[rt.cpan.org #97443] I have found a bug!
Wed Jul 23 15:55:10 2014: Request 97443 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: I have found a bug! Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: ej...@hotmail.com Status: new Ticket https://rt.cpan.org/Ticket/Display.html?id=97443 > Test successful - bugs still get registered/notified via RT even though other "preferred bug-tracker".
[rt.cpan.org #95809] [PATCH] Using Inline in a distribution with multiple modules
https://rt.cpan.org/Ticket/Display.html?id=95809 > Test contributed by neomorphic, in Inline::C/test/27inline_maker.t. Closing.
[rt.cpan.org #95809] [PATCH] Using Inline in a distribution with multiple modules
Sat Jul 19 18:50:38 2014: Request 95809 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: [PATCH] Using Inline in a distribution with multiple modules Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: s...@parasite.cc Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=95809 > Test contributed by neomorphic, in Inline::C/test/27inline_maker.t. Closing.
[rt.cpan.org #5465] Fails to detect C functions taking (void)
Sat Jul 19 18:17:21 2014: Request 5465 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Fails to detect C functions taking (void) Broken in: (no value) Severity: Normal Owner: Nobody Requestors: q...@laxan.com Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=5465 > Closing as is fixed in PRE, and tested for.
[rt.cpan.org #97110] breaks Imager::Inline
Sat Jul 19 18:06:31 2014: Request 97110 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: breaks Imager::Inline Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: pagen...@gmail.com Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=97110 > In the absence of any further information, I am closing this. If the fix given above doesn't help, please raise an issue on https://github.com/ingydotnet/inline-pm/issues
[rt.cpan.org #97110] breaks Imager::Inline
https://rt.cpan.org/Ticket/Display.html?id=97110 > In the absence of any further information, I am closing this. If the fix given above doesn't help, please raise an issue on https://github.com/ingydotnet/inline-pm/issues
[rt.cpan.org #97110] breaks Imager::Inline
Thu Jul 10 12:41:21 2014: Request 97110 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: breaks Imager::Inline Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: pagen...@gmail.com Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=97110 > A quick fix for this is to make your "Inline" function use $_[-1] for its language: that will work both with the old model and the new model.
[rt.cpan.org #97110] breaks Imager::Inline
https://rt.cpan.org/Ticket/Display.html?id=97110 > A quick fix for this is to make your "Inline" function use $_[-1] for its language: that will work both with the old model and the new model.
[rt.cpan.org #85336] Fails often when tested in parallel
Wed Jul 02 18:01:36 2014: Request 85336 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Fails often when tested in parallel Broken in: 0.53 Severity: (no value) Owner: Nobody Requestors: a...@cpan.org, ken...@cpan.org Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=85336 > commit 0bcdb0f7dfa065ff5bf68f2f3033ec7c549e38c3 Author: ... Date: Wed Jul 2 22:43:44 2014 +0100 Undo change disabling BUILD_NOISY for Win32 when shell eq "cmd". In new 0.55_03: diff --git a/C/C.pm b/C/C.pm index 0b8073e..cc2f4a0 100644 --- a/C/C.pm +++ b/C/C.pm @@ -852,7 +852,8 @@ sub system_call { defined $ENV{PERL_INLINE_BUILD_NOISY} ? $ENV{PERL_INLINE_BUILD_NOISY} : $o->{CONFIG}{BUILD_NOISY}; -$build_noisy = undef if $build_noisy and $^O eq 'MSWin32' and $Config::Conf +# test this functionality with: +#perl -MInline=C,Config,BUILD_NOISY,1,FORCE_BUILD,1 -e "use Inline C => q[v if (not $build_noisy) { $cmd = "$cmd > $output_file 2>&1"; }
[rt.cpan.org #85336] Fails often when tested in parallel
Wed Jul 02 00:55:23 2014: Request 85336 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Fails often when tested in parallel Broken in: 0.53 Severity: (no value) Owner: Nobody Requestors: a...@cpan.org, ken...@cpan.org Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=85336 > FYI, the code to show the correct operation of BUILD_NOISY can be one-linered like so: perl -MInline=C,Config,BUILD_NOISY,1,FORCE_BUILD,1 -e "use Inline C => q[void inline_warner() { int *x = 2; }]" My reading of the patch in question is that it turns off BUILD_NOISY when it's Windows and the shell is cmd. If BUILD_NOISY does the right thing with Win32 and CMD, let's undo that change?
[rt.cpan.org #95809] [PATCH] Using Inline in a distribution with multiple modules
Tue Jun 24 09:20:20 2014: Request 95809 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: [PATCH] Using Inline in a distribution with multiple modules Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: s...@parasite.cc Status: resolved Ticket https://rt.cpan.org/Ticket/Display.html?id=95809 > Would still like to make a test for this - reopening.
[rt.cpan.org #17415] Problem with PAR and Inline
Sun Jun 22 23:31:23 2014: Request 17415 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Problem with PAR and Inline Broken in: 0.44 Severity: (no value) Owner: Nobody Requestors: joh...@darserman.com, jona...@cpan.org Status: new Ticket https://rt.cpan.org/Ticket/Display.html?id=17415 > This looks like a specific example of the general issue of being able to run when relocated. The bug is from 2006. In 2014, Inline's M30_error_no_obj function (which will get called in the code the proposed patch wants to not run) gives instructions on how to allow a new compile of the inline code. I propose that the correct way to deal with the problem the requestor was having is to either make PAR create suitable 'auto' directories so Inline can find what it's looking for, or update the modules that use inline code to not disable the rebuilding.
[rt.cpan.org #19624] Inline::Structs Configuration of LIB and INC are ignored when using structs
Sun Jun 22 23:08:48 2014: Request 19624 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Inline::Structs Configuration of LIB and INC are ignored when using structs Broken in: 0.44 Severity: Important Owner: Nobody Requestors: roger.wy...@nomadsoft.com Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=19624 > Since Inline::Struct is very buggy and has not been updated since 2001 (see http://grokbase.com/t/perl/inline/06ac69a1mx/how-to-use-inline-structs ), is there any reason to leave this ticket open anymore?
[rt.cpan.org #5465] Fails to detect C functions taking (void)
Sun Jun 22 22:40:39 2014: Request 5465 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Fails to detect C functions taking (void) Broken in: (no value) Severity: Normal Owner: Nobody Requestors: q...@laxan.com Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=5465 > I have updated C/t/14void_arg.t to use Test::More: https://github.com/mohawk2/inline-pm/commit/7403d3f187e40bc8c52374c3f41f4c360772444d And then made it also use ParseRecDescent https://github.com/mohawk2/inline-pm/commit/1592b55ec49071f5d341e864504fb3bf8658ab6e It passes, so looks like this bug is now no longer applicable.
[rt.cpan.org #95809] [PATCH] Using Inline in a distribution with multiple modules
Sun Jun 22 21:12:16 2014: Request 95809 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: [PATCH] Using Inline in a distribution with multiple modules Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: s...@parasite.cc Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=95809 > On Sat Jun 21 00:21:40 2014, SISYPHUS wrote: > There's no testing of this specific bugfix in the test suite, though > there are the 2 demo modules modules/Math-Simple-1.23 and modules/Boo- > 2.01 - both of which should build and test fine as a result of this > bugfix. > Math-Simple-1.23 has always built fine, but Boo-2.01 (added with this > latest release) does not build correctly with earlier versions of > Inline. Forgive my ignorance, including of MakeMaker - would it be possible to make a test for the generality of building a module, by installing it into a temporary directory, probably under /tmp? This would probably require using something like SITE_INSTALL? If that's right, let me know (or correct me), and I'll knock something up.
[rt.cpan.org #7138] installation problems when no read permissions in some parent directories
Sun Jun 22 20:47:29 2014: Request 7138 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: installation problems when no read permissions in some parent directories Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: nedk...@cpan.org Status: new Ticket https://rt.cpan.org/Ticket/Display.html?id=7138 > Good news: for whatever reason, this error does not happen now: [...] t/26fork.t .. ok All tests successful. Files=26, Tests=104, 87 wallclock secs ( 0.22 usr 0.07 sys + 75.18 cusr 10.66 csys = 86.13 CPU) Result: PASS make[1]: Leaving directory `/home/user/inline-pm/C' [user@localhost inline-pm]$ ls -ld . .. drwxr-xr-x. 10 user user 4096 Jun 23 01:36 . d--x--. 41 user user 4096 Jun 23 01:05 ..
[rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Sat Jun 21 22:28:50 2014: Request 96291 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: t/08taint.t fails on perl 5.20.0 Broken in: 0.55 Severity: (no value) Owner: Nobody Requestors: e...@cpan.org Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=96291 > On further further reflection, the previous logic is bound to give false positives when running as root, which means installing as root using CPAN (a reasonable thing to do) will fail tests, which is where we came in. Instead, this patch (replacing previous two) actually tests $< != $>, which revealed a couple of quirks, hence a couple of extra changes: diff --git a/C/t/08taint.t b/C/t/08taint.t index 9effb6f..357b551 100644 --- a/C/t/08taint.t +++ b/C/t/08taint.t @@ -21,13 +21,15 @@ BEGIN { use warnings; use strict; use Test::More tests => 10; - use Test::Warn; # Suppress "Set up gcc environment ..." warning. # (Affects ActivePerl only.) $ENV{ACTIVEPERL_CONFIG_SILENT} = 1; +# deal with running as root - actually simulate running as setuid program +$< = 1; # ignore failure + my $w1 = 'Blindly untainting tainted fields in %ENV'; my $w2 = 'Blindly untainting Inline configuration file information'; my $w3 = 'Blindly untainting tainted fields in Inline object'; diff --git a/Inline.pm b/Inline.pm index 32868a3..83f7035 100644 --- a/Inline.pm +++ b/Inline.pm @@ -846,6 +846,8 @@ sub create_config_file { next; } next if $mod =~ /^(MakeMaker|denter|messages)$/; + # @INC is made safe by -T disallowing PERL5LIB et al + ($mod) = $mod =~ /(.*)/; eval "require Inline::$mod;"; warn($@), next if $@; eval "\$register=&Inline::${mod}::register"; @@ -1075,11 +1077,16 @@ sub env_untaint { join ';', grep {not /^\./ and -d $_ } split /;/, $ENV{PATH} : - join ':', grep {/^\// and -d $_ and not ((stat($_))[2] & 0022) + join ':', grep {/^\// and -d $_ and $< == $> ? 1 : not (-W $_ or -O $_) } split /:/, $ENV{PATH}; map {($_) = /(.*)/} @INC; +# list cherry-picked from `perldoc perlrun` +delete @ENV{qw(PERL5OPT PERL5SHELL PERL_ROOT IFS CDPATH ENV BASH_ENV)}; +$ENV{SHELL} = '/bin/sh' if -x '/bin/sh'; + +$< = $> if $< != $>; # so child processes retain euid - ignore failure } #== # Blindly untaint tainted fields in Inline object.
[rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Sat Jun 21 19:22:11 2014: Request 96291 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: t/08taint.t fails on perl 5.20.0 Broken in: 0.55 Severity: (no value) Owner: Nobody Requestors: e...@cpan.org Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=96291 > On further reflection, the previous logic and patch is slightly imperfect; a malicious user could include a directory under their control, put in a "chmod" command, then deny themselves write permission, and the directory would still be permitted. Instead, this patch, which replaces the previous one, will strip out directories either writable OR owned by the real uid: diff --git a/Inline.pm b/Inline.pm index 32868a3..3b62337 100644 --- a/Inline.pm +++ b/Inline.pm @@ -1075,7 +1075,7 @@ sub env_untaint { join ';', grep {not /^\./ and -d $_ } split /;/, $ENV{PATH} : - join ':', grep {/^\// and -d $_ and not ((stat($_))[2] & 0022) + join ':', grep {/^\// and -d $_ and not (-W $_ or -O $_) } split /:/, $ENV{PATH}; map {($_) = /(.*)/} @INC;
[rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Sat Jun 21 18:47:52 2014: Request 96291 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: t/08taint.t fails on perl 5.20.0 Broken in: 0.55 Severity: (no value) Owner: Nobody Requestors: e...@cpan.org Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=96291 > The failure is because on that test system, input PATH: /srv/smoker/bin:/usr/lib/ccache:/srv/smoker/perl5/perlbrew/bin:/srv/smoker/perl5/perlbrew/perls/perl-5.20.0/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games is being stripped down to this: /srv/smoker/bin:/usr/lib/ccache:/srv/smoker/perl5/perlbrew/bin:/srv/smoker/perl5/perlbrew/perls/perl-5.20.0/bin:/usr/bin:/usr/games These were removed: /usr/local/bin /bin /usr/local/games The untainting code, on non-Windows (this system is Linux) removes directories from PATH if they are NOT: absolute, directories, and neither group- nor world- writable. The "problem" here is that the relevant system has configured /bin to be either group- or world-writable. It therefore gets removed, so chmod (which typically lives in /bin) is unavailable. The issue we face here is that tainting is designed to deal with two different situations: CGIs, and suid scripts on multi-user systems. A. For CGIs, there is no point in stripping the PATH, because the entire content of the system is under the control of the admin, and the only threat is web-user input. B. For suid scripts on multi-user systems, there IS a point to stripping the PATH, because a malicious user could provide a PATH where e.g. a chmod command under their control would be found before the "real" one. However, the "correct" value to set PATH to is probably not by stripping some values out, but by setting it to a known value, eg "/bin:/usr/bin:/usr/local/bin". This might be problematic because that will not always be the correct value for a given system, and would therefore need to be configured on installation, which is not a road Inline has yet needed to go down. I believe there are two decent ways forward here: 1. document that Inline does not build when used in taint mode (although it can still safely run code) and make it be a fatal error to try to do so; 2. update the PATH-untainting code to being nearly what it was before I changed it, but instead of "-w $_ || -W $_", which I believe was a mistake, since it means "writable by either effective or real uid", make it "-W $_" - "writable by real uid". I advocate method 2, since it deals effectively with situations A and B (including the real threat in B), and will almost certainly pass on the system that failed the test. The following patch implements it, and all the tests still pass on my Linux system: diff --git a/Inline.pm b/Inline.pm index 32868a3..5fced1c 100644 --- a/Inline.pm +++ b/Inline.pm @@ -1075,7 +1075,7 @@ sub env_untaint { join ';', grep {not /^\./ and -d $_ } split /;/, $ENV{PATH} : - join ':', grep {/^\// and -d $_ and not ((stat($_))[2] & 0022) + join ':', grep {/^\// and -d $_ and not -W $_ } split /:/, $ENV{PATH}; map {($_) = /(.*)/} @INC;
[rt.cpan.org #85336] Fails often when tested in parallel
Thu Jun 12 04:37:14 2014: Request 85336 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Fails often when tested in parallel Broken in: 0.53 Severity: (no value) Owner: Nobody Requestors: a...@cpan.org, ken...@cpan.org Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=85336 > I'd be very interested to know whether the change proposed in https://github.com/mohawk2/inline-pm/commit/9fef7cfbd731249579deb3510d96a318115a0928 fixes this issue.
[rt.cpan.org #85336] Fails often when tested in parallel
https://rt.cpan.org/Ticket/Display.html?id=85336 > I'd be very interested to know whether the change proposed in https://github.com/mohawk2/inline-pm/commit/9fef7cfbd731249579deb3510d96a318115a0928 fixes this issue.
[rt.cpan.org #65703] Build Problem - Inline::C fails at t/08taint.t
Thu Jun 12 04:34:15 2014: Request 65703 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Build Problem - Inline::C fails at t/08taint.t Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: alexander.haec...@web.de Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=65703 > I'd be very interested to know whether the change proposed in https://github.com/mohawk2/inline-pm/commit/f9242a2e92244d99a2ce051c9ae523913eb47fc4 fixes this issue.
[rt.cpan.org #95624] cpan as root cannot install Inline without force
Thu Jun 12 04:34:47 2014: Request 95624 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: cpan as root cannot install Inline without force Broken in: (no value) Severity: (no value) Owner: Nobody Requestors: jeff.ja...@gmail.com Status: new Ticket https://rt.cpan.org/Ticket/Display.html?id=95624 > I'd be very interested to know whether the change proposed in https://github.com/mohawk2/inline-pm/commit/f9242a2e92244d99a2ce051c9ae523913eb47fc4 fixes this issue.
[rt.cpan.org #65703] Build Problem - Inline::C fails at t/08taint.t
https://rt.cpan.org/Ticket/Display.html?id=65703 > I'd be very interested to know whether the change proposed in https://github.com/mohawk2/inline-pm/commit/f9242a2e92244d99a2ce051c9ae523913eb47fc4 fixes this issue.
[rt.cpan.org #13285] Inline breaks down when run in two processes at once
Thu Jun 12 04:02:38 2014: Request 13285 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Inline breaks down when run in two processes at once Broken in: (no value) Severity: Normal Owner: Nobody Requestors: dstah...@gi.alaska.edu Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=13285 > Proposed fix (and test) in commit 5d0ed3f7d1af9b1ca5e4d5167a36170b2fd06ff0 (on github).
[rt.cpan.org #13285] Inline breaks down when run in two processes at once
Wed Jun 11 22:21:47 2014: Request 13285 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: Inline breaks down when run in two processes at once Broken in: (no value) Severity: Normal Owner: Nobody Requestors: dstah...@gi.alaska.edu Status: new Ticket https://rt.cpan.org/Ticket/Display.html?id=13285 > In true perl one-liner style, the following is equivalent: rm -rf _Inline; perl -MInline -e 'fork;Inline->bind(C => q{void a() {puts("z\n");}}); &a' Also, running that a few times sometimes gives other errors as well.
[rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Wed Jun 11 05:52:23 2014: Request 96291 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: t/08taint.t fails on perl 5.20.0 Broken in: 0.55 Severity: (no value) Owner: Nobody Requestors: e...@cpan.org Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=96291 > On Mon Jun 09 01:00:03 2014, NERDVANA wrote: > On Mon Jun 09 00:02:51 2014, NERDVANA wrote: > > Oh, and the perls involved were 5.12.4 and 5.16.3, so it isn't > > specific to 5.20 > > I have further discovered that it only happens when I run cpan or > cpanm as root. When I run "make test" manually as a normal user (with > the files chown'd to that user) the test passes. Reason was the logic in Inline.pm untainting PATH disallows any directories writable by that user - for root, that's all of them! Change proposed is visible on github.
[rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
https://rt.cpan.org/Ticket/Display.html?id=96291 > On Mon Jun 09 01:00:03 2014, NERDVANA wrote: > On Mon Jun 09 00:02:51 2014, NERDVANA wrote: > > Oh, and the perls involved were 5.12.4 and 5.16.3, so it isn't > > specific to 5.20 > > I have further discovered that it only happens when I run cpan or > cpanm as root. When I run "make test" manually as a normal user (with > the files chown'd to that user) the test passes. Reason was the logic in Inline.pm untainting PATH disallows any directories writable by that user - for root, that's all of them! Change proposed is visible on github.
[rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Mon Jun 09 19:53:53 2014: Request 96291 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: t/08taint.t fails on perl 5.20.0 Broken in: 0.55 Severity: (no value) Owner: Nobody Requestors: e...@cpan.org Status: open Ticket https://rt.cpan.org/Ticket/Display.html?id=96291 > If no-one else wants to, I'll do both the test-possible-skipping and a doc update? It would probably be a candidate for a fast new release.
[rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Fri Jun 06 21:34:28 2014: Request 96291 was acted upon. Transaction: Correspondence added by ETJ Queue: Inline Subject: t/08taint.t fails on perl 5.20.0 Broken in: 0.55 Severity: (no value) Owner: Nobody Requestors: e...@cpan.org Status: new Ticket https://rt.cpan.org/Ticket/Display.html?id=96291 > Confirmation from #perl on irc.perl.org - it's a deliberate change in perl 5.20.0. A quick fix would be either to explicitly set $ENV{PATH} to '/bin:/usr/bin', or skip the test for 5.20.0. The rationale is that taint mode is rarely used anymore. The following suggestion was made: <@mst> maybe the best way to fix the test would be to try /bin, /usr/bin, /usr/local/bin <@mst> and see if the necessary binaries are there <@mst> and if yes, you can run the test <@mst> and if no, skip all <@mst> but still run the test in cases where we can do I hoped there would be a sensible value available in %Config, but there isn't.
[rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Fri Jun 06 20:50:00 2014: Request 96291 was acted upon. Transaction: Ticket created by ETJ Queue: Inline Subject: t/08taint.t fails on perl 5.20.0 Broken in: 0.55 Severity: (no value) Owner: Nobody Requestors: e...@cpan.org Status: new Ticket https://rt.cpan.org/Ticket/Display.html?id=96291 > It says (on my system): "sh: make: command not found". A little instrumentation in the "make" method indicated its $ENV{PATH} was empty, which sort of makes sense as a secure thing to do, but doesn't seem to offer any obvious place for a workaround.