On Mon, Dec 27, 2010 at 04:23:40PM +0200, Niko Tyni wrote: > Assuming this is the case, I'm attaching preliminary patches for > > 3.29 (perl-modules / lenny) > 3.38 (libcgi-pm-perl / lenny) > 3.43 (perl-modules / squeeze + sid) > 3.49 (libcgi-pm-perl / squeeze) > 3.50 (libcgi-pm-perl / sid) > > They include relevant test suite additions from the github repository > and a small test fix I sent to [rt.cpan.org #64261].
> Eyeballs and testing would be welcome. In particular, I'm not entirely > sure about the //s modifier change in header() around CGI.pm:1500 in > the pre-3.49 patches. The change was introduced upstream with 3.49 along > with the header fixes but it's not covered by the test suite. I believe this change has no effect: the earlier part of the code checks that there are no newlines in the header string, so //s should make no difference. I'll probably include it anyway. However, my testing turned out another problem. This hunk from the pre-3.49 patches: > +Note that if a header value contains a carriage return, a leading space will > be > +added to each new line that doesn't already have one as specified by RFC2616 > +section 4.2. For example: > + > + print header( -ingredients => "ham\neggs\nbacon" ); > + > +will generate > + > + Ingredients: ham > + eggs > + bacon > + is only true for 3.49; it broke with 3.50 and further with 3.51 due to the same security changes we're working on. I've reported this as http://rt.cpan.org/Public/Bug/Display.html?id=64554 and will probably just drop the above doc change from the perl-modules patch. Furthermore, the perl-modules patches need an additional change to the top-level MANIFEST so that the tests actually get run. All this means I need another test session when I'm feeling less tired, so no perl upload tonight. -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
