Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 51109
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: cpan [...] chmrr.net
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: (no value)
Fixed in: (no value)

Attachments
0001-Update-README-to-account-for-CGI.pm-being-under-lib.patch
content-length-0.patch



Subject: Infinite-length reads with Content-Length: 0
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Charset: utf8
X-RT-Original-Encoding: utf-8
Content-Type: multipart/mixed; boundary="----------=_1257353208-9524-41"
Content-Length: 0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 404
Download (untitled) / with headers
text/plain 404b
CGI.pm 3.44 added a mode which reads until EOF is found, if Content-Length isn't found. Unfortunately, the implementation means that it does this if "Content-Length: 0" is specified. This breaks HTTP::Server::Simple::CGI in HTTP/1.1 with keep-alive, for instance, with LWP as a client -- the client hangs indefinitely. The attached patch against 3.48 fixes the problem by adding a "not defined" check.
Subject: content-length-0.patch
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1257353208-9524-40"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Charset: utf8
Content-Length: 0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: iso-8859-1
Content-Length: 0
Content-Type: application/octet-stream; name="content-length-0.patch"
Content-Disposition: inline; filename="content-length-0.patch"
Content-Transfer-Encoding: base64
Content-Length: 554
diff -ru CGI.pm-3.48/lib/CGI.pm CGI.pm-3.48-patched/lib/CGI.pm --- CGI.pm-3.48/lib/CGI.pm 2009-09-25 11:04:22.000000000 -0400 +++ CGI.pm-3.48-patched/lib/CGI.pm 2009-11-04 11:45:08.000000000 -0500 @@ -663,7 +663,7 @@ if ( $content_length > 0 ) { $self->read_from_client(\$query_string,$content_length,0); } - else { + elsif (not defined $ENV{CONTENT_LENGTH}) { $self->read_from_stdin(\$query_string); # should this be PUTDATA in case of PUT ? my($param) = $meth . 'DATA' ; Only in CGI.pm-3.48-patched/lib: CGI.pm.orig
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Charset: utf8
Content-Type: text/plain
Message-ID: <rt-3.6.HEAD-2591-1257356060-1180.51109-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 217
Download (untitled) / with headers
text/plain 217b
On Wed Nov 04 11:46:52 2009, ALEXMV wrote: Show quoted text
> The attached > patch against 3.48 fixes the problem by adding a "not defined" check.
Thanks! Patch added to the Git repo at http://github.com/yanick/CGI.pm/tree/rt-51109
MIME-Version: 1.0
X-Spam-Status: No, hits=-0.0 required=8.0 tests=SPF_PASS
In-Reply-To: <rt-3.6.HEAD-2591-1257356060-1180.51109-6-0 [...] rt.cpan.org>
References: <RT-Ticket-51109 [...] rt.cpan.org> <rt-3.6.HEAD-2591-1257356060-1180.51109-6-0 [...] rt.cpan.org>
X-Virus-Checked: Checked by ClamAV on 16.mx.develooper.com
Message-ID: <1257357117-sup-1820 [...] utwig>
Content-Type: multipart/mixed; boundary="=-1257357581-911594-6001-9346-1-="
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 86DE819B82E0 for <bug-cgi.pm [...] rt.cpan.org>; Wed, 4 Nov 2009 12:59:47 -0500 (EST)
Received: (qmail 8770 invoked by uid 103); 4 Nov 2009 17:59:46 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 4 Nov 2009 17:59:46 -0000
Received: from chmrr.net (HELO utwig.chmrr.net) (209.67.253.66) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Wed, 04 Nov 2009 09:59:44 -0800
Received: from chmrr by utwig.chmrr.net with local (Exim 4.69) (envelope-from <chmrr [...] chmrr.net>) id 1N5k8z-00018s-U1 for bug-cgi.pm [...] rt.cpan.org; Wed, 04 Nov 2009 12:59:41 -0500
Delivered-To: cpan-bug+cgi.pm [...] diesel.bestpractical.com
User-Agent: Sup/git
Subject: Re: [rt.cpan.org #51109] Infinite-length reads with Content-Length: 0
Return-Path: <chmrr [...] chmrr.net>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-cgi.pm [...] rt.cpan.org
Date: Wed, 04 Nov 2009 12:59:41 -0500
X-Spam-Level: *
To: bug-CGI.pm <bug-cgi.pm [...] rt.cpan.org>
Content-Transfer-Encoding: 8bit
From: Alex Vandiver <chmrr [...] chmrr.net>
RT-Message-ID: <rt-3.6.HEAD-9524-1257357596-216.51109-0-0 [...] rt.cpan.org>
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
X-RT-Original-Encoding: utf-8
Content-Length: 399
Download (untitled) / with headers
text/plain 399b
At Wed Nov 04 12:34:23 -0500 2009, Yanick Champoux via RT wrote: Show quoted text
> Patch added to the Git repo at http://github.com/yanick/CGI.pm/tree/rt-51109
Oh, I hadn't managed to find the git repository previously; I'm glad to see that the current META.yml lists it. Attached is a trivial documentation patch I noticed in passing, in addition. - Alex -- Networking -- only one letter away from not working
content-type: application/octet-stream; name="0001-Update-README-to-account-for-CGI.pm-being-under-lib.patch"
content-disposition: attachment; filename="0001-Update-README-to-account-for-CGI.pm-being-under-lib.patch"
Content-Transfer-Encoding: base64
Content-Length: 708

Message body is not shown because sender requested not to inline it.

MIME-Version: 1.0
X-Spam-Status: No, hits=-0.0 required=8.0 tests=SPF_PASS
In-Reply-To: <rt-3.6.HEAD-9524-1257357596-216.51109-5-0 [...] rt.cpan.org>
X-Mailer: Claws Mail 3.7.3 (GTK+ 2.12.9; i486-pc-linux-gnu)
References: <RT-Ticket-51109 [...] rt.cpan.org> <rt-3.6.HEAD-2591-1257356060-1180.51109-6-0 [...] rt.cpan.org> <1257357117-sup-1820 [...] utwig> <rt-3.6.HEAD-9524-1257357596-216.51109-5-0 [...] rt.cpan.org>
Message-ID: <20091104131534.6cea53a8 [...] summersault.com>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 0C9CD4D8040 for <bug-CGI.pm [...] rt.cpan.org>; Wed, 4 Nov 2009 13:15:40 -0500 (EST)
Received: (qmail 27210 invoked by uid 103); 4 Nov 2009 18:15:40 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 4 Nov 2009 18:15:40 -0000
Received: from tanagra.summersault.com (HELO tanagra.summersault.com) (12.161.105.149) by 16.mx.develooper.com (qpsmtpd/0.80) with SMTP; Wed, 04 Nov 2009 10:15:39 -0800
Received: (qmail 52510 invoked from network); 4 Nov 2009 13:15:35 -0500
Received: from simba.summersault.com (HELO localhost) (192.168.97.182) by tanagra.summersault.com with SMTP; 4 Nov 2009 13:15:35 -0500
Delivered-To: cpan-bug+CGI.pm [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #51109] Infinite-length reads with Content-Length: 0
Return-Path: <mark [...] summersault.com>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-CGI.pm [...] rt.cpan.org
Date: Wed, 4 Nov 2009 13:15:34 -0500
X-Spam-Level: *
To: bug-CGI.pm [...] rt.cpan.org
Content-Transfer-Encoding: 7bit
From: Mark Stosberg <mark [...] summersault.com>
RT-Message-ID: <rt-3.6.HEAD-2591-1257358550-47.51109-0-0 [...] rt.cpan.org>
Content-Length: 241
Download (untitled) / with headers
text/plain 241b
Thanks. I'll try to finish preparing a new release to recommend to Lincoln soon. I had less computer access and time for a couple weeks as I recovered from a laptop theft, but I've finished setting up replacement system now. Mark
MIME-Version: 1.0
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <rt-3.6.HEAD-9524-1257357596-216.51109-15-0 [...] rt.cpan.org>
X-Ironport-Anti-Spam-Result: Ap4EANmI9krO+Ir8/2dsb2JhbACBTYMkxH+PLIEygjhUBIJ4hh0
References: <RT-Ticket-51109 [...] rt.cpan.org> <rt-3.6.HEAD-2591-1257356060-1180.51109-6-0 [...] rt.cpan.org> <1257357117-sup-1820 [...] utwig> <rt-3.6.HEAD-9524-1257357596-216.51109-15-0 [...] rt.cpan.org>
X-Ironport-Anti-Spam-Filtered: true
Message-ID: <4AF6FAAE.50807 [...] babyl.dyndns.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
X-RT-Original-Encoding: utf-8
X-Ironport-Av: E=Sophos;i="4.44,704,1249272000"; d="scan'208";a="48882279"
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 8EBDD4D801D for <bug-CGI.pm [...] rt.cpan.org>; Sun, 8 Nov 2009 21:02:59 -0500 (EST)
Received: (qmail 1293 invoked by uid 103); 8 Nov 2009 17:02:57 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 8 Nov 2009 17:02:57 -0000
Received: from ironport2-out.teksavvy.com (HELO ironport2-out.pppoe.ca) (206.248.154.181) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Sun, 08 Nov 2009 09:02:56 -0800
Received: from 206-248-138-252.dsl.teksavvy.com (HELO gilgamesh.babyl.dyndns.org) ([206.248.138.252]) by ironport2-out.pppoe.ca with ESMTP; 08 Nov 2009 12:02:51 -0500
Received: by gilgamesh.babyl.dyndns.org (Postfix, from userid 65534) id 0159A43A6B; Sun, 8 Nov 2009 12:57:17 -0500 (EST)
Received: from [192.168.0.103] (enkidu [192.168.0.103]) by gilgamesh.babyl.dyndns.org (Postfix) with ESMTP id 92AD7439E5 for <bug-CGI.pm [...] rt.cpan.org>; Sun, 8 Nov 2009 12:57:02 -0500 (EST)
Delivered-To: cpan-bug+CGI.pm [...] diesel.bestpractical.com
User-Agent: Thunderbird 2.0.0.9 (X11/20071031)
Subject: Re: [rt.cpan.org #51109] Infinite-length reads with Content-Length: 0
Return-Path: <yanick [...] babyl.dyndns.org>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-CGI.pm [...] rt.cpan.org
X-Old-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=disabled version=3.2.4
Date: Sun, 08 Nov 2009 12:06:54 -0500
X-Old-Spam-Level:
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on gilgamesh.babyl.dyndns.org
To: bug-CGI.pm [...] rt.cpan.org
Content-Transfer-Encoding: 7bit
From: Yanick Champoux <yanick [...] babyl.dyndns.org>
RT-Message-ID: <rt-3.6.HEAD-2591-1257732192-760.51109-0-0 [...] rt.cpan.org>
Content-Length: 137
Download (untitled) / with headers
text/plain 137b
Alex Vandiver via RT wrote: Show quoted text
> Attached is a trivial documentation patch I noticed in passing, in > addition.
Patch applied. Thanks!
X-Spam-Status: No, hits=-0.0 required=8.0 tests=SPF_PASS
In-Reply-To: <rt-3.6.HEAD-2591-1257358550-47.51109-6-0 [...] rt.cpan.org>
References: <RT-Ticket-51109 [...] rt.cpan.org> <rt-3.6.HEAD-2591-1257356060-1180.51109-6-0 [...] rt.cpan.org> <1257357117-sup-1820 [...] utwig> <rt-3.6.HEAD-9524-1257357596-216.51109-5-0 [...] rt.cpan.org> <20091104131534.6cea53a8 [...] summersault.com> <rt-3.6.HEAD-2591-1257358550-47.51109-6-0 [...] rt.cpan.org>
Content-Type: text/plain; charset=UTF-8
Message-ID: <1258579491-sup-6116 [...] utwig>
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 750A54D801F for <bug-cgi.pm [...] rt.cpan.org>; Wed, 18 Nov 2009 16:25:59 -0500 (EST)
Received: (qmail 8332 invoked by uid 103); 18 Nov 2009 21:25:58 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 18 Nov 2009 21:25:58 -0000
Received: from chmrr.net (HELO utwig.chmrr.net) (209.67.253.66) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Wed, 18 Nov 2009 13:25:57 -0800
Received: from chmrr by utwig.chmrr.net with local (Exim 4.69) (envelope-from <chmrr [...] chmrr.net>) id 1NAs2E-0005wv-ES for bug-cgi.pm [...] rt.cpan.org; Wed, 18 Nov 2009 16:25:54 -0500
Delivered-To: cpan-bug+cgi.pm [...] diesel.bestpractical.com
User-Agent: Sup/git
Subject: Re: [rt.cpan.org #51109] Infinite-length reads with Content-Length: 0
Return-Path: <chmrr [...] chmrr.net>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-cgi.pm [...] rt.cpan.org
Date: Wed, 18 Nov 2009 16:25:54 -0500
X-Spam-Level: *
To: bug-CGI.pm <bug-cgi.pm [...] rt.cpan.org>
Content-Transfer-Encoding: 8bit
From: Alex Vandiver <chmrr [...] chmrr.net>
RT-Message-ID: <rt-3.6.HEAD-6514-1258579574-255.51109-0-0 [...] rt.cpan.org>
Content-Length: 396
Download (untitled) / with headers
text/plain 396b
At Wed Nov 04 13:15:52 -0500 2009, mark@summersault.com via RT wrote: Show quoted text
> Thanks. I'll try to finish preparing a new release to recommend to > Lincoln soon.
Has there been any progress on this? I'd like to release a new version of jifty which depends on a fixed version of CGI.pm, as more people are running into this in the wild. - Alex -- Networking -- only one letter away from not working
MIME-Version: 1.0
X-Spam-Status: No, hits=-0.0 required=8.0 tests=SPF_PASS
In-Reply-To: <rt-3.6.HEAD-6514-1258579574-255.51109-5-0 [...] rt.cpan.org>
X-Mailer: Claws Mail 3.7.3 (GTK+ 2.12.9; i486-pc-linux-gnu)
References: <RT-Ticket-51109 [...] rt.cpan.org> <rt-3.6.HEAD-2591-1257356060-1180.51109-6-0 [...] rt.cpan.org> <1257357117-sup-1820 [...] utwig> <rt-3.6.HEAD-9524-1257357596-216.51109-5-0 [...] rt.cpan.org> <20091104131534.6cea53a8 [...] summersault.com> <rt-3.6.HEAD-2591-1257358550-47.51109-6-0 [...] rt.cpan.org> <1258579491-sup-6116 [...] utwig> <rt-3.6.HEAD-6514-1258579574-255.51109-5-0 [...] rt.cpan.org>
Message-ID: <20091118163327.2edd02d5 [...] summersault.com>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 26B524D801F for <bug-CGI.pm [...] rt.cpan.org>; Wed, 18 Nov 2009 16:33:34 -0500 (EST)
Received: (qmail 32314 invoked by uid 103); 18 Nov 2009 21:33:33 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 18 Nov 2009 21:33:33 -0000
Received: from tanagra.summersault.com (HELO tanagra.summersault.com) (12.161.105.149) by 16.mx.develooper.com (qpsmtpd/0.80) with SMTP; Wed, 18 Nov 2009 13:33:32 -0800
Received: (qmail 4855 invoked from network); 18 Nov 2009 16:33:27 -0500
Received: from simba.summersault.com (HELO localhost) (192.168.97.182) by tanagra.summersault.com with SMTP; 18 Nov 2009 16:33:27 -0500
Delivered-To: cpan-bug+CGI.pm [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #51109] Infinite-length reads with Content-Length: 0
Return-Path: <mark [...] summersault.com>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-CGI.pm [...] rt.cpan.org
Date: Wed, 18 Nov 2009 16:33:27 -0500
X-Spam-Level: *
To: bug-CGI.pm [...] rt.cpan.org
Content-Transfer-Encoding: 7bit
From: Mark Stosberg <mark [...] summersault.com>
RT-Message-ID: <rt-3.6.HEAD-6514-1258580023-1227.51109-0-0 [...] rt.cpan.org>
Content-Length: 717
Download (untitled) / with headers
text/plain 717b
On Wed, 18 Nov 2009 16:26:15 -0500 "Alex Vandiver via RT" <bug-CGI.pm@rt.cpan.org> wrote: Show quoted text
> Queue: CGI.pm > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=51109 > > > At Wed Nov 04 13:15:52 -0500 2009, mark@summersault.com via RT wrote:
> > Thanks. I'll try to finish preparing a new release to recommend to > > Lincoln soon.
> > Has there been any progress on this? I'd like to release a new > version of jifty which depends on a fixed version of CGI.pm, as more > people are running into this in the wild.
Alex, There is not been progress on this, although I do hear your request for some. In the meantime, feel free to depend on an older version of CGI.pm that meets your needs. Mark
X-Spam-Status: No, hits=-0.0 required=8.0 tests=SPF_PASS
In-Reply-To: <rt-3.6.HEAD-6514-1258580023-1227.51109-6-0 [...] rt.cpan.org>
References: <RT-Ticket-51109 [...] rt.cpan.org> <rt-3.6.HEAD-2591-1257356060-1180.51109-6-0 [...] rt.cpan.org> <1257357117-sup-1820 [...] utwig> <rt-3.6.HEAD-9524-1257357596-216.51109-5-0 [...] rt.cpan.org> <20091104131534.6cea53a8 [...] summersault.com> <rt-3.6.HEAD-2591-1257358550-47.51109-6-0 [...] rt.cpan.org> <1258579491-sup-6116 [...] utwig> <rt-3.6.HEAD-6514-1258579574-255.51109-5-0 [...] rt.cpan.org> <20091118163327.2edd02d5 [...] summersault.com> <rt-3.6.HEAD-6514-1258580023-1227.51109-6-0 [...] rt.cpan.org>
Content-Type: text/plain; charset=UTF-8
Message-ID: <1258617437-sup-7429 [...] utwig>
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 89CB24D801F for <bug-cgi.pm [...] rt.cpan.org>; Thu, 19 Nov 2009 03:00:58 -0500 (EST)
Received: (qmail 23145 invoked by uid 103); 19 Nov 2009 08:00:57 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 19 Nov 2009 08:00:57 -0000
Received: from chmrr.net (HELO utwig.chmrr.net) (209.67.253.66) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Thu, 19 Nov 2009 00:00:57 -0800
Received: from chmrr by utwig.chmrr.net with local (Exim 4.69) (envelope-from <chmrr [...] chmrr.net>) id 1NB1wk-0006pI-AT for bug-cgi.pm [...] rt.cpan.org; Thu, 19 Nov 2009 03:00:54 -0500
Delivered-To: cpan-bug+cgi.pm [...] diesel.bestpractical.com
User-Agent: Sup/git
Subject: Re: [rt.cpan.org #51109] Infinite-length reads with Content-Length: 0
Return-Path: <chmrr [...] chmrr.net>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-cgi.pm [...] rt.cpan.org
Date: Thu, 19 Nov 2009 03:00:54 -0500
X-Spam-Level: *
To: bug-CGI.pm <bug-cgi.pm [...] rt.cpan.org>
Content-Transfer-Encoding: 8bit
From: Alex Vandiver <chmrr [...] chmrr.net>
RT-Message-ID: <rt-3.6.HEAD-6514-1258617667-921.51109-0-0 [...] rt.cpan.org>
Content-Length: 560
Download (untitled) / with headers
text/plain 560b
At Wed Nov 18 16:33:44 -0500 2009, mark@summersault.com via RT wrote: Show quoted text
> feel free to depend on an older version of CGI.pm that meets your > needs.
The difficulty is it is hard to depend on "CGI.pm <= 3.43," and that doesn't prevent some well-meaning person from breakages down the line when they upgrade to the latest-and-greatest CGI.pm later. Show quoted text
> There is not been progress on this, although I do hear your request for > some.
Is there anything I can do to help prep the dist for a release? - Alex -- Networking -- only one letter away from not working
MIME-Version: 1.0
X-Spam-Status: No, hits=-0.0 required=8.0 tests=SPF_PASS
In-Reply-To: <rt-3.6.HEAD-6514-1258617667-921.51109-5-0 [...] rt.cpan.org>
X-Mailer: Claws Mail 3.7.3 (GTK+ 2.12.9; i486-pc-linux-gnu)
References: <RT-Ticket-51109 [...] rt.cpan.org> <rt-3.6.HEAD-2591-1257356060-1180.51109-6-0 [...] rt.cpan.org> <1257357117-sup-1820 [...] utwig> <rt-3.6.HEAD-9524-1257357596-216.51109-5-0 [...] rt.cpan.org> <rt-3.6.HEAD-2591-1257358550-47.51109-6-0 [...] rt.cpan.org> <1258579491-sup-6116 [...] utwig> <rt-3.6.HEAD-6514-1258579574-255.51109-5-0 [...] rt.cpan.org> <20091118163327.2edd02d5 [...] summersault.com> <rt-3.6.HEAD-6514-1258580023-1227.51109-6-0 [...] rt.cpan.org> <1258617437-sup-7429 [...] utwig> <rt-3.6.HEAD-6514-1258617667-921.51109-5-0 [...] rt.cpan.org>
Message-ID: <20091119093315.0cf1abf4 [...] summersault.com>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id CA5444D8027 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 19 Nov 2009 09:33:22 -0500 (EST)
Received: (qmail 19108 invoked by uid 103); 19 Nov 2009 14:33:21 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 19 Nov 2009 14:33:21 -0000
Received: from tanagra.summersault.com (HELO tanagra.summersault.com) (12.161.105.149) by 16.mx.develooper.com (qpsmtpd/0.80) with SMTP; Thu, 19 Nov 2009 06:33:20 -0800
Received: (qmail 11228 invoked from network); 19 Nov 2009 09:33:16 -0500
Received: from simba.summersault.com (HELO localhost) (192.168.97.182) by tanagra.summersault.com with SMTP; 19 Nov 2009 09:33:16 -0500
Delivered-To: cpan-bug+CGI.pm [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #51109] Infinite-length reads with Content-Length: 0
Return-Path: <mark [...] summersault.com>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-CGI.pm [...] rt.cpan.org
Date: Thu, 19 Nov 2009 09:33:15 -0500
X-Spam-Level: *
To: bug-CGI.pm [...] rt.cpan.org
Content-Transfer-Encoding: 7bit
From: Mark Stosberg <mark [...] summersault.com>
RT-Message-ID: <rt-3.6.HEAD-6514-1258641211-3.51109-0-0 [...] rt.cpan.org>
Content-Length: 1229
Download (untitled) / with headers
text/plain 1.2k
Show quoted text
> The difficulty is it is hard to depend on "CGI.pm <= 3.43," and that > doesn't prevent some well-meaning person from breakages down the line > when they upgrade to the latest-and-greatest CGI.pm later.
Understood. You also have the option to distribute a private copy (which I realize has it's own drawbacks). Show quoted text
> > There is not been progress on this, although I do hear your request for > > some.
> > Is there anything I can do to help prep the dist for a release?
Yes. You could peer-review and comment on Yanick's patch for this other bug: http://rt.cpan.org/Public/Bug/Display.html?id=50576 I was just getting to that last night when I ran out of time. Do you see a problem alway sending Expires and Max-Age? Is it important to have the options provided to turn off one or the other? I would prefer the simplicity of not having extra options if they aren't needed (or can be reasonably deferred until later when the need is clearer). Mark -- . . . . . . . . . . . . . . . . . . . . . . . . . . . Mark Stosberg Principal Developer mark@summersault.com Summersault, LLC 765-939-9301 ext 202 database driven websites . . . . . http://www.summersault.com/ . . . . . . . .
MIME-Version: 1.0
Subject: CGI.pm release recommended, due to fix for "Infinite-length reads with Content-Length: 0"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Charset: utf8
Content-Type: text/plain
Message-ID: <rt-3.6.HEAD-6514-1259029804-1626.51109-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: lds [...] cpan.org, yanick%2Bcpan [...] babyl.dyndns.org
Content-Length: 817
Download (untitled) / with headers
text/plain 817b
Lincoln, I have now prepared a recommended release for CGI.pm 3.49 in my github "master" branch. My prep work includes updating the Changes file and bumping the versions. The release recommendation centers around the fix provided through this ticket for a regression introduced in 3.44 as part of improving something else. Just another small bug fix and a documentation update are also included. Here are the updates as they framed in the "Changes" file: ### [BUG FIXES] 1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0". Thanks to Alex Vandiver (RT#51109) 2. Suppress uninitialized warnings under -w. Thanks to burak. (RT#50301) [DOCUMENTATION] 1. README was updated to reflect that CGI.pm was moved under ./lib. Thanks to Alex Vandiver.
MIME-Version: 1.0
Subject: Infinite-length reads with Content-Length: 0 (a second look)
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Charset: utf8
Content-Type: text/plain
Message-ID: <rt-3.6.HEAD-9877-1260415231-898.51109-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: lds [...] cpan.org, yanick%2Bcpan [...] babyl.dyndns.org, pi [...] complx.LF.net
Content-Length: 1108
I have looked again at this, it appears that the related change between 3.43 and 3.44 strayed from the RFC: The patch was described as: "Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown." And can be seen here: http://search.cpan.org/diff?from=CGI.pm-3.43&to=CGI.pm-3.44 The new behavior seems to be in conflict with the CGI RFC, particularly section 4.1.2: " The server MUST set [Content-Length] if and only if the request is accompanied by a message-body entity." http://www.ietf.org/rfc/rfc3875 So the behavior to read from STDIN when content-length is missing appears to be wrong. The same change in the 3.44 release also caused a second bug: #52469: PUT method with empty body seems to freeze CGI->new() http://rt.cpan.org/Public/Bug/Display.html?id=52469 So, rather than accepting the patch as it is proposed, I now recommend that we back-out the related update in 3.44. There appear to be several "Kurt Jaegers" in the world. I'm copying one of them who is hopefully the right one and can provide some more context about the original patch. Mark
CC: lds [...] cpan.org, yanick%2Bcpan [...] babyl.dyndns.org, pi [...] complx.lf.net, pi [...] opsec.eu
MIME-Version: 1.0
X-Spam-Status: No, hits=0.0 required=8.0 tests=DK_SIGNED,HTML_MESSAGE,SPF_PASS
In-Reply-To: <rt-3.6.HEAD-9877-1260415231-898.51109-7-0 [...] rt.cpan.org>
References: <RT-Ticket-51109 [...] rt.cpan.org> <rt-3.6.HEAD-9877-1260415231-898.51109-7-0 [...] rt.cpan.org>
X-Virus-Checked: Checked by ClamAV on 16.mx.develooper.com
Message-ID: <6dce9a0b0912101059i6817565csdb6a86bd18a7dc1f [...] mail.gmail.com>
Content-Type: multipart/alternative; boundary=000e0ce0d4a0a6b4da047a64683e
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 9FC9F4D8025 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 10 Dec 2009 13:59:44 -0500 (EST)
Received: (qmail 13758 invoked by uid 103); 10 Dec 2009 18:59:44 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 10 Dec 2009 18:59:44 -0000
Received: from mail-ew0-f211.google.com (HELO mail-ew0-f211.google.com) (209.85.219.211) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Thu, 10 Dec 2009 10:59:41 -0800
Received: by ewy3 with SMTP id 3so193479ewy.13 for <bug-CGI.pm [...] rt.cpan.org>; Thu, 10 Dec 2009 10:59:38 -0800 (PST)
Received: by 10.213.2.84 with SMTP id 20mr3049096ebi.90.1260471577915; Thu, 10 Dec 2009 10:59:37 -0800 (PST)
Delivered-To: cpan-bug+CGI.pm [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #51109] Infinite-length reads with Content-Length: 0 (a second look)
Domainkey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=H76zTtxUQ06cJmo41G3eX0oQk/kbAkwL6GxLIwVojeKuT0GVp0EIvwDh1p4KJZULNS pcUL64OAYj1i2M7qh3j3/iY8XZ5gNLzV2LsAeefU0mDhc9NEg7F1TNrNYt8IGQYk0YvH XCRNIqorIKVA+z8NbTxBsRswPwTLDntutlQPU=
Return-Path: <lincoln.stein [...] gmail.com>
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=t1ZxDUlFXRgQ0cgspLc93uIVszTh5b89U+rZbebH/aI=; b=ccJaqXYERCqetfsQpEjfvsiHcByaSilUA6D+cCkkqqrN3JiwKtdngJJtj9JEb0S00M 41G9Uwzq24YZRz+AJ4y794Oi7kxEbrGg9BsDTWq52IXkuN+G1PRjqFvm2QRyUC0cpvJn uNgEAC5IW0Lr+zFmW+uyI/c+sBv2SYwHO3DTY=
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-CGI.pm [...] rt.cpan.org
Date: Thu, 10 Dec 2009 13:59:37 -0500
X-Spam-Level: *
To: bug-CGI.pm [...] rt.cpan.org
From: Lincoln Stein <lincoln.stein [...] gmail.com>
RT-Message-ID: <rt-3.6.HEAD-9877-1260471594-1155.51109-0-0 [...] rt.cpan.org>
Content-Length: 0
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Content-Length: 1670
Download (untitled) / with headers
text/plain 1.6k
Here's the Kurt Jaeger who submitted the original PUT patch. Sorry I didn't catch that it breaks RFC behavior: Kurt Jaeger <pi@opsec.eu> Lincoln On Wed, Dec 9, 2009 at 10:20 PM, MARKSTOS via RT <bug-CGI.pm@rt.cpan.org>wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=51109 > > > I have looked again at this, it appears that the related change between > 3.43 and 3.44 strayed from the RFC: > > The patch was described as: > "Patch from Kurt Jaeger to allow HTTP PUT even if the content length is > unknown." > > And can be seen here: > http://search.cpan.org/diff?from=CGI.pm-3.43&to=CGI.pm-3.44 > > The new behavior seems to be in conflict with the CGI RFC, particularly > section 4.1.2: > > " The server MUST set [Content-Length] if and only if the request is > accompanied by a message-body entity." > http://www.ietf.org/rfc/rfc3875 > > So the behavior to read from STDIN when content-length is missing > appears to be wrong. > > The same change in the 3.44 release also caused a second bug: > > #52469: PUT method with empty body seems to freeze CGI->new() > http://rt.cpan.org/Public/Bug/Display.html?id=52469 > > So, rather than accepting the patch as it is proposed, I now recommend > that we back-out the related update in 3.44. > > There appear to be several "Kurt Jaegers" in the world. I'm copying one > of them who is hopefully the right one and can provide some more context > about the original patch. > > Mark >
-- Lincoln D. Stein Director, Informatics and Biocomputing Platform Ontario Institute for Cancer Research 101 College St., Suite 800 Toronto, ON, Canada M5G0A3 416 673-8514 Assistant: Renata Musa <Renata.Musa@oicr.on.ca>
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Content-Length: 2798
CC: bug-CGI.pm [...] rt.cpan.org, lds [...] cpan.org, yanick%2Bcpan [...] babyl.dyndns.org, pi [...] complx.lf.net
MIME-Version: 1.0
X-Spam-Status: No, hits=0.0 required=8.0 tests=
In-Reply-To: <6dce9a0b0912101059i6817565csdb6a86bd18a7dc1f [...] mail.gmail.com>
Content-Disposition: inline
References: <RT-Ticket-51109 [...] rt.cpan.org> <rt-3.6.HEAD-9877-1260415231-898.51109-7-0 [...] rt.cpan.org> <6dce9a0b0912101059i6817565csdb6a86bd18a7dc1f [...] mail.gmail.com>
Message-ID: <20091210214654.GQ2098 [...] home.opsec.eu>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 9052B4D817A for <bug-CGI.pm [...] rt.cpan.org>; Thu, 10 Dec 2009 16:47:02 -0500 (EST)
Received: (qmail 25112 invoked by uid 103); 10 Dec 2009 21:47:01 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 10 Dec 2009 21:47:01 -0000
Received: from home.c0mplx.org (HELO home.opsec.eu) (213.178.180.1) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Thu, 10 Dec 2009 13:46:59 -0800
Received: from pi by home.opsec.eu with local (Exim 4.71 (FreeBSD)) (envelope-from <pi [...] opsec.eu>) id 1NIqqc-000FCE-PS; Thu, 10 Dec 2009 22:46:54 +0100
Delivered-To: cpan-bug+CGI.pm [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #51109] Infinite-length reads with Content-Length: 0 (a second look)
Return-Path: <pi [...] opsec.eu>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-CGI.pm [...] rt.cpan.org
Date: Thu, 10 Dec 2009 22:46:54 +0100
X-Spam-Level: *
To: Lincoln Stein <lincoln.stein [...] gmail.com>
From: Kurt Jaeger <pi [...] opsec.eu>
RT-Message-ID: <rt-3.6.HEAD-9877-1260481633-797.51109-0-0 [...] rt.cpan.org>
Content-Length: 482
Download (untitled) / with headers
text/plain 482b
Hi! Show quoted text
> Here's the Kurt Jaeger who submitted the original PUT patch. Sorry I didn't > catch that it breaks RFC behavior:
That's me, the same guy (old and new mail address). I was not aware that it breaks RFC specs. But then it works with my scanner. I'll get in touch with the manufacturer... P.S.: I'm not yet ready to cite the IETF mantra "be liberal in what you accept", but I'm close 8-))) -- pi@opsec.eu +49 171 3101372 11 years to go !
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Type: text/plain; charset="UTF-8"
Message-ID: <rt-3.8.HEAD-14831-1265426651-968.51109-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 69
I believe this fix was released today with the 3.49 release of CGI.pm


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.