Bug#480154: FTBFS on mips (cgiupload tests fail)
    Niko Tyni 
    ntyni at debian.org
       
    Sun Aug 10 19:09:20 UTC 2008
    
    
  
tag 480154 patch
thanks
On Sat, Aug 02, 2008 at 05:15:32PM +0200, Ana Guerrero wrote:
> On Mon, May 26, 2008 at 03:22:55PM +0300, Niko Tyni wrote:
> > On Thu, May 08, 2008 at 02:09:10PM +0300, Damyan Ivanov wrote:
> > > Package: libapache2-mod-perl2
> > > Version: 2.0.4-1
> > > Severity: serious
> > > 
> > > 2.0.4-1 fails to build on mips[1].
> > > 
> > >     [1] http://buildd.debian.org/fetch.cgi?&pkg=libapache2-mod-perl2&ver=2.0.4-1&arch=mips&stamp=1209964732&file=log
> > > 
> > >     t/modules/cgipost2......................ok
> > >     t/modules/cgiupload.....................# Failed test 2 in
> > >     t/modules/cgiupload.t at line 36 fail #2
> > >     FAILED test 2
> > >         Failed 1/2 tests, 50.00% okay
> > >     t/modules/cgiupload2....................# Failed test 2 in
> > >     t/modules/cgiupload2.t at line 36 fail #2
> > >     FAILED test 2
> > >         Failed 1/2 tests, 50.00% okay
> > 
> > This just happened to me once on amd64+sbuild; the next try succeeded.
> > Probably a race condition in the test suite. Reopening and downgrading
> > to 'important' (as usual for low-probability FTBFS bugs).
> 
> I just reproduced this, try again in a different machine and got the FTBFS
> again. I am afraid it is not a low-probability FTBFS bug. 
> I am upgrading to serious.
OK, I think I've got it now. The fix is to build-depend on 
libcgi-pm-perl (>= 3.33). From the CGI.pm changelog at 3.33:
   3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10
See http://rt.perl.org/rt3/Public/Bug/Display.html?id=50322
For those interested, some notes:
- t/modules/cgiupload fails all its tests if run alone with e.g.
   APACHE_TEST_EXTRA_ARGS="-httpd_conf /etc/apache2/apache2.conf t/modules/cgiupload"  make test
  but if t/modules/cgi.t is run first, everything seems fine:
   APACHE_TEST_EXTRA_ARGS="-httpd_conf /etc/apache2/apache2.conf t/modules/cgi t/modules/cgiupload"  make test
- the difference is that the server-side part of cgi.t,
  t/response/TestModules/cgi.pm, has 'PerlOptions -SetupEnv'
- this means that 'SetEnv TMPDIR @t_logs@' in t/conf/extra.conf.in doesn't get
  activated when cgi.t is run first
- if $ENV{TMPDIR} is set when first running CGI->new(), its tainted
  value is used as an sprintf() format up until CGI.pm 3.33, leading to
  a fatal exception introduced in Perl 5.10. From t/logs/error.log:
  [Sun Aug 10 21:05:53 2008] [error] [client 127.0.0.1] Insecure dependency in sprintf while running with -T switch at (eval 149) line 6.\n
- this is an internal server error, so the length of the returned
  document isn't the one expected and the test fails
- the difficulty in reproducing this is because Apache will create new
  children/threads non-deterministically (possibly based on server
  load?), and the test only fails when run in a new child that hasn't
  run t/response/TestModules/cgi.pm first.
- the bug can be made more reproducible by increasing the loop count in
  t/modules/cgiupload.t from 2 to something like 100, but I still can't
  see it in a full 'make test' run myself. This makes it always show
  up when only running cgi.t and cgiupload.t, though.
- I *think* what happens is that on a loaded build host, the tests may
  get all the way up to cgiupload.t in a single server interpreter
  because the client side runs slowly, and a new child is only created
  in the cgiupload.t loop.
- in any case, installing libcgi-pm-perl fixes the problem for me
  (although there's still an upstream mod_perl2 bug in that TMPDIR isn't
  inside the build sandbox all the time).
Cheers,
-- 
Niko Tyni   ntyni at debian.org
    
    
More information about the pkg-perl-maintainers
mailing list