1

I have seen some issues with CGI version being updated to v4.51 in CentOS 6.8 machine. I can check the version of CGI using:

perl -MCGI -e 'print $CGI::VERSION ."\n";'

But, I am more interested in knowing when was it updated and by whom, since automatic update of modules is disabled on the system. There could be other Perl modules or CentOS libraries also that might got affected. How can I figure out what has happened, when and by whom?

brian d foy
  • 129,424
  • 31
  • 207
  • 592
Manoj Agarwal
  • 365
  • 2
  • 17
  • try perl -MData::Dumper -MCGI -e 'say Dumper \%INC' It may help to figure out location of loaded module. Also may help: https://stackoverflow.com/questions/2526804/how-is-perls-inc-constructed-aka-what-are-all-the-ways-of-affecting-where-pe – k-mx Mar 10 '21 at 14:06
  • cpan leaves behind some files in /root/.cpan/build, you could look for a CGI-4.51-xxx directory and then look for other directories with a similar timestamp. You might find that it was updated as a dependency of some other module, which would at least give you something to ask questions about. – AKHolland Mar 10 '21 at 15:13

1 Answers1

2

Other than looking at file attributes, there's nothing that the cpan clients do to log how it did what when.

This is one of the reasons that I encourage people to keep a project directory for CPAN modules (perhaps with local::lib) so they can control the versions of the modules they depend on without disturbing other projects. There are other solutions, such as Pinto, that attempt to manage this too.

A comment already notes that the cpan clients will update modules and their dependencies to the latest versions of things on CPAN. If CGI was the dependency of another update, it may have been implicitly updated.

brian d foy
  • 129,424
  • 31
  • 207
  • 592
  • Re "*there's nothing that the cpan clients do to log how did what when.*", There is `perldoc perllocal`. If the module was installed by *, the installation is appended to `perllocal.pod`. It'll say when the module was installed, but not by whom. (* I presume both EU::MM and M::B do this.) Of course, there would be no log of this if the module was installed using the system's package manager instead of `cpan`/`cpanm`. But I expect there would be a log of that somewhere...? – ikegami Mar 11 '21 at 01:53