[pkgsrc/trunk]: pkgsrc/www/p5-CGI-Session - updated to 4.35

[rhaen <rhaen%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2016f2f90c93
branches:  trunk
changeset: 544704:2016f2f90c93
user:      rhaen <rhaen%pkgsrc.org@localhost>
date:      Fri Jul 18 09:43:35 2008 +0000

description:
- updated to 4.35

ChangeLog:
4.34 - Sunday, July 13, 2008
    * SECURITY: Patch CGI::Session::Driver::file to stop \ and / characters being used in
           session ids and hence in file names. These characters, possibly combined with '..',
           could have been used to access files outside the designated session file directory.
           Reported by TAN Chew Keong of vuln.sg.
    * FIX: Patch CGI::Session to propagate error upwards when _load_pluggables() fails.
           See RT#37628 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490198.
    * INTERNAL: Ship a machine-readable version of this file under the name Changelog.ini.
           The latter file is generated by ini.report.pl, which is shipped with Module::Metadata::Changes.
           The reason Changelog.ini does not contain a separate section for each version in this file
           is that some of the versions documented below have no datestamp, and ini.report.pl does not create
           fake datestamps.

4.33 - Monday, July 7, 2008
    * FIX: Patch CGI::Session::Driver::mysql to replace 'REPLACE INTO ...' with
           'INSERT INTO ... ON DUPLICATE KEY UPDATE ...'. See RT#37069.
           Thanks to Steve Kirkup for the patch. I (Ron) installed MySQL V 5.0.51a for testing.
           Note: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html and similar docs
           list various MySQL errors fixed recently for the above new syntax. Also, the new version
           is now much more like the Postgres code, which is another reason it has been adopted.
    * FIX: t/mysql.t used to test setting the global variable $CGI::Session::MySQL::TABLE_NAME.
           The test for this (in t/mysql.t) was introduced in V 4.00_09.
           However, since V 4.29_1, changes to CGI::Session::Driver's new() method mean
           this way of setting the session table's name no longer works, and so the variable
           $CGI::Session::MySQL::TABLE_NAME is now not used. Hence it has been removed.
           Code in CGI::Session::Driver::DBI used to set $class::TABLE_NAME for all database drivers.
           This code has also been removed. Moral: Don't use global variables.
           Call $session = CGI::Session -> new(..., ..., (TableName => 'new_name'}) or,
           after creating the object, call $session -> table_name('new_name').
           To retrieve the name, call $name = $session -> table_name().

4.32 - Tuesday, June 17, 2008
    * FIX: Packaging of 4.31 release was botched.

4.31 - Tuesday, June 10, 2008
    * FIX: Patch CGI::Session::Driver::DBI to check that the DBI handle still exists before trying
           to ping it. This handles the case where the DBI object is destroyed before the session object.
           See RT#35925.
    * FIX: Patch CGI::Session::Driver::DBI's remove() which still hard-coded the column name 'id' instead
           of using the new feature which allows the user to specify the name of the column. See RT#36235.
    * FIX: Patch POD yet again to emphasize that an explicit call to destroy() should be followed by
           explicit call to flush(), in particular in the case where the program is not exiting and
           hence auto-flushing is not activated. Sections patched are 'A Warning about Auto-flushing'
           and the docs for delete(). See RT#34668.

4.30 - Friday, April 25, 2008

    * FIX: Patch POD for CGI::Session in various places, to emphasize even more that auto-flushing is
           unreliable, and that flush() should always be called explicitly before the program exits.
           The changes are a new section just after SYNOPSIS and DESCRIPTION, and the PODs for flush(),
           and delete(). See RT#17299 and RT#34668
    * NEW: Add t/new_with_undef.t and t/load_with_undef.t to explicitly demonstrate the effects of
           calling new() and load() with various types of undefined or fake parameters. See RT#34668
    * FIX: Patch POD for new() and load() to clarify the result of calling these with undef, or with
           an initialized CGI object with an undefined or fake CGISESSID. See RT#34668.
           Specifically: You are strongly advised to run the old-fashioned
           'make test TEST_FILES=t/new_with_undef.t TEST_VERBOSE=1' or the new-fangled
           'prove -v t/new_with_undef.t', for both new*.t and load*.t, and examine the output
    * FIX: Patch POD in various tiny ways to improve the grammar

4.29_2 - Thursday, March 27, 2008

    * FIX: stop ExtUtils::MakeMaker trying to create Build.PL (Ron Savage)
    * FIX: Disable trying to use utf8 in tests. (Ron Savage) Ref RT#21981, RT#28516

4.29_1 - Saturday, March 15, 2008

    Special Thanks to Ron Savage who did the bulk of the work to put this release together.

    * FIX: Patch CGI::Session to fix RT#29138 (Patch by Barry Friedman)
    * NEW: Add a note to CGI::Session's POD referring to utf8 problems, and include references
           to RT#21981 (Reported by erwan) and RT#28516 (Reported by jasoncrowther)
    * FIX: Patch CGI::Session::Driver::DBI.pm to fix RT#24601 (Patch by latypoff)
    * FIX: Patch CGI::Session::Driver::DBI.pm to fix RT#24355 (Reported by fenlisesi, patch by Ron Savage)
        * NEW: Add t/bug24285.t to ensure session data files are created properly when the user specifies a
           directory other than /tmp (Reported by William Pearson RT#24285, patch by Ron Savage)
    * FIX: Patch t/ip_matches.t and t/bug21592.t to remove test files left in /tmp, to fix RT#29969
           (Reported by ANDK, patch by Ron Savage)
    * FIX: Patch POD for CGI::Session::Driver::file to clarify how to use the option to change the
           file name pattern used to created session files (Report by appleaday RT#33635,
           patch by Ron Savage)
    * FIX: Patch CGI::Session::Driver::sqlite to add sub DESTROY to fix RT#32932
           (Patch by Alexander Batyrshin, corrected by Ron Savage)
    * FIX: Remove CGI::Session::Seralize::json and t/g4_dbfile_json.t until such time as this code
           can be made to work reliably. Both JSON::Syck and JSON::XS have been tried, and in both
           cases t/g4_dbfile_json.t dies horribly (but differently). Patch POD for CGI::Session to
           remove references to JSON. RT#25325 (Reported by bkw, patch by Ron Savage)
    * NEW: Patch CGI::Session's POD and load() to allow the session/cookie name default of CGISESSID
           to be overridden. (Patch by Lee Carmichael RT#33437, reformatted by Ron Savage). Lee has
           also patched t/name.t to test the new functionality
    * NEW: Split CGI::Session::Serialize::yaml out into its own distro. Get it hot from CPAN!
    * NEW: Add Build.PL for Module::Build users. This also requires adding PL_FILES => {}
           to Makefile.PL to beat ExtUtils::MakeMaker over the head, otherwise it executes
           'perl Build.PL Build'
    * NEW: Support specification of both the id column name and the a_session column name in the
           sessions table, by extending the options acceptable in CGI::Session->new(..,..,{here}).
           Allow:   {TableName => 'session',  IdColName => 'my_id', DataColName => 'my_data'}.
           Default: {TableName => 'sessions', IdColName => 'id',    DataColName => 'a_session'}.
           Allow any 1, 2 or 3 of these options. Missing keys default as specified.
           (Patch by Chris RT#2224. Implemented differently by Ron Savage). Supported drivers:
           o MySQL (native to CGI::Session)
           o ODBC (separate distro, CGI::Session::Driver::odbc V 1.01)
           o Oracle (separate distro, CGI::Session::Driver::oracle V 1.01)
           o Postgres (native)
           o SQLite (native)

diffstat:

 www/p5-CGI-Session/Makefile |  6 ++----
 www/p5-CGI-Session/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 8 deletions(-)

diffs (34 lines):

diff -r 4b4e517c862f -r 2016f2f90c93 www/p5-CGI-Session/Makefile
--- a/www/p5-CGI-Session/Makefile       Fri Jul 18 09:36:52 2008 +0000
+++ b/www/p5-CGI-Session/Makefile       Fri Jul 18 09:43:35 2008 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.9 2007/07/07 09:45:55 heinz Exp $
+# $NetBSD: Makefile,v 1.10 2008/07/18 09:43:35 rhaen Exp $
 
-DISTNAME=              CGI-Session-4.20
+DISTNAME=              CGI-Session-4.35
 PKGNAME=               p5-${DISTNAME}
 SVR4_PKGNAME=          p5ses
 CATEGORIES=            www perl5
@@ -12,8 +12,6 @@
 PKG_DESTDIR_SUPPORT=   user-destdir
 PKG_INSTALLATION_TYPES=        overwrite pkgviews
 
-USE_LANGUAGES=         # empty
-
 PERL5_PACKLIST=                auto/CGI/Session/.packlist
 
 .include "../../lang/perl5/module.mk"
diff -r 4b4e517c862f -r 2016f2f90c93 www/p5-CGI-Session/distinfo
--- a/www/p5-CGI-Session/distinfo       Fri Jul 18 09:36:52 2008 +0000
+++ b/www/p5-CGI-Session/distinfo       Fri Jul 18 09:43:35 2008 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.4 2007/03/16 20:41:22 wiz Exp $
+$NetBSD: distinfo,v 1.5 2008/07/18 09:43:35 rhaen Exp $
 
-SHA1 (CGI-Session-4.20.tar.gz) = a8bdcc63b897ce53c965a5f20b07097c8cd085bf
-RMD160 (CGI-Session-4.20.tar.gz) = 75f6a62283c884442a0408954215a32f1f0c41e6
-Size (CGI-Session-4.20.tar.gz) = 70995 bytes
+SHA1 (CGI-Session-4.35.tar.gz) = 76d43e1961ee0a31344a239a153ebc9661d2b396
+RMD160 (CGI-Session-4.35.tar.gz) = 1b41da015f7e269971be04991c0a57dd90790e85
+Size (CGI-Session-4.35.tar.gz) = 69777 bytes