CVS commit: pkgsrc/www/p5-CGI-Simple

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/p5-CGI-Simple
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Thu, 8 Sep 2011 19:49:45 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Thu Sep  8 19:49:45 UTC 2011

Modified Files:
        pkgsrc/www/p5-CGI-Simple: Makefile distinfo

Log Message:
Update to 1.113 based on a patch by Stephan Tesch.

1.113   2010-12-27
      - (thanks to Yamada Masahiro) randomise multipart boundary string
        (security).

      - Numerous changes from Mark Stosberg:

        Port max-age support from CGI.pm, to improve compatibility and
        RFC-compliance

        Correct header comment in cookie.t

        It claims that is a simple copy/paste/modify from CGI.pm's test
        by the same name, but this has not been true for some time--
        CGI::Simple added

        httponly tests that CGI.pm lacks, for example.

        Sync cookie references with CGI.pm: add reference to the
        newer RFC 2695

        "Interface to browse cookies" looks like it was typo for
        "browser". HTTP is more precise.

        Fix awkward "CGI::Simple.pm" language. It looks like it probably
        originated from the CGI.pm form. "CGI::Simple" is used instead.

        Best Practice: eliminate indirect object notation from new(),
        parse() and fetch() calls

        Security: Fix handling of embedded malicious newlines in header
          values This is a direct port of the same security fix that

        Security: use a random MIME boundary by default in
          multipart_init(). This is a direct port of the same issue
          which was addressed in CGI.pm, preventing some kinds of
          potential header injection attacks.

        Port from CGI.pm: Fix multi-line header parsing.
          This fix is covered by the tests in t/header.t added in
          the previous patch. If you run those tests without this
          patch, you'll see how the headers would be malformed
          without this fix.

        Port CRLF injection prevention from CGI.pm

        Optimize Vars(): Don't build %hash if we aren't going to use it.

        Micro-optimization to Vars(): Don't call "tie" unless we need to.

      - Numerous changes from K. Berov:

        Added "+" to the mime character class.

        Added tests for C<$mime = $q->upload_info( $filename, 'mime' );>

        Fixed wrong match for mimetypes. Example: matched only
        'application/vnd' instead of 'application/vnd.ms-excel'.

        Added "\." to the mime character class


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/p5-CGI-Simple/Makefile
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/p5-CGI-Simple/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/devel/cgdb
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/devel/cgdb
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index