Skip Menu |
 

This queue is for tickets about the PAR-Packer CPAN distribution.

Report information
The Basics
Id: 72837
Status: resolved
Priority: 0/
Queue: PAR-Packer

People
Owner: RSCHUPP [...] cpan.org
Requestors: mdengfeng [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: PAR-Packer-1.010 can't work with PAR-1.003
Date: Wed, 30 Nov 2011 18:51:19 +0800
To: bug-PAR-Packer [...] rt.cpan.org
From: DengFeng Mao <mdengfeng [...] gmail.com>
Download (untitled) / with headers
text/plain 3.7k
Hi, Experts I have found a new version of PAR (1.003) was released in 28,Nov. In this version PAR, A bug https://rt.cpan.org/Public/Bug/Display.html?id=69560 has been fixed from the Changelog http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog. It said - create parent of cache directory (i.e. /tmp/par-USER) with mode 0700 - if it already exists, make sure that (and bail out if not) - it's not a symlink - it's mode 0700 - it's owned by USER But the PAR-Packer-1.010 can't work with this version of PAR. The cache directory(i.e. /tmp/par-USER) was changed to mode 755 when installing PAR-Packer-1.010. This caused the PAR bail out. So most of PAR-Packer tests are failed. The following two cases are failed to install PAR-Packer-1.010. 1).In this case , I have removed the '/tmp/par-USER' first, and Then try to install PAR and PAR-Packer. PAR can be installed successfully, PAR-Packer-1.010 was failed ================================================= Leaving directory `/home/dfmao/.cpan/build/PAR-Packer-1.010-G4w2dN/myldr' PERL_DL_NONLAZY=1 /.automount/code/root/extsrc/perl/5.12.3/linuxR_ia64_2.6/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'inc', 'blib/lib', 'blib/arch')" t/00-pod.t t/10-parl-generation.t t/20-pp.t t/30-current_exec.t t/40-packer_cd_option.t t/90-rt59710.t t/00-pod.t ............... skipped: Set environment variable PERL_TEST_POD=1 to test POD t/10-parl-generation.t ... ok # Failed test 'pp_test_small_minus_a # [430] # Test 32_9 The command string " ./hello.out " in directory /home/dfmao/.cpan/build/PAR-Packer-1.010-G4w2dN/contrib/automated_pp_test/pp_switch_tests/temp2,did not produce :: "hello" :: # Instead, it produced :: error: member not found :: # End of [430] results # # Did pp -o hello.out -a "/home/dfmao/.cpan/build/PAR-Packer-1.010-G4w2dN/contrib/automated_pp_test/pp_switch_tests/temp2/text;/home/dfmao/.cpan/build/PAR-Packer-1.010-G4w2dN/contrib/automated_pp_test/pp_switch_tests/temp2/text" hello.pl produce hello.out? # ' # at automated_pp_test.pl line 8490. # Looks like you failed 1 test of 34. t/20-pp.t ................ Dubious, test returned 1 (wstat 256, 0x100) Failed 1/34 subtests # Please wait t/30-current_exec.t ...... ok t/40-packer_cd_option.t .. ok t/90-rt59710.t ........... ok Test Summary Report ------------------- t/20-pp.t (Wstat: 256 Tests: 34 Failed: 1) Failed test: 33 Non-zero exit status: 1 Files=6, Tests=74, 1072 wallclock secs ( 0.11 usr 0.02 sys + 790.56 cusr 97.03 csys = 887.73 CPU) Result: FAIL Failed 1/6 test programs. 1/74 subtests failed. make: *** [test_dynamic] Error 255 RSCHUPP/PAR-Packer-1.010.tar.gz ======================================================= I go to check the mode of /tmp/par-USER, It was 755. not 700. So I think PAR-Packer create this folder with wrong mode and PAR can't work correctly with it. 2) this case is that there is folder /tmp/par-USER, and the mode is 755. In this case, both PAR nad PAR-Packer-1.010 are failed. For this case, I have a suggestion. If a host has installed an older version PAR, It's also possible that the folder /tmp/par-USER has already been there and the mode was not 700. When user try to install the PAR-1.003. It would be failed. Event the PAR-1.003 has been installed successfully by root user, when other user to call PAR would be fail if there is /tmp/par-USER without mode 700 there (Maybe he called PAR before PAR was upgraded to 1.003). So my suggestion is that try to chmod the cache directory to 700 if the mode is not 700 automatically in the PAR/PAR-Packer codes. If it is not successful. Give a message to user to do it manually. Thanks Dengfeng -- --------------------------------------------------------- Market is wrong, But I am right!
Download (untitled) / with headers
text/plain 660b
On 2011-11-30 05:51:35, mdengfeng@gmail.com wrote: Show quoted text
> But the PAR-Packer-1.010 can't work with this version of PAR.
I know. Since both PAR and PAR::Packer have the bug described in CVE-2011-4114, both need to be fixed. And since PAR::Packer depends on PAR, PAR has to go first. Breakage is expected when people have a pre-existing /tmp/par-USER with unsafe permissions in either case. And no - there will be no workaround. These permissions are unsafe and the contents of this directory is expendable, just remove it and retry your operation. A new PAR::Packer with the same fix for CVE-2011-4114 will be uploaded soon, hopefully tonite. Cheers, Roderich
Fixed with latest uploads of PAR and PAR::Packer Cheers, Roderich


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.