Reported: 2012-05-22 09:53 EDT by Jitka Plesnikova
Modified: 2012-05-24 11:26 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-24 11:26:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
ppisar: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Jitka Plesnikova 2012-05-22 09:53:56 EDT
Spec URL: http://jplesnik.fedorapeople.org/perl-Lexical-SealRequireHints/perl-Lexical-SealRequireHints.spec
SRPM URL: http://jplesnik.fedorapeople.org/perl-Lexical-SealRequireHints/perl-Lexical-SealRequireHints-0.007-1.fc18.src.rpm
Description: This module works around two historical bugs in Perl's handling of the %^H (lexical hints) variable. One bug causes lexical state in one file to leak into another that is required/used from it. This bug, [perl #68590], was present from Perl 5.6 up to Perl 5.10, fixed in Perl 5.11.0. The second bug causes lexical state (normally a blank %^H once the first bug is fixed) to leak outwards from utf8.pm, if it is automatically loaded during Unicode regular expression matching, into whatever source is compiling at the time of the regexp match. This bug, [perl #73174], was present from Perl 5.8.7 up to Perl 5.11.5, fixed in Perl 5.12.0.
Fedora Account System Username: jplesnik
Comment 1 Petr Pisar 2012-05-24 07:34:35 EDT
Source file is original. Ok.
Summary verified from lib/Lexical/SealRequireHints.pm. Ok.
License verified from lib/Lexical/SealRequireHints.pm. Ok.
Description verified from lib/Lexical/SealRequireHints.pm. Ok.
URL and Source0 are usable. Ok.
XS code presents, BuildArch is Ok.

TODO: Do no package useless META.json (installation instructions) and README (copy of POD).

TODO: Declare conflict with `perl(B::Hooks::OP::Check) < 0.19' (Build.PL:96, 
Changes:45).

All tests pass. Ok.

$ rpmlint  perl-Lexical-SealRequireHints.spec  ../SRPMS/perl-Lexical-SealRequireHints-0.007-1.fc18.src.rpm ../RPMS/x86_64/perl-Lexical-SealRequireHints-*
perl-Lexical-SealRequireHints.x86_64: W: private-shared-object-provides /usr/lib64/perl5/vendor_perl/auto/Lexical/SealRequireHints/SealRequireHints.so SealRequireHints.so()(64bit)
perl-Lexical-SealRequireHints.x86_64: W: private-shared-object-provides /usr/lib64/perl5/vendor_perl/auto/Lexical/SealRequireHints/SealRequireHints.so SealRequireHints.so()(64bit)
perl-Lexical-SealRequireHints-debuginfo.x86_64: E: description-line-too-long C This package provides debug information for package perl-Lexical-SealRequireHints.
3 packages and 1 specfiles checked; 1 errors, 2 warnings.

FIX: Filter private libraries from Provides by calling `%{?perl_default_filter}' before %description section.

$ rpm -q -lv -p ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm 
drwxr-xr-x    2 root    root                        0 May 24 07:24 /usr/lib64/perl5/vendor_perl/Lexical
-rw-r--r--    1 root    root                     9451 May 24 07:24 /usr/lib64/perl5/vendor_perl/Lexical/SealRequireHints.pm
drwxr-xr-x    2 root    root                        0 May 24 07:24 /usr/lib64/perl5/vendor_perl/auto/Lexical
drwxr-xr-x    2 root    root                        0 May 24 07:24 /usr/lib64/perl5/vendor_perl/auto/Lexical/SealRequireHints
-rwxr-xr-x    1 root    root                     6088 May 24 07:24 /usr/lib64/perl5/vendor_perl/auto/Lexical/SealRequireHints/SealRequireHints.so
drwxr-xr-x    2 root    root                        0 May 24 07:25 /usr/share/doc/perl-Lexical-SealRequireHints-0.007
-rw-r--r--    1 root    root                     4777 Feb 11 06:16 /usr/share/doc/perl-Lexical-SealRequireHints-0.007/Changes
-rw-r--r--    1 root    root                     1376 Feb 11 06:16 /usr/share/doc/perl-Lexical-SealRequireHints-0.007/META.json
-rw-r--r--    1 root    root                     2739 Feb 11 06:16 /usr/share/doc/perl-Lexical-SealRequireHints-0.007/README
-rw-r--r--    1 root    root                     4204 May 24 07:24 /usr/share/man/man3/Lexical::SealRequireHints.3pm.gz
File permissions and layout are Ok.

$ rpm -q --requires -p ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm |sort |uniq -c
      1 libc.so.6()(64bit)
      1 libc.so.6(GLIBC_2.2.5)(64bit)
      1 perl(:MODULE_COMPAT_5.14.2)
      1 rpmlib(CompressedFileNames) <= 3.0.4-1
      1 rpmlib(FileDigests) <= 4.6.0-1
      1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
      1 rpmlib(PayloadIsXz) <= 5.2-1
      1 rtld(GNU_HASH)
Binary requires are Ok.

$ rpm -q --provides -p ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm |sort |uniq -c
      1 perl(Lexical::SealRequireHints) = 0.007
      1 perl-Lexical-SealRequireHints = 0.007-1.fc18
      1 perl-Lexical-SealRequireHints(x86-64) = 0.007-1.fc18
      1 SealRequireHints.so()(64bit)
FIX: Do not export private library `SealRequireHints.so()(64bit)'.

$ resolvedeps rawhide ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm 
Binary dependencies resolvable. Ok.

Package builds in F18 (http://koji.fedoraproject.org/koji/taskinfo?taskID=4097615). Ok.

Otherwise package is in line with Fedora and Perl packaging guidelines.


Please correct all `FIX' issues, consider fixing `TODO' items and provide new spec file.

Resolution: Package NOT approved.
Comment 2 Jitka Plesnikova 2012-05-24 08:39:43 EDT
Updated.
Comment 3 Petr Pisar 2012-05-24 08:56:03 EDT
Spec file changes:

--- perl-Lexical-SealRequireHints.spec.old      2012-05-22 09:21:13.000000000 -0400
+++ perl-Lexical-SealRequireHints.spec  2012-05-24 08:39:20.000000000 -0400
@@ -17,6 +17,9 @@
 BuildRequires:  perl(threads)
 BuildRequires:  perl(Thread::Semaphore)
 Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Conflicts:      perl(B:Hooks::OP::Check) < 0.19
+
+%{?perl_default_filter}

 %description
 This module works around two historical bugs in Perl's handling of the %^H
@@ -46,7 +49,7 @@
 ./Build test

 %files
-%doc Changes META.json README
+%doc Changes
 %{perl_vendorarch}/auto/*
 %{perl_vendorarch}/Lexical*
 %{_mandir}/man3/*


> TODO: Do no package useless META.json (installation instructions) and README > (copy of POD).
-%doc Changes META.json README
+%doc Changes
Ok.

> TODO: Declare conflict with `perl(B::Hooks::OP::Check) < 0.19' (Build.PL:96,
> Changes:45).
+Conflicts:      perl(B:Hooks::OP::Check) < 0.19
Ok.

> FIX: Filter private libraries from Provides by calling
> `%{?perl_default_filter}' before %description section.
$ rpmlint perl-Lexical-SealRequireHints.spec ../SRPMS/perl-Lexical-SealRequireHints-0.007-1.fc18.src.rpm ../RPMS/x86_64/perl-Lexical-SealRequireHints-*
perl-Lexical-SealRequireHints-debuginfo.x86_64: E: description-line-too-long C This package provides debug information for package perl-Lexical-SealRequireHints.
3 packages and 1 specfiles checked; 1 errors, 0 warnings.
Ok.

> FIX: Do not export private library `SealRequireHints.so()(64bit)'.
$ rpm -q --provides -p ../RPMS/x86_64/perl-Lexical-SealRequireHints-0.007-1.fc18.x86_64.rpm |sort |uniq -c
      1 perl(Lexical::SealRequireHints) = 0.007
      1 perl-Lexical-SealRequireHints = 0.007-1.fc18
      1 perl-Lexical-SealRequireHints(x86-64) = 0.007-1.fc18
Binary provides are Ok.

Resolution: Package APPROVED.
Comment 4 Jitka Plesnikova 2012-05-24 09:15:54 EDT
New Package SCM Request
=======================
Package Name: perl-Lexical-SealRequireHints
Short Description: Prevent leakage of lexical hints
Owners: jplesnik mmaslano ppisar psabata
Branches:
InitialCC: perl-sig
Comment 5 Gwyn Ciesla 2012-05-24 10:49:03 EDT
Git done (by process-git-requests).
Comment 6 Jitka Plesnikova 2012-05-24 11:26:57 EDT
Thank you for the review and the repository.

Note You need to log in before you can comment on or make changes to this bug.