perl-CGI/perl-CGI.changes

-------------------------------------------------------------------
Thu Oct 10 18:26:10 UTC 2013 - darin@darins.net

- update to 3.63
  * CR escaping for Set-Cookie and P3P headers was improved. There was potential
    for newline injection in these headers. 

- changes from 3.62: 
  - Changed how the  deprecated endform function was defined for compatibilty
    with the development version of Perl. 
   Fix failures in t/tmpdir.t when run as root
    https://github.com/markstos/CGI.pm/issues/22, RT#80659)

   Made it possible to force a sorted order for things like hash
    attributes so that tests are not dependent on a particular hash
    ordering. This will be required in modern perls which will
    change the ordering per process. (Yves, RT#80659)

    For complete changelog see:
        http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes

-------------------------------------------------------------------
Sat Nov 12 09:46:11 UTC 2011 - pascal.bleser@opensuse.org

- update to 3.58: documentation improvements:
  * clarify that using query_string() only has defined behavior when using the
    GET method (RT#60813)

-------------------------------------------------------------------
Thu Nov 10 11:51:13 UTC 2011 - pascal.bleser@opensuse.org

- update to 3.57:
  * Test::More requirement has been bumped to 0.98

- changes from 3.56:
  * SECURITY: use public and documented FCGI.pm API in CGI::Fast: CGI::Fast was
    using an FCGI API that was deprecated and removed from documentation more
    than ten years ago; usage of this deprecated API with FCGI >= 0.70 or FCGI
    <= 0.73 introduces a security issue CVE-2011-2766

-------------------------------------------------------------------
Wed Aug 24 21:33:47 UTC 2011 - chris@computersalat.de

- fix deps
  * Test::More >= 0.88 (done_testing)
- fix build for
  * openSUSE > 1140 (shebang), SLE_10, SLE_11, RHEL, CentOS
- remove Author from desc

-------------------------------------------------------------------
Tue Aug 23 15:03:43 UTC 2011 - lars@linux-schulserver.de

- update to 3.55:
  + [THINGS THAT MAY BREAK YOUR CODE]
    url() was fixed to return "PATH_INFO" when it is explicitly requested
    with either the path=>1 or path_info=>1 flag.
    If your code is running under mod_rewrite (or compatible) and you are 
    calling self_url() or you are calling url() and passing path_info=>1, 
    These methods will actually be returning PATH_INFO now, as you have 
    explicitly requested, or has self_url() has requested on your behalf.
  
    The PATH_INFO has been omitted in such URLs since the issue was 
    introduced in the 3.12 release in December, 2005. 
     
    This bug is so old your application may have come to depend on it or
    workaround it. Check for application before upgrading to this release.
  + The DELETE HTTP verb is now supported (RT#52614)
  + [NEW FEATURES]
    - A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to 
      explicitly exclude a particular scope from triggering printing to 
      the browser when fatatlsToBrowser is set. (RT#62783)
    - The <script> tag now supports the "charset" attribute.
      (RT#62907)
    - In CGI::Cookie, "Max-Age" is now supported for better 
      spec compliance.
  + Further improvements have been made to guard against newline
    injections in headers

-------------------------------------------------------------------
Fri Dec 24 21:15:30 UTC 2010 - lars@linux-schulserver.de

- update to 3.50:
  * Fixed two security issues: 
  ** The MIME boundary in multipart_init is now random.
  ** Further improvements to handling of newlines embedded in header 
     values. An exception is thrown if header values contain 
     invalid newlines.
  * Correcting/clarifying documentation for param_fetch().
  * Fixing https test in http.t.
  * Tests were added for multipart_init().

-------------------------------------------------------------------
Wed Dec  1 13:30:54 UTC 2010 - coolo@novell.com

- switch to perl_requires macro

-------------------------------------------------------------------
Tue Sep 14 22:41:24 UTC 2010 - chris@computersalat.de

- update to 3.49
  *  [BUG FIXES]
     1. Fix a regression since 3.44 involving a case when the header
        includes "Content-Length: 0". 
        Thanks to Alex Vandiver (RT#51109)
     2. Suppress uninitialized warnings under -w. Thanks to burak.
        (RT#50301)
     3. url() now uses virtual_port() instead of server_port().
        Thanks to MKANAT and Yanick Champoux. (RT#51562)
  *  [SECURITY]
     1. embedded newlines are now filtered out of header values in header(). 
        Thanks to Mark Stosberg and Yanick Champoux.
  *  [DOCUMENTATION]
     1. README was updated to reflect that CGI.pm was moved under ./lib. 
        Thanks to Alex Vandiver.
  *  [INTERNALS]
     1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
     2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599)
- recreated by cpanspec 1.78
- noarch pkg

-------------------------------------------------------------------
Wed Dec  9 13:15:06 UTC 2009 - bitshuffler #suse@irc.freenode.org

- Updated to 3.48

-------------------------------------------------------------------
Sun Nov 30 03:46:42 CET 2008 - lars@linux-schulserver.de

- initial changelog seems to be lost
- update from 3.38 to 3.42