rpms/perl/F-8 perl-5.8.8-CGI-3.37.patch, NONE, 1.1 perl.spec, 1.151, 1.152 perl-5.8.8-CGI-3.29.patch, 1.1, NONE
Marcela Mašláňová (mmaslano)
fedora-extras-commits at redhat.com
Mon Jun 9 08:38:52 UTC 2008
- Previous message (by thread): rpms/sugar-toolkit/devel .cvsignore, 1.9, 1.10 sources, 1.10, 1.11 sugar-toolkit.spec, 1.11, 1.12
- Next message (by thread): rpms/alsa-lib/F-8 alsa-lib-1.0.16-no-dox-date.patch, NONE, 1.1 alsa-lib.spec, 1.64, 1.65 sources, 1.34, 1.35
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mmaslano
Update of /cvs/pkgs/rpms/perl/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17612
Modified Files:
perl.spec
Added Files:
perl-5.8.8-CGI-3.37.patch
Removed Files:
perl-5.8.8-CGI-3.29.patch
Log Message:
Update CGI to 3.37 because of UTF-8 issue.
perl-5.8.8-CGI-3.37.patch:
--- NEW FILE perl-5.8.8-CGI-3.37.patch ---
diff -up perl-5.8.8/lib/CGI/Apache.pm.crr perl-5.8.8/lib/CGI/Apache.pm
diff -up perl-5.8.8/lib/CGI/Carp.pm.crr perl-5.8.8/lib/CGI/Carp.pm
--- perl-5.8.8/lib/CGI/Carp.pm.crr 2006-01-08 17:39:12.000000000 +0100
+++ perl-5.8.8/lib/CGI/Carp.pm 2008-03-27 15:23:36.000000000 +0100
@@ -102,7 +102,7 @@ CGI::Carp methods is called to prevent t
=head1 MAKING PERL ERRORS APPEAR IN THE BROWSER WINDOW
-If you want to send fatal (die, confess) errors to the browser, ask to
+If you want to send fatal (die, confess) errors to the browser, ask to
import the special "fatalsToBrowser" subroutine:
use CGI::Carp qw(fatalsToBrowser);
@@ -114,6 +114,9 @@ occur in the early compile phase will be
Nonfatal errors will still be directed to the log file only (unless redirected
with carpout).
+Note that fatalsToBrowser does B<not> work with mod_perl version 2.0
+and higher.
+
=head2 Changing the default message
By default, the software error message is followed by a note to
@@ -142,6 +145,42 @@ of the error message that caused the scr
In order to correctly intercept compile-time errors, you should call
set_message() from within a BEGIN{} block.
+=head1 DOING MORE THAN PRINTING A MESSAGE IN THE EVENT OF PERL ERRORS
+
+If fatalsToBrowser in conjunction with set_message does not provide
+you with all of the functionality you need, you can go one step
+further by specifying a function to be executed any time a script
+calls "die", has a syntax error, or dies unexpectedly at runtime
+with a line like "undef->explode();".
+
+ use CGI::Carp qw(set_die_handler);
+ BEGIN {
+ sub handle_errors {
+ my $msg = shift;
+ print "content-type: text/html\n\n";
+ print "<h1>Oh gosh</h1>";
+ print "<p>Got an error: $msg</p>";
+
+ #proceed to send an email to a system administrator,
+ #write a detailed message to the browser and/or a log,
+ #etc....
+ }
+ set_die_handler(\&handle_errors);
+ }
+
+Notice that if you use set_die_handler(), you must handle sending
+HTML headers to the browser yourself if you are printing a message.
+
+If you use set_die_handler(), you will most likely interfere with
+the behavior of fatalsToBrowser, so you must use this or that, not
+both.
+
+Using set_die_handler() sets SIG{__DIE__} (as does fatalsToBrowser),
+and there is only one SIG{__DIE__}. This means that if you are
+attempting to set SIG{__DIE__} yourself, you may interfere with
+this module's functionality, or this module may interfere with
+your module's functionality.
+
=head1 MAKING WARNINGS APPEAR AS HTML COMMENTS
It is now also possible to make non-fatal errors appear as HTML
@@ -204,6 +243,9 @@ non-overridden program name
=head1 CHANGE LOG
+1.29 Patch from Peter Whaite to fix the unfixable problem of CGI::Carp
+ not behaving correctly in an eval() context.
+
1.05 carpout() added and minor corrections by Marc Hedlund
<hedlund at best.com> on 11/26/95.
@@ -233,7 +275,7 @@ non-overridden program name
fatalsToBrowser() output.
1.23 ineval() now checks both $^S and inspects the message for the "eval" pattern
- (hack alert!) in order to accomodate various combinations of Perl and
+ (hack alert!) in order to accommodate various combinations of Perl and
mod_perl.
1.24 Patch from Scott Gifford (sgifford at suspectclass.com): Add support
@@ -277,12 +319,13 @@ use File::Spec;
@ISA = qw(Exporter);
@EXPORT = qw(confess croak carp);
- at EXPORT_OK = qw(carpout fatalsToBrowser warningsToBrowser wrap set_message set_progname cluck ^name= die);
+ at EXPORT_OK = qw(carpout fatalsToBrowser warningsToBrowser wrap set_message set_die_handler set_progname cluck ^name= die);
$main::SIG{__WARN__}=\&CGI::Carp::warn;
-$CGI::Carp::VERSION = '1.29';
-$CGI::Carp::CUSTOM_MSG = undef;
+$CGI::Carp::VERSION = '1.30_01';
+$CGI::Carp::CUSTOM_MSG = undef;
+$CGI::Carp::DIE_HANDLER = undef;
# fancy import routine detects and handles 'errorWrap' specially.
@@ -290,7 +333,6 @@ sub import {
my $pkg = shift;
my(%routines);
my(@name);
-
if (@name=grep(/^name=/, at _))
{
my($n) = (split(/=/,$name[0]))[1];
@@ -382,7 +424,22 @@ sub ineval {
sub die {
my ($arg, at rest) = @_;
- realdie ($arg, at rest) if ineval();
+
+ if ($DIE_HANDLER) {
+ &$DIE_HANDLER($arg, at rest);
+ }
+
+ if ( ineval() ) {
+ if (!ref($arg)) {
+ $arg = join("",($arg, at rest)) || "Died";
+ my($file,$line,$id) = id(1);
+ $arg .= " at $file line $line.\n" unless $arg=~/\n$/;
+ realdie($arg);
+ }
+ else {
+ realdie($arg, at rest);
+ }
+ }
if (!ref($arg)) {
$arg = join("", ($arg, at rest));
@@ -405,6 +462,25 @@ sub set_message {
return $CGI::Carp::CUSTOM_MSG;
}
+sub set_die_handler {
+
+ my ($handler) = shift;
+
+ #setting SIG{__DIE__} here is necessary to catch runtime
+ #errors which are not called by literally saying "die",
+ #such as the line "undef->explode();". however, doing this
+ #will interfere with fatalsToBrowser, which also sets
+ #SIG{__DIE__} in the import() function above (or the
+ #import() function above may interfere with this). for
+ #this reason, you should choose to either set the die
+ #handler here, or use fatalsToBrowser, not both.
+ $main::SIG{__DIE__} = $handler;
+
+ $CGI::Carp::DIE_HANDLER = $handler;
+
+ return $CGI::Carp::DIE_HANDLER;
+}
+
sub confess { CGI::Carp::die Carp::longmess @_; }
sub croak { CGI::Carp::die Carp::shortmess @_; }
sub carp { CGI::Carp::warn Carp::shortmess @_; }
@@ -499,6 +575,7 @@ END
print STDOUT $mess;
}
else {
+ print STDOUT "Status: 500\n";
print STDOUT "Content-type: text/html\n\n";
print STDOUT $mess;
}
diff -up perl-5.8.8/lib/CGI/Changes.crr perl-5.8.8/lib/CGI/Changes
--- perl-5.8.8/lib/CGI/Changes.crr 2005-12-09 02:40:04.000000000 +0100
+++ perl-5.8.8/lib/CGI/Changes 2008-04-23 15:08:05.000000000 +0200
@@ -1,3 +1,126 @@
+ Version 3.37
+ 1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761)
+ 2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt
+ who reported and fixed the problem.
+
+ Version 3.36
+ 1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";".
+
+ Version 3.35
+ 1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames.
+
+ Version 3.34
+ 1. Handle Unicode %uXXXX escapes properly -- patch from DANKOGAI at cpan.org
+ 2. Fix url() method to not choke on path names that contain regex characters.
+
+ Version 3.33
+ 1. Remove uninit variable warning when calling url(-relative=>1)
+ 2. Fix uninit variable warnings for two lc calls
+ 3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10
+
+ Version 3.32
+ 1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0
+
+ Version 3.31
+ 1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code.
+ 2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works.
+ 3. Possibly fixed "wrapped pack" error on 5.10 and higher.
[...1902 lines suppressed...]
+ 'DOCUMENT_ROOT' => '/home/develop',
+ 'HTTP_HOST' => 'www.perl.org'
+);
+
+#-----------------------------------------------------------------------------
+# Simulate the upload (really, multiple uploads contained in a single stream).
+#-----------------------------------------------------------------------------
+
+my $q;
+
+{
+ local *STDIN;
+ open STDIN, '<t/upload_post_text.txt'
+ or die 'missing test file t/upload_post_text.txt';
+ binmode STDIN;
+ $q = CGI->new;
+}
+
+#-----------------------------------------------------------------------------
+# Check that the file names retrieved by CGI are correct.
+#-----------------------------------------------------------------------------
+
+is( $q->param('does_not_exist_gif'), 'does_not_exist.gif', 'filename_2' );
+is( $q->param('100;100_gif') , '100;100.gif' , 'filename_3' );
+is( $q->param('300x300_gif') , '300x300.gif' , 'filename_4' );
+
+{
+ my $test = "multiple file names are handled right with same-named upload fields";
+ my @hello_names = $q->param('hello_world');
+ is ($hello_names[0],'goodbye_world.txt',$test. "...first file");
+ is ($hello_names[1],'hello_world.txt',$test. "...second file");
+}
+
+#-----------------------------------------------------------------------------
+# Now check that the upload method works.
+#-----------------------------------------------------------------------------
+
+ok( defined $q->upload('does_not_exist_gif'), 'upload_basic_2' );
+ok( defined $q->upload('100;100_gif') , 'upload_basic_3' );
+ok( defined $q->upload('300x300_gif') , 'upload_basic_4' );
+
+{
+ my $test = "file handles have expected length for multi-valued field. ";
+ my ($goodbye_fh,$hello_fh) = $q->upload('hello_world');
+
+ # Go to end of file;
+ seek($goodbye_fh,0,2);
+ # How long is the file?
+ is(tell($goodbye_fh), 15, "$test..first file");
+
+ # Go to end of file;
+ seek($hello_fh,0,2);
+ # How long is the file?
+ is(tell($hello_fh), 13, "$test..second file");
+
+}
+
+
+
+{
+ my $test = "300x300_gif has expected length";
+ my $fh1 = $q->upload('300x300_gif');
+ is(tell($fh1), 0, "First object: filehandle starts with position set at zero");
+
+ # Go to end of file;
+ seek($fh1,0,2);
+ # How long is the file?
+ is(tell($fh1), 1656, $test);
+}
+
+my $q2 = CGI->new;
+
+{
+ my $test = "Upload filehandles still work after calling CGI->new a second time";
+ $q->param('new','zoo');
+
+ is($q2->param('new'),undef,
+ "Reality Check: params set in one object instance don't appear in another instance");
+
+ my $fh2 = $q2->upload('300x300_gif');
+ is(tell($fh2), 0, "...so the state of a file handle shouldn't be carried to a new object instance, either.");
+ # Go to end of file;
+ seek($fh2,0,2);
+ # How long is the file?
+ is(tell($fh2), 1656, $test);
+}
+
+{
+ my $test = "multi-valued uploads are reset properly";
+ my ($dont_care, $hello_fh2) = $q2->upload('hello_world');
+ is(tell($hello_fh2), 0, $test);
+}
+
+# vim: nospell
diff -up perl-5.8.8/lib/CGI/t/util-58.t.crr perl-5.8.8/lib/CGI/t/util-58.t
diff -up perl-5.8.8/lib/CGI/t/util.t.crr perl-5.8.8/lib/CGI/t/util.t
--- perl-5.8.8/lib/CGI/t/util.t.crr 2003-06-02 19:37:04.000000000 +0200
+++ perl-5.8.8/lib/CGI/t/util.t 2006-12-01 16:35:20.000000000 +0100
@@ -5,7 +5,7 @@
######################### We start with some black magic to print on failure.
use lib '../blib/lib','../blib/arch';
-BEGIN {$| = 1; print "1..59\n"; }
+BEGIN {$| = 1; print "1..57\n"; }
END {print "not ok 1\n" unless $loaded;}
use Config;
use CGI::Util qw(escape unescape);
@@ -31,7 +31,7 @@ my %punct = (
':' => '3A', ';' => '3B', '<' => '3C', '=' => '3D',
'>' => '3E', '?' => '3F', '[' => '5B', '\\' => '5C',
']' => '5D', '^' => '5E', '`' => '60', # '_' => '5F',
- '{' => '7B', '|' => '7C', '}' => '7D', '~' => '7E',
+ '{' => '7B', '|' => '7C', '}' => '7D', # '~' => '7E',
);
# The sort order may not be ASCII on EBCDIC machines:
diff -up perl-5.8.8/lib/CGI/Util.pm.crr perl-5.8.8/lib/CGI/Util.pm
--- perl-5.8.8/lib/CGI/Util.pm.crr 2005-04-03 17:23:42.000000000 +0200
+++ perl-5.8.8/lib/CGI/Util.pm 2008-03-14 15:25:54.000000000 +0100
@@ -7,7 +7,7 @@ require Exporter;
@EXPORT_OK = qw(rearrange make_attributes unescape escape
expires ebcdic2ascii ascii2ebcdic);
-$VERSION = '1.5';
+$VERSION = '1.5_01';
$EBCDIC = "\t" ne "\011";
# (ord('^') == 95) for codepage 1047 as on os390, vmesa
@@ -141,8 +141,12 @@ sub simple_escape {
sub utf8_chr {
my $c = shift(@_);
- return chr($c) if $] >= 5.006;
-
+ if ($] >= 5.006){
+ require utf8;
+ my $u = chr($c);
+ utf8::encode($u); # drop utf8 flag
+ return $u;
+ }
if ($c < 0x80) {
return sprintf("%c", $c);
} elsif ($c < 0x800) {
@@ -189,6 +193,17 @@ sub unescape {
if ($EBCDIC) {
$todecode =~ s/%([0-9a-fA-F]{2})/chr $A2E[hex($1)]/ge;
} else {
+ # handle surrogate pairs first -- dankogai
+ $todecode =~ s{
+ %u([Dd][89a-bA-B][0-9a-fA-F]{2}) # hi
+ %u([Dd][c-fC-F][0-9a-fA-F]{2}) # lo
+ }{
+ utf8_chr(
+ 0x10000
+ + (hex($1) - 0xD800) * 0x400
+ + (hex($2) - 0xDC00)
+ )
+ }gex;
$todecode =~ s/%(?:([0-9a-fA-F]{2})|u([0-9a-fA-F]{4}))/
defined($1)? chr hex($1) : utf8_chr(hex($2))/ge;
}
@@ -200,12 +215,16 @@ sub escape {
shift() if @_ > 1 and ( ref($_[0]) || (defined $_[1] && $_[0] eq $CGI::DefaultClass));
my $toencode = shift;
return undef unless defined($toencode);
+ $toencode = eval { pack("C*", unpack("U0C*", $toencode))} || pack("C*", unpack("C*", $toencode));
+
# force bytes while preserving backward compatibility -- dankogai
- $toencode = pack("C*", unpack("C*", $toencode));
+ # but commented out because it was breaking CGI::Compress -- lstein
+ # $toencode = eval { pack("U*", unpack("U0C*", $toencode))} || pack("C*", unpack("C*", $toencode));
+
if ($EBCDIC) {
- $toencode=~s/([^a-zA-Z0-9_.-])/uc sprintf("%%%02x",$E2A[ord($1)])/eg;
+ $toencode=~s/([^a-zA-Z0-9_.~-])/uc sprintf("%%%02x",$E2A[ord($1)])/eg;
} else {
- $toencode=~s/([^a-zA-Z0-9_.-])/uc sprintf("%%%02x",ord($1))/eg;
+ $toencode=~s/([^a-zA-Z0-9_.~-])/uc sprintf("%%%02x",ord($1))/eg;
}
return $toencode;
}
@@ -258,13 +277,13 @@ sub expire_calc {
# specifying the date yourself
my($offset);
if (!$time || (lc($time) eq 'now')) {
- $offset = 0;
+ $offset = 0;
} elsif ($time=~/^\d+/) {
- return $time;
- } elsif ($time=~/^([+-]?(?:\d+|\d*\.\d*))([mhdMy]?)/) {
- $offset = ($mult{$2} || 1)*$1;
+ return $time;
+ } elsif ($time=~/^([+-]?(?:\d+|\d*\.\d*))([smhdMy])/) {
+ $offset = ($mult{$2} || 1)*$1;
} else {
- return $time;
+ return $time;
}
return (time+$offset);
}
Index: perl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/perl/F-8/perl.spec,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -r1.151 -r1.152
--- perl.spec 29 Apr 2008 06:18:17 -0000 1.151
+++ perl.spec 9 Jun 2008 08:38:00 -0000 1.152
@@ -24,7 +24,7 @@
Name: perl
Version: %{perl_version}
-Release: 39%{?dist}
+Release: 40%{?dist}
Epoch: %{perl_epoch}
Summary: The Perl programming language
Group: Development/Languages
@@ -134,8 +134,8 @@
Patch45: perl-5.8.8-rhbz#431774.patch
# fix problem with update Scalar::Util with CPAN, "XS problem" -> 10bugs or so
Patch46: perl-5.8.8-Scalar-Util-19.patch
-# 431774 CGI.pm Version 3.15 Contains Broken File Upload Method
-Patch47: perl-5.8.8-CGI-3.29.patch
+# CGI.pm Version 3.30 fix UTF-8 support
+Patch47: perl-5.8.8-CGI-3.37.patch
# update Test::Simple
Patch48: perl-5.8.8-TestSimple0.78.patch
# beter check of gethostbyname, fixed in upstream
@@ -820,6 +820,9 @@
# Nothing. Nada. Zilch. Zarro. Uh uh. Nope. Sorry.
%changelog
+* Mon Jun 9 2008 Marcela Maslanova <mmaslano at redhat.com> - 4:5.8.8-40
+- 450289 CGI updato to 3.37
+
* Tue Apr 29 2008 Marcela Maslanova <mmaslano at redhat.com> - 4:5.8.8-39
- perl-5.8.8-CVE-2008-1927.patch - buffer overflow, when using unicode
characters in regexp
--- perl-5.8.8-CGI-3.29.patch DELETED ---
- Previous message (by thread): rpms/sugar-toolkit/devel .cvsignore, 1.9, 1.10 sources, 1.10, 1.11 sugar-toolkit.spec, 1.11, 1.12
- Next message (by thread): rpms/alsa-lib/F-8 alsa-lib-1.0.16-no-dox-date.patch, NONE, 1.1 alsa-lib.spec, 1.64, 1.65 sources, 1.34, 1.35
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list