Date: Thu, 7 Dec 2000 23:34:38 -0800 (PST) From: gmarco@giovannelli.it To: freebsd-gnats-submit@FreeBSD.org Subject: misc/23376: The version of CGI.pm bundled with perl in -STABLE is outdated (more than 2 years) Message-ID: <200012080734.eB87YcI87044@freefall.freebsd.org> Resent-Message-ID: <200012080740.eB87e2S87626@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 23376
>Category: misc
>Synopsis: The version of CGI.pm bundled with perl in -STABLE is outdated (more than 2 years)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Dec 07 23:40:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Gianmarco Giovannelli
>Release: 4.2-STABLE
>Organization:
>Environment:
freebsd:/tmp/neomail-1.20# uname -a
FreeBSD freebsd.computerhouseprato.com 4.2-STABLE FreeBSD 4.2-STABLE #0: Thu Dec 7 19:46:33 CET 2000 root@test.computerhouseprato.com:/usr/obj/usr/src/sys/FREEBSD i386
>Description:
Our CGI.pm (2.46) is outdated:
CGI.pm-2.45.readme 26-Nov-1998 02:59 2k
CGI.pm-2.45.tar.gz 26-Nov-1998 03:07 150k
CGI.pm-2.46.readme 06-Dec-1998 02:17 2k
CGI.pm-2.46.tar.gz 06-Dec-1998 02:22 150k
CGI.pm-2.47.readme 17-Feb-1999 04:15 2k
CGI.pm-2.47.tar.gz 17-Feb-1999 19:50 153k
CGI.pm-2.48.readme 19-Feb-1999 06:06 2k
CGI.pm-2.48.tar.gz 19-Feb-1999 06:10 153k
CGI.pm-2.49.readme 23-Feb-1999 09:55 2k
CGI.pm-2.49.tar.gz 23-Feb-1999 14:00 153k
CGI.pm-2.52.readme 03-May-1999 11:06 2k
CGI.pm-2.52.tar.gz 08-Jun-1999 08:13 155k
CGI.pm-2.53.readme 03-May-1999 11:06 2k
CGI.pm-2.53.tar.gz 09-Jun-1999 07:56 156k
CGI.pm-2.54.readme 11-Jun-1999 09:12 2k
CGI.pm-2.54.tar.gz 09-Aug-1999 07:18 157k
CGI.pm-2.55.readme 11-Jun-1999 09:12 2k
CGI.pm-2.55.tar.gz 31-Aug-1999 10:11 157k
CGI.pm-2.56.readme 13-Sep-1999 05:49 2k
CGI.pm-2.56.tar.gz 13-Sep-1999 14:11 158k
CGI.pm-2.59.readme 19-Mar-2000 19:34 2k
CGI.pm-2.59.tar.gz 24-Mar-2000 04:31 161k
CGI.pm-2.61.readme 19-Mar-2000 19:34 2k
CGI.pm-2.61.tar.gz 27-Mar-2000 18:50 161k
CGI.pm-2.62.readme 11-Jun-1999 09:12 2k
CGI.pm-2.62.tar.gz 28-Mar-2000 13:38 160k
CGI.pm-2.65.readme 11-Jun-1999 09:12 2k
CGI.pm-2.65.tar.gz 11-Apr-2000 08:55 161k
CGI.pm-2.66.readme 11-Jun-1999 09:12 2k
CGI.pm-2.66.tar.gz 12-Apr-2000 13:16 161k
CGI.pm-2.67.readme 13-Sep-1999 05:49 2k
CGI.pm-2.67.tar.gz 15-May-2000 18:38 163k
CGI.pm-2.68.readme 11-Jun-1999 09:12 2k
CGI.pm-2.68.tar.gz 18-May-2000 10:55 162k
CGI.pm-2.69.readme 27-Jul-2000 20:04 2k
CGI.pm-2.69.tar.gz 27-Jul-2000 20:06 164k
CGI.pm-2.70.readme 27-Jul-2000 19:52 2k
CGI.pm-2.70.tar.gz 04-Aug-2000 12:37 164k
CGI.pm-2.71.readme 27-Jul-2000 20:04 2k
CGI.pm-2.71.tar.gz 13-Aug-2000 09:09 164k
CGI.pm-2.72.readme 27-Jul-2000 20:04 2k
CGI.pm-2.72.tar.gz 20-Aug-2000 10:35 165k
CGI.pm-2.74.readme 27-Jul-2000 20:04 2k
CGI.pm-2.74.tar.gz 13-Sep-2000 09:35 165k
Revision History
Version 2.74
September 13, 2000
Quashed one-character bug that caused CGI.pm to fail on file uploads.
Version 2.73
September 12, 2000
Added -base to the list of arguments accepted by url().
Fixes to XHTML support.
POST parameters no longer show up in the Location box.
Version 2.72
August 19, 2000
Fixed the defaults button so that it works again
Charset is now correctly saved and restored when saving to files
url() now works correctly when given scripts with %20 and other escapes in the additional path info. This undoes a patch introduced in version 2.47 that I no longer understand the rationale for.
Version 2.71
August 13, 2000
Newlines in the value attributes of hidden fields and other form elements are now escaped when using ISO-Latin.
Inline script and style sections are now protected as CDATA sections when XHTML mode is on (the default).
Version 2.70
August 4, 2000
Fixed bug in scrolling_list() which omitted a space in front of the "multiple" attribute.
Squashed the "useless use of string in void context" message from redirects.
Version 2.69
startform() now creates default ACTION for POSTs as well as GETs. This may break some browsers, but it no longer violates the HTML spec.
CGI.pm now emits XHTML by default. Disable with -no_xhtml.
We no longer interpret &#ddd sequences in non-latin character sets.
Version 2.68
No longer attempts to escape characters when dealing with non ISO-8861 character sets.
checkbox() function now defaults to using -value as its label, rather than -name. The current behavior is what has been documented from the beginning.
-style accepts array reference to incorporate multiple stylesheets into document.
Fixed two bugs that caused the -compile pragma to fail with a syntax error.
Version 2.67
Added XHTML support (incomplete; tags need to be lowercased).
Fixed CGI/Carp when running under mod_perl. Probably broke in other contexts.
Fixed problems when passing multiple cookies.
Suppress warnings from _tableize() that were appearing when using -w switch with radio_group() and checkbox_group().
Support for the header() -attachment argument, which can give pages a default file name when saving to disk.
Version 2.66
2.65 changes in make_attributes() broke HTTP header functions (including redirect), so made it context sensitive.
Version 2.65
Fixed regression tests to skip tests that require implicit fork on machines without fork().
Changed make_attributes() to automatically escape any HTML reserved characters.
Minor documentation fix in javascript example.
Version 2.64
Changes introduced in 2.63 broke param() when retrieving parameter lists containing only a single argument. This is now fixed.
self_url() now defaults to returning parameters delimited with semicolon. Use the pragma -oldstyle_urls to get the old "&" delimiter.
Version 2.63
Fixed CGI::Push to pull out parameters correctly.
Fixed redirect() so that it works with default character set
Changed param() so as to returned empty string '' when referring to variables passed in query strings like 'name1=&name2'
Version 2.62
Fixed broken ReadParse() function, and added regression tests
Fixed broken CGI::Pretty, and added regression tests
Version 2.61
Moved more functions from CGI.pm proper into CGI/Util.pm. CGI/Cookie should now be standalone.
Disabled per-user temporary directories, which were causing grief.
Version 2.60
Fixed junk appearing in autogenerated HTML functions when using object-oriented mode.
Version 2.59
autoescape functionality breaks too much existing code, removed it.
use escapeHTML() manually
Version 2.58
This is the release version of 2.57.
Version 2.57
Added -debug pragma and turned off auto reading of STDIN.
Default DTD updated to HTML 4.01 transitional.
Added charset() method and the -charset argument to header().
Fixed behavior of escapeHTML() to respect charset() and to escape nasty Windows characters (thanks to Tom Christiansen).
Handle REDIRECT_QUERY_STRING correctly.
Removed use_named_parameters() because of dependency problems and general lameness.
Fixed problems with bad HREF links generated by url(-relative=>1) when the url is like /people/.
Silenced a warning on upload (patch provided by Jonas Liljegren)
Fixed race condition in CGI::Carp when errors occur during parsing (patch provided by Maurice Aubrey).
Fixed failure of url(-path_info=>1) when path contains % signs.
Fixed warning from CGI::Cookie when receiving foreign cookies that don't use name=value format.
Fixed incompatibilities with file uploading on VMS systems.
Version 2.56
Fixed bugs in file upload introduced in version 2.55
Fixed long-standing bug that prevented two files with identical names from being uploaded.
Version 2.55
Fixed cookie regression test so as not to produce an error.
Fixed path_info() and self_url() to work correctly together when path_info() modified.
Removed manify warnings from CGI::{Switch,Apache}.
Version 2.54
This will be the last release of the monolithic CGI.pm module. Later versions will be modularized and optimized.
DOMAIN tag no longer added to cookies by default. This will break some versions of Internet Explorer, but will avoid breaking networks which use host tables without fully qualified domain names. For compatibility, please always add the -domain tag when creating cookies.
Fixed escape() method so that +'s are treated correctly.
Updated CGI::Pretty module.
Version 2.53
Forgot to upgrade regression tests before releasing 2.52. NOTHING ELSE HAS CHANGED IN LIBRARY
Version 2.52
Spurious newline in checkbox() routine removed. (courtesy John Essen)
TEXTAREA linebreaks now respected in dump() routine. (courtesy John Essen)
Patches for DOS ports (courtesy Robert Davies)
Patches for VMS
More fixes for cookie problems
Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy Byron Brummer)
Version 2.51
Fixed problems with cookies not being remembered when sent to IE 5.0 (and Netscape 5.0 too?)
Numerous HTML compliance problems in cgi_docs.html; fixed thanks to Michael Leahy
Version 2.50
Added a new Vars() method to retrieve all parameters as a tied hash.
Untainted tainted tempfile name so that script doesn't fail on terminal unlink.
Made picking of upload tempfile name more intelligent so that doesn't fail in case of name collision.
Fixed handling of expire times when passed an absolute timestamp.
Version 2.49
Fixes for FastCGI (globals not getting reset)
Fixed url() to correctly handle query string and path under MOD_PERL
Version 2.48
Reverted detection of MOD_PERL to avoid breaking PerlEX.
Version 2.47
Patch to fix file upload bug appearing in IE 3.01 for Macintosh/PowerPC.
Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when running under Apache, to fix self-referencing URIs.
Fixed bug in escapeHTML() which caused certain constructs, such as CGI->image_button(), to fail.
Fixed bug which caused strong('CGI') to fail. Be careful to use CGI::strong('CGI') and not CGI->strong('CGI'). The latter will produce confusing results.
Added upload() function, as a preferred replacement for the "filehandle as string" feature.
Added cgi_error() function.
Rewrote file upload handling to return undef rather than dieing when an error is encountered. Be sure to call cgi_error() to find out what went wrong.
... and some software complain about this:
freebsd:/tmp/neomail-1.20# ./setup.pl
**********************************
****** COMPATIBILITY CHECKS ******
**********************************
IF ANY OF THESE CHECKS FAIL, INSTALLATION WILL NOT CONTINUE.
PLEASE INSTALL THE APPROPRIATE DBM LIBRARY OR MODULE AND TRY AGAIN.
Checking for installation of Berkely DB or GNU DB capability...
Looks OK.
Checking for up-to-date CGI.pm...
Your CGI.pm is outdated. You have version 2.46, while NeoMail
requires at least 2.72.
>How-To-Repeat:
Try to install, i.e. neomail,
http://sourceforge.net/project/showfiles.php?group_id=2874
>Fix:
Commit new CGI.pm in the perl tree...
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012080734.eB87YcI87044>