Bug 3906

Summary: JSON::RPC 1.01 is incompatible with Bugzilla
Product: Mageia Reporter: Frédéric "LpSolit" Buclin <LpSolit>
Component: RPM PackagesAssignee: Olav Vitters <olav>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: dmorganec, jquelin, olav
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
See Also: https://bugzilla.mozilla.org/show_bug.cgi?id=706753
Whiteboard:
Source RPM: perl-JSON-RPC-1.10.0-1.mga2 CVE:
Status comment:

Description Frédéric "LpSolit" Buclin 2011-12-28 15:23:09 CET 
Cauldron upgraded JSON::RPC from 0.96 to 1.01, but as mentioned by the author of JSON::RPC, the 1.x series is incompatible with code written for the 0.x series. This upgrade breaks Bugzilla (all versions). Maybe some other applications are affected by this upgrade too.
Comment 1 Manuel Hiebel 2011-12-28 15:50:11 CET 
Hi, thanks for reporting this bug.
As there is no maintainer for this package I added the committers in CC.

(Please set the status to 'assigned' if you are working on it)

Assignee: bugsquad => jquelin

Comment 2 Jerome Quelin 2012-01-01 14:20:27 CET 
this is a report you want to report upstream. agreed, they do know it since they state:

    If you are using old JSON::RPC code (up to 0.96), DO NOT EXPECT
    YOUR CODE TO WORK. THIS VERSION IS BACKWARDS INCOMPATIBLE.

maybe the best would be to report against bugzilla upstream?

so, i don't really know what you want me to do? i will not downgrade perl-JSON-RPC to 0.96, since mageia is shipping modules as they are on cpan... what is possible is to add a conflict either on bugzilla or perl-JSON-RPC package... so, what do you expect from me?
Comment 3 Frédéric "LpSolit" Buclin 2012-01-01 14:46:01 CET 
(In reply to comment #2)
> maybe the best would be to report against bugzilla upstream?

This bug has already been reported upstream, see bug 706753 on bmo.


> so, i don't really know what you want me to do? i will not downgrade
> perl-JSON-RPC to 0.96

Well, ideally, and as because JSON::RPC 1.01 states in bold that its new code is incompatible with previous versions, it would have been good to check which applications in Mageia depend on JSON::RPC, and do an audit to make sure this upgrade doesn't break anything. I don't remember the command to check the dependency chain with rpm, but someone who knows should run it.

Meanwhile, and because you are lucky enough to know the exact version you have in Cauldron (contrary to upstream where they have to assume that any version of JSON::RPC can be installed, depending on the distro), you could patch Bugzilla to change one single line in Bugzilla/WebService/Server/JSONRPC.pm, as explained here:

 https://bugzilla.mozilla.org/show_bug.cgi?id=706753#c12

-use base qw(JSON::RPC::Server::CGI Bugzilla::WebService::Server);
+use base qw(JSON::RPC::Legacy::Server::CGI Bugzilla::WebService::Server);

bkor could easily do it, and drop the patch once a newer version of Bugzilla is released. The same patch should also force Bugzilla to depend on JSON::RPC 1.01 as a minimum, to force Cauldron users to upgrade to this version of JSON::RPC.

Note that this problem doesn't affect Mageia 1, as JSON::RPC 0.96 is still in use.

Reassigning to bkor and cc'ing dmorgan, as the change must be done into the bugzilla RPM.

CC: (none) => dmorganec, jquelin, olav
See Also: (none) => https://bugzilla.mozilla.org/show_bug.cgi?id=706753
Assignee: jquelin => olav

Comment 4 Olav Vitters 2012-01-01 15:06:17 CET 
4.0.3-2 submitted.

Status: NEW => ASSIGNED

Comment 5 Olav Vitters 2012-01-01 15:12:38 CET 
built. please reopen if still a problem

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED