Bug #22412 for RPM-VersionSort: Incorrect comparisons of numeric & non-numeric segments

Sun Oct 22 07:40:59 2006 rpm [...] beer.org.uk - Ticket created

Subject:	Incorrect comparisons of numeric & non-numeric segments
Date:	Sun, 22 Oct 2006 12:40:29 +0100 (BST)
To:	bug-RPM-VersionSort [...] rt.cpan.org
From:	"Vic" <rpm [...] beer.org.uk>

The RPM::VersionSort module has a bug in the way segments are compared when they are of different types - at present, rpmvercmp ('34.EL', '34.0.2.EL') returns -1, and rpmvercmp ('34.0.2.EL', '34.EL') also returns -1. This is down to the way segments are handled in VersionSort.xs. A quick browse through the upstream code in rpm gives this snippet :- oldch1 = *str1; *str1 = '\0'; oldch2 = *str2; *str2 = '\0'; /* take care of the case where the two version segments are */ /* different types: one numeric, the other alpha (i.e. empty) */ if (one == str1) return -1; /* arbitrary */ /* XXX See patch #60884 (and details) from bugzilla #50977. */ if (two == str2) return (isnum ? 1 : -1); if (isnum) {

Sun Oct 22 12:22:43 2006 hag [...] linnaean.org - Correspondence added

Subject:	[rt.cpan.org #22412] Incorrect comparisons of numeric & non-numeric segments
Date:	Sun, 22 Oct 2006 12:22:03 -0400
To:	bug-RPM-VersionSort [...] rt.cpan.org
From:	Daniel Hagerty <hag [...] linnaean.org>

Sigh. Go, redhat. The perl phrase "rpmvercmp('x', 'y')" has a fixed meaning in time of being the version comparison function of RPM < 4.2.0.55. Changing it breaks the expectations of historical code, which isn't somewhere I'm willing to go (having had to fix way too much historical code when an API is changed without thought to its consequences to existing code -- even if the old behavior was incorrect, it still has exciting consequences). You should probably being using the redhat maintained RPM.pm unless you have compelling reasons not to; I'd rather see this module called deprecated/superseded than try to fix yet another redhat mess. An actual attempt at a fix should present several functions: the unchanged semantic of rpmvercmp being the algorithm of rpm < 4.2.0.55, a 3 argument function with some kind of version selector, and perhaps a third two argument function that's fixed to using the most modern algorithm available. Maybe also some routines related to supported version selectors or something...

Sun Oct 22 12:22:47 2006 The RT System itself - Status changed from 'new' to 'open'

Sun Oct 22 15:23:08 2006 rpm [...] beer.org.uk - Correspondence added

Subject:	Re: [rt.cpan.org #22412] Incorrect comparisons of numeric & non-numeric segments
Date:	Sun, 22 Oct 2006 20:22:30 +0100 (BST)
To:	bug-RPM-VersionSort [...] rt.cpan.org
From:	"Vic" <rpm [...] beer.org.uk>

Show quoted text

> The perl phrase "rpmvercmp('x', 'y')" has a fixed meaning in time > of being the version comparison function of RPM < 4.2.0.55. Changing > it breaks the expectations of historical code, which isn't somewhere > I'm willing to go (having had to fix way too much historical code when > an API is changed without thought to its consequences to existing code > -- even if the old behavior was incorrect, it still has exciting > consequences).

I'm a touch concerned that rpmvercmp('x', 'y') and rpmvercmp('y', 'x') can yield the same results with x != y... Show quoted text

> You should probably being using the redhat maintained RPM.pm > unless you have compelling reasons not to;

AFAIK, there isn't one :-) Show quoted text

> An actual attempt at a fix should present several functions: the > unchanged semantic of rpmvercmp being the algorithm of rpm < 4.2.0.55, > a 3 argument function with some kind of version selector, and perhaps > a third two argument function that's fixed to using the most modern > algorithm available.

If I write a patch, will you incorporate it? Vic.

Sun Oct 22 18:03:58 2006 hag [...] linnaean.org - Correspondence added

Subject:	Re: [rt.cpan.org #22412] Incorrect comparisons of numeric & non-numeric segments
Date:	Sun, 22 Oct 2006 18:03:20 -0400
To:	bug-RPM-VersionSort [...] rt.cpan.org
From:	Daniel Hagerty <hag [...] linnaean.org>

Show quoted text

> I'm a touch concerned that rpmvercmp('x', 'y') and rpmvercmp('y', 'x') can > yield the same results with x != y...

Nonetheless, this is precisely what RPM of that vintage did, and the point of this code is to faithfully reproduce that. Bugs and all. Changing the behavior of an API (especially in cases where some aspect of the API is buggy) ripples unpleasantly. The best case is typically to do as I suggest; invent more API with parametization for selecting your mode of suffering, and document the problem. Old code that counts on the broken behavior doesn't break. Old code that is unaware of the breakage is no more or less broken than it already was, and will be discovered if it causes a problem. New code uses the newer APIs as appropriate to it. Show quoted text

> AFAIK, there isn't one :-)

There's definitely some sort of module in the RPM source I downloaded; I *assume* that redhat actually installs it. Even without it, you can use the rpm shell command to produce sorts in some limited ways (don't ask me how, it was several years ago and I'm blessedly not running anything redhat derived now). Show quoted text

> If I write a patch, will you incorporate it?

Perhaps with style modifications as needed, but certainly in essence. Research into changes of the version sort algorithm may be in order; I'm aware of this one, but there may have been more. The original point of this module was to provide the version sort algorithm to systems without any dependance on the RPM tool chain (I had code doing maint work for RPM based systems that were not themselves RPM based). That's sufficient reason to keep the code alive should someone be in a similar case, but fragility vs redhat arbitrarily changing the version sort spec will come of it. If you *don't* fall into the case of no RPM toolchain where you're doing the version sort, you should be using the standard toolchain, provided that you aren't depending on reproducing what it does on other systems.