Subject: CVS commit: [pkgsrc-2006Q1] pkgsrc/www/p5-CGI-Session
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 03/31/2006 03:31:34
Module Name: pkgsrc
Committed By: snj
Date: Fri Mar 31 03:31:34 UTC 2006
Modified Files:
pkgsrc/www/p5-CGI-Session [pkgsrc-2006Q1]: Makefile distinfo
Log Message:
Pullup ticket 1289 - requested by Lubomir Sedlacik
security update for p5-CGI-Session
Revisions pulled up:
- pkgsrc/www/p5-CGI-Session/Makefile 1.7
- pkgsrc/www/p5-CGI-Session/distinfo 1.3
Module Name: pkgsrc
Committed By: salo
Date: Thu Mar 30 12:55:38 UTC 2006
Modified Files:
pkgsrc/www/p5-CGI-Session: Makefile distinfo
Log Message:
Update to version 4.09
Includes security fixes for:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1280
Changes:
4.09:
=====
- SECURITY: Applying security patch from:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555 (Julien
Danjou)
4.08:
=====
- FIX: DESTROY was sometimes wiping out exception handling. RT#18183,
Matt LeBlanc.
- SECURITY: Resolve some issues in:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555
- db_file and file now check for symlinks either explicitly or by
using O_EXCL on sysopen
- file creation umask defaults to 660
- NEW: db_file and file drivers now accepts a UMask option. (Matt
LeBlanc)
- INTERNAL: test suite clean up (Tyler MacDonald)
4.07:
=====
- INTERNAL: MANIFEST update to fix release.
4.06:
=====
- INTERNAL: MANIFEST update to fix release.
4.06:
=====
- FIX: some stray warnings when flushing: "Use of uninitialized value
in numeric eq (==)" (RT#14603)
- NEW: JSON and YAML serializers (Tyler MacDonald)
- INTERNAL: CGI::Session::Test::Default accepts a "skip" argument,
listing tests that should be skipped. (Tyler)
4.05:
=====
- FIX: Race condition fixed when writing to session files (RT#17949)
4.04:
=====
- NEW: File driver now has option to disable flock (for those running
Win 9x, VMS, MacPerl, VOS and RISC OS). (Matt LeBlanc)
- FIX: If DBI driver wass initialized using 'Handle',
Driver::DBI::init() returned false, and Driver::new() thought init
faild and kept returning undef. The problem was fixed by making sure
Driver::DBI::init() returned true. (Sherzod)
- Added .*cgisess.* to disclude cgisess.db, cgisess.id, and any session
files created in the t directory. (Matt LeBlanc)
- FIX: File driver now respects $CGI::Session::File::FileName for 3.9x
compatibility. (Matt LeBlanc)
- FIX: Default serializer now properly handles data structures that
appear more than once in the serialized data structure (before it'd
result in data structures that were equivalent but did not have the same
address). (Matt LeBlanc)
- FIX: File driver now localizes the filehandle to avoid any possibility
of extended locking in persistent environments (Matt LeBlanc)
- FIX: File driver now locks the file when retrieving the session data
(Matt LeBlanc)
- NEW: DBI Drivers now support a lazy loaded database handle. This is
useful with the CGI::Application plugin system. If the session is
never used, the database handle may not not need to be created. The
syntax is to use a code ref: Handle => sub {DBI->connect} (Mark
Stosberg)
Finally, be aware that since 4.0 some people have reported problems
with the auto-flushing code. There may be an unresolved. You always
call flush() to be safe. Input or code contributions for the issue
are appreciated. Some related tickets include:
http://rt.cpan.org/Public/Bug/Display.html?id=14604
http://rt.cpan.org/Public/Bug/Display.html?id=16861
http://rt.cpan.org/Public/Bug/Display.html?id=17541
http://rt.cpan.org/Public/Bug/Display.html?id=17299
4.03:
=====
- FIX: automatic flushing did not work if session object was global
- FIX: Default serializer can now serialize objects (Matt LeBlanc)
- INTERNAL: SQLite driver no longer needs MIME::Base64 for encoding
(Matt LeBlanc)
4.02:
=====
- FIX: remote_addr() was missing (RT #14414])
4.01:
=====
- FIX: Minor POD fix
4.00:
=====
*** NOTE ***
The 4.0 release represents a major overhaul of the CGI::Session code
base. Care has been taken to be 100% compatible with applications
developed with 3.x. However, you are encouraged to run regression
tests with your own applications before using this in production.
- NEW: PostgreSQL driver enhanced to work better with binary serializers
(Matt LeBlanc)
- FIX: update to un tainting in default serializer to make "-T" happy
(Matt LeBlanc)
- FIX: CGI::Session (qw/-ip_match/), a 3.x feature, works again (Shawn
Sorichetti)
- INTERNAL: Improved documentation shown during "make", which explains
how to run database-driven tests. (Mark Stosberg)
- FIX: to support binary serializers SQLite driver uses MIME::Base64
(Sherzod Ruzmetov)
4.00_09:
========
- CHANGE: Starting with 4.0, it will no longer work to use the syntax of
CGI::Session::DriverName(). This hasn't been a documented API since
CGI::Session 2.94, released in August, 2002.
- FIX: documented etime(), which was present in 3.x (Mark Stosberg)
- FIX: Added code, test and docs to make $CGI::Session::File::FileName
work, for 3.x compatibility. (Mark Stosberg)
- FIX: Providing an expire time like "-10" now works (Mark Stosberg)
- FIX: Restored close() method, for 3.x compatibility. (Mark Stosberg)
- FIX: Make ->clear('email') work, for 3.95 compatibility (Mark
Stosberg)
- FIX: Added back is_new() for compatibility with 3.95. (Mark Stosberg)
- FIX: Support for CGI::Simple is confirmed, resolving RT#6141 (Mark
Stosberg)
- FIX: Add code and tests for $CGI::Session::MySQL::TABLE_NAME, which
worked in 3.x (Mark Stosberg)
- DOCS: CGI::Session now has a public Subversion repository, thanks to
Jason Crome. See the bottom of the CGI::Session docs for details.
4.00_08:
========
- FIX: Changes made in 4.00_07 rolled back
4.00_07:
========
- FIX: overloaded objects are now stored properly
4.00_06:
========
- FIX (?): a test script was failing on Win32
- FIX: inaccurate error reporting in load()
4.00_05:
========
- FIX: case insensitivity was not enforced properly in
CGI::Session::parse_dsn()
4.00_04:
========
- FIX: Minor fix in tests suits and error-checking routines
of serializers and id-generators
4.00_03:
========
- NEW: CGI::Session::find() introduced
- NEW: traverse() introduced into drivers to support
CGI::Session::find()
- DOCS: More complete driver specs documented
4.00_02:
========
- FIX: race conditions in Driver/file.pm pointed out by Martin Bartosch
4.00_01:
========
- NEW: load() - constructor method to prevent unnecessary session
creations
- NEW: is_expired() - method to intercept expired sessions
- NEW: is_empty() - to intercept requests for un existing sessions
- NEW: more optimized source code
- NEW: updated and improved driver specs
- NEW: standard testing framework
- NEW: 'sqlite' driver
To generate a diff of this commit:
cvs rdiff -r1.6 -r1.6.2.1 pkgsrc/www/p5-CGI-Session/Makefile
cvs rdiff -r1.2 -r1.2.10.1 pkgsrc/www/p5-CGI-Session/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.