Bug#680939: Bug#681350: libconvert-asn1-perl: "use strict" breaks smbldap-tools

[Saulo Soares de Toledo]

>
> > OK, I'll update the package, but maybe we should wait till the end of
> the week
> > and ask for a new release of smbldap-tools, as the one in Debian is
> already
> > outdated.
>

I think if we can test the package with an empty installation can bring us
a faster new smbldap-tools release. We should test if with an empty
installation we have some other bugs derived from "use strict" at perl.
After some tests, I think we can ask smbldap-tools developer's team to a
new release.


> > And, anyway, I'm not using smbldap-tools anymore, if anyone on the Cc:
> list
> > wants to take over mainteinance, be my guest, please.
>
> I'm sorry I'm not using smbldap-tools too, tt only appeared on my
> 'radar' some time ago to remove the Digest::SHA1 dependency which was
> one goal of the Debian Perl Group, and now due to the bugreport from
> Saulo on libconvert-asn1-perl.
>

I'd like to help here, but I'm an occasional user of the package, and my
servers are always to small networks, I'm not the right mantainer to this
package...


> > BTW, I've already have the latest upstream version packaged, but I didn't
> > uploaded it because I wanted to see how many debian bugs were closed by
> it and
> > didn't had the time to look into it and test (I planned to use a LXC
> container
> > with a clean installation of a system with OpenLDAP and SAMBA, but I
> haven't
> > been able to work on it in the last weeks).
>
> This is great, as more (important) bugs fixed with a new release the
> better. Again, sorry cannot help here good, but maybe Saulo can
> provide some feedback?
>

Really sorry, I would like to help here, but I can't do it this days.
Anyway, if I get some news with this question, I will update this report.

I think we should wait some more days. We need make sure we have no another
 critical bug. smbldap-tools team updated only 2 of the scripts...

Thanks

Saulo

Bug#680939: Bug#681350: libconvert-asn1-perl: "use strict" breaks smbldap-tools

[Salvatore Bonaccorso]

Hi Sergio

First of all thanks for the quick reply!

On Tue, Jul 17, 2012 at 09:56:03AM +0200, Sergio Talens-Oliag wrote:
> El Mon, Jul 16, 2012 at 08:53:37PM +0200, Salvatore Bonaccorso va escriure:
> > Hi Saulo
> > 
> > (dropping the merged bugreport)
> > 
> > On Mon, Jul 16, 2012 at 12:42:00PM -0300, Saulo Soares de Toledo wrote:
> > > News about the bug.
> > > I received a response from SATOH Fumiyasu, smbldap-tools developer, about
> > > the problem. It's fixed to smbldap-userlist and smbldap-grouplist at SVN
> > > (revision 135):
> > > 
> > > http://svn.gna.org/viewcvs/smbldap-tools?view=revision&revision=135
> > > 
> > > It's needed check if there are other scripts with failures yet to close 
> > > the
> > > bug.
> > > 
> > > Thanks all!
> > 
> > Cool, thanks for keeping up on that! Indeed the commited solution is
> > much cleaner, safer and better als the eval workaround.
> > 
> > Sergio, Release-Team should be asked, but it seems a little enough
> > change that could have a possiblity to get a freeze-exception for this
> > fix.
> 
> OK, I'll update the package, but maybe we should wait till the end of the week
> and ask for a new release of smbldap-tools, as the one in Debian is already
> outdated.

Please keep in mind that we are in the freeze for wheezy, so we should
have an eye on rules from release-team[1]. So an upload should
preferably only fix some of the 'important' marked bugs in BTS or
changes which absolutely need to go to wheezy.

 [1]: http://release.debian.org/wheezy/freeze_policy.html

> And, anyway, I'm not using smbldap-tools anymore, if anyone on the Cc: list
> wants to take over mainteinance, be my guest, please.

I'm sorry I'm not using smbldap-tools too, tt only appeared on my
'radar' some time ago to remove the Digest::SHA1 dependency which was
one goal of the Debian Perl Group, and now due to the bugreport from
Saulo on libconvert-asn1-perl.

> BTW, I've already have the latest upstream version packaged, but I didn't
> uploaded it because I wanted to see how many debian bugs were closed by it and
> didn't had the time to look into it and test (I planned to use a LXC container
> with a clean installation of a system with OpenLDAP and SAMBA, but I haven't
> been able to work on it in the last weeks).

This is great, as more (important) bugs fixed with a new release the
better. Again, sorry cannot help here good, but maybe Saulo can
provide some feedback?

Regards,
Salvatore


signature.asc
Description: Digital signature

Bug#680939: Bug#681350: libconvert-asn1-perl: "use strict" breaks smbldap-tools

[Sergio Talens-Oliag]

El Mon, Jul 16, 2012 at 08:53:37PM +0200, Salvatore Bonaccorso va escriure:
> Hi Saulo
> 
> (dropping the merged bugreport)
> 
> On Mon, Jul 16, 2012 at 12:42:00PM -0300, Saulo Soares de Toledo wrote:
> > News about the bug.
> > I received a response from SATOH Fumiyasu, smbldap-tools developer, about
> > the problem. It's fixed to smbldap-userlist and smbldap-grouplist at SVN
> > (revision 135):
> > 
> > http://svn.gna.org/viewcvs/smbldap-tools?view=revision&revision=135
> > 
> > It's needed check if there are other scripts with failures yet to close the
> > bug.
> > 
> > Thanks all!
> 
> Cool, thanks for keeping up on that! Indeed the commited solution is
> much cleaner, safer and better als the eval workaround.
> 
> Sergio, Release-Team should be asked, but it seems a little enough
> change that could have a possiblity to get a freeze-exception for this
> fix.

OK, I'll update the package, but maybe we should wait till the end of the week
and ask for a new release of smbldap-tools, as the one in Debian is already
outdated.

And, anyway, I'm not using smbldap-tools anymore, if anyone on the Cc: list
wants to take over mainteinance, be my guest, please.

BTW, I've already have the latest upstream version packaged, but I didn't
uploaded it because I wanted to see how many debian bugs were closed by it and
didn't had the time to look into it and test (I planned to use a LXC container
with a clean installation of a system with OpenLDAP and SAMBA, but I haven't
been able to work on it in the last weeks).

Greetings,

  Sergio.

-- 
Sergio Talens-Oliag
Key fingerprint = 29DF 544F  1BD9 548C  8F15 86EF  6770 052B  B8C1 FA69


signature.asc
Description: Digital signature

Bug#680939: Bug#681350: libconvert-asn1-perl: "use strict" breaks smbldap-tools

[Salvatore Bonaccorso]

Hi Saulo

(dropping the merged bugreport)

On Mon, Jul 16, 2012 at 12:42:00PM -0300, Saulo Soares de Toledo wrote:
> News about the bug.
> I received a response from SATOH Fumiyasu, smbldap-tools developer, about
> the problem. It's fixed to smbldap-userlist and smbldap-grouplist at SVN
> (revision 135):
> 
> http://svn.gna.org/viewcvs/smbldap-tools?view=revision&revision=135
> 
> It's needed check if there are other scripts with failures yet to close the
> bug.
> 
> Thanks all!

Cool, thanks for keeping up on that! Indeed the commited solution is
much cleaner, safer and better als the eval workaround.

Sergio, Release-Team should be asked, but it seems a little enough
change that could have a possiblity to get a freeze-exception for this
fix.

Regards,
Salvatore


signature.asc
Description: Digital signature

Bug#680939: Bug#681350: libconvert-asn1-perl: "use strict" breaks smbldap-tools

[Salvatore Bonaccorso]

Hi Saulo

btw, what smbldap-tools can do, is to workaround this is to use 'eval'.

so in a example something like:

cut-cut-cut-cut-cut-cut-
#!/usr/bin/perl

use strict 'refs';

my $attrs = "[ 'foo', 'bar', ]";
$attrs = eval "$attrs";

push @{$attrs}, 'foobar';

use Data::Dumper 'Dumper';
warn Dumper [$attrs];
cut-cut-cut-cut-cut-cut-

But again, this is more a hack.

Regards,
Salvatore


signature.asc
Description: Digital signature

Bug#680939: Bug#681350: libconvert-asn1-perl: "use strict" breaks smbldap-tools

[Salvatore Bonaccorso]

Hi Saulo

I'm Cc'in the bugreport on smbldap-tools, but I think these two should
be merged and only assigned to smbldap-tools.

On Thu, Jul 12, 2012 at 09:51:54PM -0300, Saulo Soares de Toledo wrote:
> 2012/7/12 Salvatore Bonaccorso 
> 
> > Could you give more information on which problems you see with
> > smbldap-tools? Should the bugreport reassigned to smbldap-tools?
> >
> 
> I've opened the bug report 680939 <680...@bugs.debian.org> to smbldap-tools.
> "Smbldap-tools is a set of perl scripts designed to manage user and
> groupaccounts stored in an LDAP directory." (website description)
> 
> Some scripts of the package simple do not works with use sctrict enabled.
> The Debian version is 0.9.7, but 0.9.8 (latest from developers) do not
> works too. The error returned with smbldap-userlist is:
> 
> Can't use string ("['username','uidNumber','uid']") as an ARRAY ref while
> "strict refs" in use at /usr/share/perl5/Convert/ASN1/_encode.pm line 269.
> 
> Smbldap-tools is needed while using Samba + LDAP. I sent an email do
> smbldap-tools developers about the problem and will update here when I get
> some more information about.

I did not yet dig into it in detail, but this seems a a wrong use in
smbldap-userlist.pl. I see there, that first the $attrs is 'assembled'
as a string in "['username','uidNumber','uid'" . "]" (line 198). Then
it passes to a Net::LDAP object:

cut-cut-cut-cut-cut-cut-
my  $mesg = $ldap_master->search ( base   => $base,
   scope => $config{scope},
   filter => $filter,
   attrs => "$attrs"
   );
cut-cut-cut-cut-cut-cut-

In documentation of Net::LDAP you find the details to the search
options. In particular you see:

cut-cut-cut-cut-cut-cut-
=item attrs =E [ ATTR, ... ]

A list of attributes to be returned for each entry that matches the
search filter.

If not specified, then the server will return the attributes that are
specified as accessible by default given your bind credentials.

Certain additional attributes such as "createTimestamp" and other
operational attributes may also be available for the asking:

  $mesg = $ldap->search( ... ,
 attrs => ['createTimestamp']
   );

To retrieve the default attributes and additional ones, use '*'.

  $mesg = $ldap->search( ... ,
 attrs => ['*', 'createTimestamp']
   );

To retrieve no attributes (the server only returns the DNs of matching
entries), use '1.1':

  $mesg = $ldap->search( ... ,
 attrs => ['1.1']
   );
cut-cut-cut-cut-cut-cut-


So smbldap-userlist.pl. passes a string, where is should be a list.

Btw, you can reproduce the error message easily by:

cut-cut-cut-cut-cut-cut-
#!/usr/bin/perl

use strict 'refs';

my $attrs = "[ 'foo', 'bar', ]";

push @{$attrs}, 'foobar';

use Data::Dumper 'Dumper';
warn Dumper [$attrs];
cut-cut-cut-cut-cut-cut-

You see, here if you remove the "use strict 'refs'" again, it does not
throw out the "Can't use string ("[ 'foo', 'bar', ]") as an ARRAY ref
while "strict refs" in use at testcase_broken.pl line 7.".

Correctly it would be:

cut-cut-cut-cut-cut-cut-
#!/usr/bin/perl

use strict 'refs';

my $attrs = [ 'foo', 'bar', ];

push @{$attrs}, 'foobar';

use Data::Dumper 'Dumper';
warn Dumper [$attrs];
cut-cut-cut-cut-cut-cut-

Conclusion: I'm more convinced that is a real bug in smbldap-tools and
we surely should not remove the "use strict;" from
libconvert-asn1-perl.

Regards,
Salvatore


signature.asc
Description: Digital signature