The Perl module LWPx::ParanoidAgent is a subclass of LWP::UserAgent,
but paranoid against attackers. It's to be used when you're fetching a
remote resource on behalf of a possibly malicious user.
This class can do whatever LWP::UserAgent can (callbacks, uploads from
files, etc), except proxy support is explicitly removed, because in that
case you should do your paranoia at your proxy. Only "http:" and "https:"
URL schemes are supported.
#------------------------------------------------------------------------
# Version 2.19 - 27th April 2007
#------------------------------------------------------------------------
* Applied a patch to t/fileline.t from Steffen M�ller which fixes the
problems running on Win32 with backslashes in paths.
https://rt.cpan.org/Ticket/Display.html?id=20488
* Applied a patch to the XS Stash from Randy Kobes which fixes some other
Win32 problems.
http://tt2.org/pipermail/templates/2007-February/009247.html
* Applied another patch to the XS Stash from Steve Peters which fixes
a problem with tied hashes under more recent version of Perl.
http://tt2.org/pipermail/templates/2007-January/009181.html
* Fixed a problem in the Perl Stash when using objects that have
overloaded comparison operators. Thanks to Randal Schwartz, Tatsuhiko
Miyagawa and Daisuke Maki for their contributions.
http://tt2.org/pipermail/templates/2007-March/009265.html
* Applied a patch from Bill Moseley to Template::Provider which adds
negative caching and moves some functionality into separate methods
to make subclassing easier. Also added the STAT_TTL configuration
parameter.
http://tt2.org/pipermail/templates/2007-January/009183.html
* Added the url filter as a less aggressive form of the uri filter.
Whereas the uri filter now (from v2.16 onwards) encodes all the
reserved characters (@, :, /, etc.) as per RFC2396, the url filter
leaves them intact and thus behaves just like the uri filter used
to.
http://tt2.org/pipermail/templates/2007-March/009277.html
#------------------------------------------------------------------------
# Version 2.18a - 9th February 2007
#------------------------------------------------------------------------
* Applied a patch from Steve Peters to the Stash.xs to allow it to
compile with bleadperl 5.9.x
https://rt.cpan.org/Public/Bug/Display.html?id=22506
#------------------------------------------------------------------------
# Version 2.18 - 9th February 2007
#------------------------------------------------------------------------
* Merged in Adam's changes in 2.16 and 2.17 back into the developer CVS
repository and added his name to the credits.
* Changed the parser grammar to accept expressions as arguments to a
subroutine, method or virtual method call. I'm embarrassed to admit
that it was a one line change that could (and should) have been made
long ago, if only I had realised just how trivial it was. Anyway,
you can now write nested expressions like this:
[% add(a+5, b < 10 ? c : d + e*5) %]
* Put the t/fileline.t test back in as this was fixed in 2.15a
* Added the Template::Toolkit documentation-only module.
#------------------------------------------------------------------------
# Version 2.17 - 8th Feb 2007
#------------------------------------------------------------------------
Another interim release from Adam Kennedy.
* Change in Makefile.PL to force an upgrade to File::HomeDir 0.64 on darwin.
This is due to problems caused by changes made to Perl on the new Intel
versions of Mac OS X.
* skip_all filelines.t on darwin
#------------------------------------------------------------------------
# Version 2.16 - 23rd Jan 2007
#------------------------------------------------------------------------
Interim release from Adam Kennedy.
* Skip fileline.t on Win32, as it has some hard-coded path seperator
assumptions. This will be fixed more comprehensively later.
* Handle spurious errors in Makefile.PL when a dev version of
ExtUtils::MakeMaker is installed.
* Don't say "nmake" on Win32 when $Config{make} is 'dmake'.
This corrects the message on Strawberry Perl.
#------------------------------------------------------------------------
# Version 2.15c - Not released ## DEVELOPER RELEASE ##
#------------------------------------------------------------------------
* Fixed a bug in Template::Parser which caused it to get confused about
block names if it encountered a syntax error inside a BLOCK. Thanks
to Bill Moseley for reporting the problem.
http://tt2.org/pipermail/templates/2006-July/008815.html
* Fixed a minor buglet in Template::Provider which came to light while
investigating the above problem. If a previously cached template is changed
on disk and then fails to compile, the provider now invalidates the cache
entry immediately. Without this fix, the provider would report the error
once, then reuse the cached good version of the template until $STAT_TTL
ticked over when it would try to load and compile the disk version again.
The problem was that error messages were only reported once every $STAT_TTL
second(s) and any requests for the same template in the interim time would
mysteriously work. This way errors get reported consistently and immediately
and no-one has to waste an afternoon trying to figure out where the errors
went!
#------------------------------------------------------------------------
# Version 2.15b - 30th May 2006 ## DEVELOPER RELEASE ##
#------------------------------------------------------------------------
* Changed the uri filter to escape all reserved characters as per
URI::Escape and RFC2396. This now includes &, @, /, ;, :, =, +, ?
and $ which were previously not escaped. Thanks to islue@cpan.org
for reporting the problem.
http://rt.cpan.org/Ticket/Display.html?id=19593
* Also changed the uri filter to encode all wide characters as the
equivalent UTF escapes. Thanks to Jonathan Rockway for reporting
the problem.
http://rt.cpan.org/Ticket/Display.html?id=19354
* Fixed the redirect filter to not support relative paths. Thanks to
Paul Seamons for spotting the problem and providing a solution.
* Moved all the virtual methods out of Template::Stash and into
a new Template::VMethods module.
* Fixed the version number of Template::Stash which had rolled over
to 2.102 making it appear to predate the 2.86 stash in TT v2.14.
Thanks to Randal Schwartz for reporting the problem. Changed all
version numbers in other modules to be a hard-coded numbers instead
of grokking it automagically from the CVS revision.
* Changed the _recover() method of Template::Service to check if the
error thrown is a Template::Exception object rather than just a
reference. Thanks to David Wheeler for reporting the problem.
http://rt.cpan.org/Ticket/Display.html?id=17630
* Fixed the some tests in stash.t and stash-xs.t which were failing
under Perl 5.6.2 due to a slightly different error message being
generated. Thanks to Anton Berezin for reporting the problem.
* Fixed a bug in the Template::Provider _load() method to check that
$data is a hash ref before trying to mess with its innards. Thanks
to barbie@cpan.org for reporting the problem.
http://rt.cpan.org/Ticket/Display.html?id=18653
#------------------------------------------------------------------------
# Version 2.15a - 29th May 2006 ## DEVELOPER RELEASE ##
#------------------------------------------------------------------------
* Removed the latex filter from Template::Filters and related config
variables from Template::Config
* Changed the t/fileline.t test to remove the line number from what Perl
reports as "(eval $line)". It appears to get the $line wrong on
FreeBSD, although the correct line number is reported following that
so the tests still do the right thing. Thanks to Anton Berezin for
reporting the problem.
* Changed the t/compile3.t test to do something similar.
Zope 2.9 and later. No revision bump for all components, but this
should help pkg_add to pick up the right Zope when binaries for all are
available. Discussed with taca@
1.12 Thu Jul 6 23:47:59 CDT 2006
[ENHANCEMENTS]
* Added followable_links() method to return only those links
that your mech can actually follow.
1.10 Sun Jun 18 22:58:41 CDT 2006
[FIXES]
* RT #19147: Tests turn off the http_proxy environment variable
before starting. Thanks to Matt Trout.
* RT #18779: makes stuff_inputs() conform to the documentation,
changing the implementation to expect an arrayref for
$options->{ ignore }, as opposed to a hashref. Thanks to
Mike O'Regan.
[ENHANCEMENTS]
* Added base_is, base_like and base_unlike. Thanks to MATSUNO
Tokuhiro.
1.24 Fri May 11 15:57:56 CDT 2007
========================================
[FIXES]
* Fixed failures in "make test" with some versions of HTTP::Server::Simple
* RT #26593: Improved handling of charsets. Thanks Kevin Falcone.
* RT #24354: find_link now handles http-equivs with quoted URLs.
* Reverses the change in 1.21_01 where it decodes the content.
[ENHANCEMENTS]
* Added find_all_inputs() and find_all_submits() methods. Thanks,
Mike O'Regan.
* Test::LongString is no longer needed, so has been removed as a
requirement.
[TESTS]
* Added a test for save_content()
Changes with libapreq2-2.08 (released August 8, 2006)
- Perl API [Randy Kobes]
add APR_FILE_NOCLEANUP | APR_SHARELOCK to flags passed to
apreq_file_mktemp() on Win32 in library/util.c, in order to
clean up occasional stray temp files left behind in the
Perl upload test (reported by Steve Hay)
- Build [Philip M. Gollucci, Bojan Smojver, joes]
add -fno-strict-aliasing to all compiles on all systems
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193740
This fixes an infinite look split_on_bdry() of library/parser_multipart.c
particularly on linux/gcc 4.x platforms.
- Perl Glue
Fix "value computed not used" gcc 4.1.x compile errors
- Build [Randy Kobes]
Fix the location of apxs and the names of the apr and aprutil
libraries on Win32 to enable building against Apache/2.2.
- Perl Glue docs [Philip M. Gollucci]
Fix the 'docs_install' make target to actually install
the docs for the perl glue.
- Perl Glue Build [Philip M. Gollucci]
Regenerate glue/perl/xsbuilder/ppport.h to fix perl 5.8.8+ on some
plaforms.
- C API [joes]
Add code for apreq_cookies().
- Perl API [joes]
Expose the constants in apreq_error.h via the APR::Request::Error package.
You do not need nspluginwrapper if the ABI of the plugin and browser are the
same, such as running a 32 bit Linux firefox and flash plugin under NetBSD.
Changes since 2.2a3 [2007/03/17]:
- Fixed support for SHIFT graph command.
- Updated RRDs::fetch usage again (courtesy of Andy Mayhew).
- Saving dashboards could generate bad index entries (reported by Fabien
Wernli).
- Added "Invisible" color (suggested by John Rouillard).
- Dashboard style display for templates broke custom time display of
templates (reported by Mark Noworolski).
- Two typos caused forms to use POST instead of GET (courtesy of Fabien
Wernli).
- The graph editor no longer allowed stacking CDEFs or VDEFs (reported by
John Rouillard).
w3m 0.5.2 - 2007-05-31
* security fix
- fix format string vulnerability.
* new features
- support gtk2 with w3m-img.
- new option for LiveHTTPHeaders-like logs.
- new option to fontify <del>, <s>, <ins>, and so on.
* other bug fixes
- avoid errors in "configure" and "make".
- '\n' handling in attributes' values of HTML tags.
Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-12 Crashes with evidence of memory corruption
For the complete changelog, see
http://www.mozilla.org/projects/seamonkey/releases/seamonkey1.1.2/changelog.html
Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-13 Persistent Autocomplete Denial of Service
MFSA 2007-12 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/firefox/releases/1.5.0.12.html
Note: Firefox 1.5.0.x will be maintained with security and stability updates
until June 2007. All users are strongly encouraged to upgrade to Firefox 2.
Security fixes in this version:
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-13 Persistent Autocomplete Denial of Service
MFSA 2007-12 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/firefox/2.0.0.4/releasenotes/
sets BUILDLINK_INCDIRS.apr, remove custom CPPFLAGS. Use -e for the
SUBST_SED expression to mollify pkglint. Add APACHE_USER and VARBASE
to BUILD_DEFS. Don't try to remove lib/httpd on deinstall, as it
belongs to Apache. Bump PKGREVISION.
It fixes an Important vulnerability.
Changes between 1.2.22 and 1.2.23
Native
Change the default value of JkOptions to ForwardURICompatUnparsed. The
old default value was ForwardURICompat. This should make URL
interpretation between Apache httpd and Tomcat consistent (prevent
double decoding problems). (rjung)
MimeTeX, licensed under the gpl, lets you easily embed LaTeX math in your html
pages. It parses a LaTeX math expression and immediately emits the corresponding
gif image, rather than the usual TeX dvi. And mimeTeX is an entirely separate
little program that doesn't use TeX or its fonts in any way. It's just one cgi
that you put in your site's cgi-bin/ directory, with no other dependencies. So
mimeTeX is very easy to install. And it's equally easy to use. Just place an
html <img> tag in your document wherever you want to see the corresponding LaTeX
expression.
The Mechanize library is used for automating interaction with
websites. Mechanize automatically stores and sends cookies, follows
redirects, can follow links, and submit forms. Form fields can be
populated and submitted. Mechanize also keeps track of the sites that
you have visited as a history.
CGI::Application::Plugin::DBH adds easy access to a DBI database handle
to your CGI::Application modules. Lazy loading is used to prevent a
database connection from being made if the "dbh" method is not called
during the request. In other words, the database connection is not
created until it is actually needed.
1.06 - October 13th, 2005
Distinguish between selects with and without the multiple attribute set
(Alexander Hartmaier)
Added warnings to PREREQ_PM
1.05 - December 19th, 2004
Added new tests in 19_extra.t (Vsevolod (Simon) Ilyushchenko)
as part of Phalanx
Make it clearer that doesn't have a CGI.pm dependency.
