Subject: CVS commit: [pkgsrc-2006Q1] pkgsrc/www/p5-CGI-Session
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 03/31/2006 03:31:34
Module Name:	pkgsrc
Committed By:	snj
Date:		Fri Mar 31 03:31:34 UTC 2006

Modified Files:
	pkgsrc/www/p5-CGI-Session [pkgsrc-2006Q1]: Makefile distinfo

Log Message:
Pullup ticket 1289 - requested by Lubomir Sedlacik
security update for p5-CGI-Session

Revisions pulled up:
- pkgsrc/www/p5-CGI-Session/Makefile	1.7
- pkgsrc/www/p5-CGI-Session/distinfo	1.3

   Module Name:    pkgsrc
   Committed By:   salo
   Date:           Thu Mar 30 12:55:38 UTC 2006

   Modified Files:
           pkgsrc/www/p5-CGI-Session: Makefile distinfo

   Log Message:
   Update to version 4.09

   Includes security fixes for:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1279
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1280

   Changes:

   4.09:
   =====
   - SECURITY: Applying security patch from:
     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555 (Julien
   Danjou)

   4.08:
   =====
   - FIX: DESTROY was sometimes wiping out exception handling. RT#18183,
     Matt LeBlanc.
   - SECURITY: Resolve some issues in:
     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555
         - db_file and file now check for symlinks either explicitly or by
           using O_EXCL on sysopen
         - file creation umask defaults to 660
   - NEW: db_file and file drivers now accepts a UMask option. (Matt
     LeBlanc)
   - INTERNAL: test suite clean up (Tyler MacDonald)

   4.07:
   =====
   - INTERNAL: MANIFEST update to fix release.

   4.06:
   =====
   - INTERNAL: MANIFEST update to fix release.

   4.06:
   =====
   - FIX: some stray warnings when flushing:  "Use of uninitialized value
     in numeric eq (==)" (RT#14603)
   - NEW: JSON and YAML serializers (Tyler MacDonald)
   - INTERNAL: CGI::Session::Test::Default accepts a "skip" argument,
     listing tests that should be skipped. (Tyler)

   4.05:
   =====
   - FIX: Race condition fixed when writing to session files (RT#17949)

   4.04:
   =====
   - NEW: File driver now has option to disable flock (for those running
     Win 9x, VMS, MacPerl, VOS and RISC OS). (Matt LeBlanc)
   - FIX: If DBI driver wass initialized using 'Handle',
     Driver::DBI::init() returned false, and Driver::new() thought init
     faild and kept returning undef. The problem was fixed by making sure
     Driver::DBI::init() returned true. (Sherzod)
   - Added .*cgisess.* to disclude cgisess.db, cgisess.id, and any session
     files created in the t directory. (Matt LeBlanc)
   - FIX: File driver now respects $CGI::Session::File::FileName for 3.9x
     compatibility. (Matt LeBlanc)
   - FIX: Default serializer now properly handles data structures that
     appear more than once in the serialized data structure (before it'd
     result in data structures that were equivalent but did not have the same
     address). (Matt LeBlanc)
   - FIX: File driver now localizes the filehandle to avoid any possibility
     of extended locking in persistent environments (Matt LeBlanc)
   - FIX: File driver now locks the file when retrieving the session data
     (Matt LeBlanc)
   - NEW: DBI Drivers now support a lazy loaded database handle. This is
     useful with the CGI::Application plugin system. If the session is
     never used, the database handle may not not need to be created. The
     syntax is to use a code ref: Handle => sub {DBI->connect} (Mark
     Stosberg)

    Finally, be aware that since 4.0 some people have reported problems
    with the auto-flushing code. There may be an unresolved. You always
    call flush() to be safe. Input or code contributions for the issue
    are appreciated. Some related tickets include:

       http://rt.cpan.org/Public/Bug/Display.html?id=14604
       http://rt.cpan.org/Public/Bug/Display.html?id=16861
       http://rt.cpan.org/Public/Bug/Display.html?id=17541
       http://rt.cpan.org/Public/Bug/Display.html?id=17299

   4.03:
   =====
   - FIX: automatic flushing did not work if session object was global
   - FIX: Default serializer can now serialize objects (Matt LeBlanc)
   - INTERNAL: SQLite driver no longer needs MIME::Base64 for encoding
     (Matt LeBlanc)

   4.02:
   =====
   - FIX: remote_addr() was missing (RT #14414])

   4.01:
   =====
   - FIX: Minor POD fix

   4.00:
   =====
    *** NOTE ***

    The 4.0 release represents a major overhaul of the CGI::Session code
    base.  Care has been taken to be 100% compatible with applications
    developed with 3.x.  However, you are encouraged to run regression
    tests with your own applications before using this in production.

   - NEW: PostgreSQL driver enhanced to work better with binary serializers
     (Matt LeBlanc)
   - FIX: update to un tainting in default serializer to make "-T" happy
     (Matt LeBlanc)
   - FIX: CGI::Session (qw/-ip_match/), a 3.x feature, works again (Shawn
     Sorichetti)
   - INTERNAL: Improved documentation shown during "make", which explains
     how to run database-driven tests. (Mark Stosberg)
   - FIX: to support binary serializers SQLite driver uses MIME::Base64
     (Sherzod Ruzmetov)

   4.00_09:
   ========
   - CHANGE: Starting with 4.0, it will no longer work to use the syntax of
     CGI::Session::DriverName(). This hasn't been a documented API since
     CGI::Session 2.94, released in August, 2002.
   - FIX: documented etime(), which was present in 3.x (Mark Stosberg)
   - FIX: Added code, test and docs to make $CGI::Session::File::FileName
     work, for 3.x compatibility. (Mark Stosberg)
   - FIX: Providing an expire time like "-10" now works (Mark Stosberg)
   - FIX: Restored close() method, for 3.x compatibility. (Mark Stosberg)
   - FIX: Make ->clear('email') work, for 3.95 compatibility (Mark
     Stosberg)
   - FIX: Added back is_new() for compatibility with 3.95. (Mark Stosberg)
   - FIX: Support for CGI::Simple is confirmed, resolving RT#6141 (Mark
     Stosberg)
   - FIX: Add code and tests for $CGI::Session::MySQL::TABLE_NAME, which
     worked in 3.x (Mark Stosberg)
   - DOCS: CGI::Session now has a public Subversion repository, thanks to
     Jason Crome.  See the bottom of the CGI::Session docs for details.

   4.00_08:
   ========
   - FIX: Changes made in 4.00_07 rolled back

   4.00_07:
   ========
   - FIX: overloaded objects are now stored properly

   4.00_06:
   ========
   - FIX (?): a test script was failing on Win32
   - FIX: inaccurate error reporting in load()

   4.00_05:
   ========
   - FIX: case insensitivity was not enforced properly in
     CGI::Session::parse_dsn()

   4.00_04:
   ========
   - FIX: Minor fix in tests suits and error-checking routines
     of serializers and id-generators

   4.00_03:
   ========
   - NEW: CGI::Session::find() introduced
   - NEW: traverse() introduced into drivers to support
     CGI::Session::find()
   - DOCS: More complete driver specs documented

   4.00_02:
   ========
   - FIX: race conditions in Driver/file.pm pointed out by Martin Bartosch

   4.00_01:
   ========
   - NEW: load() - constructor method to prevent unnecessary session
     creations
   - NEW: is_expired() - method to intercept expired sessions
   - NEW: is_empty() - to intercept requests for un existing sessions
   - NEW: more optimized source code
   - NEW: updated and improved driver specs
   - NEW: standard testing framework
   - NEW: 'sqlite' driver


To generate a diff of this commit:
cvs rdiff -r1.6 -r1.6.2.1 pkgsrc/www/p5-CGI-Session/Makefile
cvs rdiff -r1.2 -r1.2.10.1 pkgsrc/www/p5-CGI-Session/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.