[Koha-bugs] [Bug 17717] process_message_queue.pl: Can't locate Authen/CAS/Client/ Response/Failure.pm

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Aug 8 23:56:32 CEST 2017 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17717

Marco Moreno <mmoreno at pobox.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mmoreno at pobox.com
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |---

--- Comment #40 from Marco Moreno <mmoreno at pobox.com> ---
This issue is NOT fixed in 17.05.  I'm seeing this now after having upgraded
from 16.11.  However, I've discovered some things that might be helpful.

As Chris mentioned, this appears to be a bug with base.pm (IMO).  Perhaps it's
behavior has changed due to this security resolution that forces Perl to die if
a required module is cannot be read when traversing @INC:
https://rt.perl.org/Public/Bug/Display.html?id=113422

According to this post, base.pm may attempt to require a module that does not
exist and traverse the entire @INC array:
https://rt.cpan.org/Public/Bug/Display.html?id=106552#txn-1589169
Evidently, it dies as soon as it encounters a directory it cannot read.

Avoiding '.' in PERL5LIB doesn't really help since Perl already includes '.' in
@INC (also a security concern???).  Working around this means either ensuring
that '.' points to a directory that can be read (e.g. "cd /tmp") or modifying
the @INC array to remove '.' from it.

The latter seems better so I modified the BEGIN block in
/usr/share/koha/bin/kohalib.pl like this:

-------------------------------------
use strict;
#use warnings; FIXME - Bug 2505

my $module_dir;
BEGIN {
    $module_dir = '/usr/share/koha/lib';
    die if $module_dir =~ /^[_]{2}PERL_MODULE_DIR[_]{2}$/;
    @INC = grep {$_ ne '.'} @INC;
}

use lib $module_dir;

1;
-------------------------------------

This also allows the change to be in one place and avoid having to insert a 'cd
/tmp' for each cron job.

I'm running Perl 5.22 - I wonder if it's fixed in 5.24.

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list