Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-HTTP-Message for
openSUSE:Factory checked in at 2022-10-16 16:08:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-HTTP-Message (Old)
and /work/SRC/openSUSE:Factory/.perl-HTTP-Message.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-HTTP-Message"
Sun Oct 16 16:08:56 2022 rev:35 rq:1010993 version:6.41
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-HTTP-Message/perl-HTTP-Message.changes
2022-06-21 17:15:21.994342872 +0200
+++
/work/SRC/openSUSE:Factory/.perl-HTTP-Message.new.2275/perl-HTTP-Message.changes
2022-10-16 16:09:00.674725930 +0200
@@ -1,0 +2,27 @@
+Thu Oct 13 03:08:25 UTC 2022 - Tina M??ller <[email protected]>
+
+- updated to 6.41
+ see /usr/share/doc/packages/perl-HTTP-Message/Changes
+
+ 6.41 2022-10-12 15:57:40Z
+ - Add maximum size for HTTP::Message->decoded_content
+ This can be used to limit the size of a decompressed HTTP response,
+ especially when making requests to untrusted or user-specified servers.
+ The $HTTP::Message::MAXIMUM_BODY_SIZE variable and the ->max_body_size
+ accessor can set this limit. (GH#181) (Max Maischein)
+ 6.40 2022-10-12 15:45:52Z
+ - Fixed two typos in the doc, originally reported by FatherC
+ in RT#90716, ported over as GH#57. (GH#57) (Neil Bowers)
+ 6.39 2022-10-08 13:48:26Z
+ - Remove Travis config (GH#180) (Olaf Alders)
+ - Added status_constant_name() which maps status code
+ to the name of the corresponding constant. (GH#160) (Neil Bowers)
+ - Updated the doc for status_message() to clarify that it
+ returns "Not Found" and not "HTTP_NOT_FOUND". (GH#160) (Neil Bowers)
+ 6.38 2022-10-06 21:48:18Z
+ - Replace "base" with "parent" (GH#176) (James Raspass)
+ - Replace "print" with "note" in tests (GH#178) (James Raspass)
+ - Noted that OPTIONS supported was added in 6.1, to the doc
+ for HTTP::Request::Common. Addresses GH#177. (GH#179) (Neil Bowers)
+
+-------------------------------------------------------------------
Old:
----
HTTP-Message-6.37.tar.gz
New:
----
HTTP-Message-6.41.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-HTTP-Message.spec ++++++
--- /var/tmp/diff_new_pack.0mYIfP/_old 2022-10-16 16:09:01.202727168 +0200
+++ /var/tmp/diff_new_pack.0mYIfP/_new 2022-10-16 16:09:01.206727177 +0200
@@ -18,7 +18,7 @@
%define cpan_name HTTP-Message
Name: perl-HTTP-Message
-Version: 6.37
+Version: 6.41
Release: 0
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: HTTP style message (base class)
@@ -28,6 +28,7 @@
BuildArch: noarch
BuildRequires: perl
BuildRequires: perl-macros
+BuildRequires: perl(Compress::Raw::Bzip2)
BuildRequires: perl(Compress::Raw::Zlib)
BuildRequires: perl(Encode) >= 3.01
BuildRequires: perl(Encode::Locale) >= 1
@@ -46,6 +47,8 @@
BuildRequires: perl(Try::Tiny)
BuildRequires: perl(URI) >= 1.10
BuildRequires: perl(URI::URL)
+BuildRequires: perl(parent)
+Requires: perl(Compress::Raw::Bzip2)
Requires: perl(Compress::Raw::Zlib)
Requires: perl(Encode) >= 3.01
Requires: perl(Encode::Locale) >= 1
@@ -60,6 +63,7 @@
Requires: perl(IO::Uncompress::RawInflate)
Requires: perl(LWP::MediaTypes) >= 6
Requires: perl(URI) >= 1.10
+Requires: perl(parent)
Recommends: perl(IO::Compress::Brotli) >= 0.004001
Recommends: perl(IO::Uncompress::Brotli) >= 0.004001
%{perl_requires}
@@ -172,12 +176,12 @@
* 'charset'
-This override the charset parameter for text content. The value 'none' can
+This overrides the charset parameter for text content. The value 'none' can
used to suppress decoding of the charset.
* 'default_charset'
-This override the default charset guessed by content_charset() or if that
+This overrides the default charset guessed by content_charset() or if that
fails "ISO-8859-1".
* 'alt_charset'
++++++ HTTP-Message-6.37.tar.gz -> HTTP-Message-6.41.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/CONTRIBUTORS
new/HTTP-Message-6.41/CONTRIBUTORS
--- old/HTTP-Message-6.37/CONTRIBUTORS 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/CONTRIBUTORS 2022-10-12 17:57:48.000000000 +0200
@@ -40,6 +40,7 @@
* Ian Kilgore
* Jacob J
* Jakub Wilk
+ * James Raspass
* jefflee
* Jerome Eteve
* john9art
@@ -58,6 +59,7 @@
* Mike Schilli
* murphy
* nanto_vi, TOYAMA Nao
+ * Neil Bowers
* Olaf Alders
* Olivier Mengu??
* Ondrej Hanak
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/Changes
new/HTTP-Message-6.41/Changes
--- old/HTTP-Message-6.37/Changes 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/Changes 2022-10-12 17:57:48.000000000 +0200
@@ -1,5 +1,29 @@
Revision history for HTTP-Message
+6.41 2022-10-12 15:57:40Z
+ - Add maximum size for HTTP::Message->decoded_content
+ This can be used to limit the size of a decompressed HTTP response,
+ especially when making requests to untrusted or user-specified servers.
+ The $HTTP::Message::MAXIMUM_BODY_SIZE variable and the ->max_body_size
+ accessor can set this limit. (GH#181) (Max Maischein)
+
+6.40 2022-10-12 15:45:52Z
+ - Fixed two typos in the doc, originally reported by FatherC
+ in RT#90716, ported over as GH#57. (GH#57) (Neil Bowers)
+
+6.39 2022-10-08 13:48:26Z
+ - Remove Travis config (GH#180) (Olaf Alders)
+ - Added status_constant_name() which maps status code
+ to the name of the corresponding constant. (GH#160) (Neil Bowers)
+ - Updated the doc for status_message() to clarify that it
+ returns "Not Found" and not "HTTP_NOT_FOUND". (GH#160) (Neil Bowers)
+
+6.38 2022-10-06 21:48:18Z
+ - Replace "base" with "parent" (GH#176) (James Raspass)
+ - Replace "print" with "note" in tests (GH#178) (James Raspass)
+ - Noted that OPTIONS supported was added in 6.1, to the doc
+ for HTTP::Request::Common. Addresses GH#177. (GH#179) (Neil Bowers)
+
6.37 2022-06-14 14:08:55Z
- Support for Brotli "br" encoding (GH#163) (trizen and Julien Fiegehenn)
- Don't test Perl > 5.32 on Windows in GH Actions (GH#174) (Olaf Alders)
@@ -69,6 +93,7 @@
- Revert (GH#125) "try hard to make a usable file name" (GH#130) (Olaf
Alders)
- Fix JSON request encoding examples in POD (GH#126) (Michael Schout)
+ - Added support for OPTIONS requests.
6.20 2019-02-05 01:46:39Z (TRIAL RELEASE)
- Fix encoded file names when LC_ALL=C (GH#125) (Lars D?????????????????
?????????)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/MANIFEST
new/HTTP-Message-6.41/MANIFEST
--- old/HTTP-Message-6.37/MANIFEST 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/MANIFEST 2022-10-12 17:57:48.000000000 +0200
@@ -34,7 +34,10 @@
t/lib/Secret.pm
t/message-brotli.t
t/message-charset.t
+t/message-decode-brotlibomb.t
+t/message-decode-bzipbomb.t
t/message-decode-xml.t
+t/message-decode-zipbomb.t
t/message-old.t
t/message-parts.t
t/message.t
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/META.json
new/HTTP-Message-6.41/META.json
--- old/HTTP-Message-6.37/META.json 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/META.json 2022-10-12 17:57:48.000000000 +0200
@@ -52,6 +52,7 @@
},
"requires" : {
"Carp" : "0",
+ "Compress::Raw::Bzip2" : "0",
"Compress::Raw::Zlib" : "0",
"Encode" : "3.01",
"Encode::Locale" : "1",
@@ -70,7 +71,7 @@
"MIME::Base64" : "2.1",
"MIME::QuotedPrint" : "0",
"URI" : "1.10",
- "base" : "0",
+ "parent" : "0",
"perl" : "5.008001",
"strict" : "0",
"warnings" : "0"
@@ -115,7 +116,7 @@
"x_IRC" : "irc://irc.perl.org/#lwp",
"x_MailingList" : "mailto:[email protected]";
},
- "version" : "6.37",
+ "version" : "6.41",
"x_Dist_Zilla" : {
"perl" : {
"version" : "5.036000"
@@ -278,7 +279,7 @@
}
},
"name" : "@Author::OALDERS/Test::Portability",
- "version" : "2.001000"
+ "version" : "2.001001"
},
{
"class" : "Dist::Zilla::Plugin::TestRelease",
@@ -480,7 +481,7 @@
"changelog" : "Changes"
},
"Dist::Zilla::Role::Git::Repo" : {
- "git_version" : "2.36.1",
+ "git_version" : "2.38.0",
"repo_root" : "."
}
},
@@ -491,7 +492,7 @@
"class" : "Dist::Zilla::Plugin::Git::Contributors",
"config" : {
"Dist::Zilla::Plugin::Git::Contributors" : {
- "git_version" : "2.36.1",
+ "git_version" : "2.38.0",
"include_authors" : 0,
"include_releaser" : 1,
"order_by" : "name",
@@ -600,7 +601,7 @@
"changelog" : "Changes"
},
"Dist::Zilla::Role::Git::Repo" : {
- "git_version" : "2.36.1",
+ "git_version" : "2.38.0",
"repo_root" : "."
},
"Dist::Zilla::Role::Git::StringFormatter" : {
@@ -617,12 +618,12 @@
"branch" : null,
"changelog" : "Changes",
"signed" : 0,
- "tag" : "v6.37",
+ "tag" : "v6.41",
"tag_format" : "v%V",
"tag_message" : "v%V"
},
"Dist::Zilla::Role::Git::Repo" : {
- "git_version" : "2.36.1",
+ "git_version" : "2.38.0",
"repo_root" : "."
},
"Dist::Zilla::Role::Git::StringFormatter" : {
@@ -673,7 +674,7 @@
"changelog" : "Changes"
},
"Dist::Zilla::Role::Git::Repo" : {
- "git_version" : "2.36.1",
+ "git_version" : "2.38.0",
"repo_root" : "."
},
"Dist::Zilla::Role::Git::StringFormatter" : {
@@ -693,7 +694,7 @@
"remotes_must_exist" : 1
},
"Dist::Zilla::Role::Git::Repo" : {
- "git_version" : "2.36.1",
+ "git_version" : "2.38.0",
"repo_root" : "."
}
},
@@ -862,6 +863,7 @@
"Ian Kilgore <[email protected]>",
"Jacob J <[email protected]>",
"Jakub Wilk <[email protected]>",
+ "James Raspass <[email protected]>",
"jefflee <[email protected]>",
"Jerome Eteve <[email protected]>",
"john9art <[email protected]>",
@@ -880,6 +882,7 @@
"Mike Schilli <[email protected]>",
"murphy <[email protected]>",
"nanto_vi, TOYAMA Nao <[email protected]>",
+ "Neil Bowers <[email protected]>",
"Olaf Alders <[email protected]>",
"Olivier Mengu\u00e9 <[email protected]>",
"Ondrej Hanak <[email protected]>",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/META.yml
new/HTTP-Message-6.41/META.yml
--- old/HTTP-Message-6.37/META.yml 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/META.yml 2022-10-12 17:57:48.000000000 +0200
@@ -35,6 +35,7 @@
IO::Uncompress::Brotli: '0.004001'
requires:
Carp: '0'
+ Compress::Raw::Bzip2: '0'
Compress::Raw::Zlib: '0'
Encode: '3.01'
Encode::Locale: '1'
@@ -53,7 +54,7 @@
MIME::Base64: '2.1'
MIME::QuotedPrint: '0'
URI: '1.10'
- base: '0'
+ parent: '0'
perl: '5.008001'
strict: '0'
warnings: '0'
@@ -63,7 +64,7 @@
bugtracker: https://github.com/libwww-perl/HTTP-Message/issues
homepage: https://github.com/libwww-perl/HTTP-Message
repository: https://github.com/libwww-perl/HTTP-Message.git
-version: '6.37'
+version: '6.41'
x_Dist_Zilla:
perl:
version: '5.036000'
@@ -189,7 +190,7 @@
Dist::Zilla::Plugin::Test::Portability:
options: ''
name: '@Author::OALDERS/Test::Portability'
- version: '2.001000'
+ version: '2.001001'
-
class: Dist::Zilla::Plugin::TestRelease
name: '@Author::OALDERS/TestRelease'
@@ -347,7 +348,7 @@
allow_dirty_match: []
changelog: Changes
Dist::Zilla::Role::Git::Repo:
- git_version: 2.36.1
+ git_version: 2.38.0
repo_root: .
name: '@Author::OALDERS/Git::Check'
version: '2.048'
@@ -355,7 +356,7 @@
class: Dist::Zilla::Plugin::Git::Contributors
config:
Dist::Zilla::Plugin::Git::Contributors:
- git_version: 2.36.1
+ git_version: 2.38.0
include_authors: 0
include_releaser: 1
order_by: name
@@ -439,7 +440,7 @@
allow_dirty_match: []
changelog: Changes
Dist::Zilla::Role::Git::Repo:
- git_version: 2.36.1
+ git_version: 2.38.0
repo_root: .
Dist::Zilla::Role::Git::StringFormatter:
time_zone: local
@@ -452,11 +453,11 @@
branch: ~
changelog: Changes
signed: 0
- tag: v6.37
+ tag: v6.41
tag_format: v%V
tag_message: v%V
Dist::Zilla::Role::Git::Repo:
- git_version: 2.36.1
+ git_version: 2.38.0
repo_root: .
Dist::Zilla::Role::Git::StringFormatter:
time_zone: local
@@ -494,7 +495,7 @@
- (?^:^lib/.*\.pm$)
changelog: Changes
Dist::Zilla::Role::Git::Repo:
- git_version: 2.36.1
+ git_version: 2.38.0
repo_root: .
Dist::Zilla::Role::Git::StringFormatter:
time_zone: local
@@ -508,7 +509,7 @@
- origin
remotes_must_exist: 1
Dist::Zilla::Role::Git::Repo:
- git_version: 2.36.1
+ git_version: 2.38.0
repo_root: .
name: '@Author::OALDERS/Git::Push'
version: '2.048'
@@ -643,6 +644,7 @@
- 'Ian Kilgore <[email protected]>'
- 'Jacob J <[email protected]>'
- 'Jakub Wilk <[email protected]>'
+ - 'James Raspass <[email protected]>'
- 'jefflee <[email protected]>'
- 'Jerome Eteve <[email protected]>'
- 'john9art <[email protected]>'
@@ -661,6 +663,7 @@
- 'Mike Schilli <[email protected]>'
- 'murphy <[email protected]>'
- 'nanto_vi, TOYAMA Nao <[email protected]>'
+ - 'Neil Bowers <[email protected]>'
- 'Olaf Alders <[email protected]>'
- 'Olivier Mengu?? <[email protected]>'
- 'Ondrej Hanak <[email protected]>'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/Makefile.PL
new/HTTP-Message-6.41/Makefile.PL
--- old/HTTP-Message-6.37/Makefile.PL 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/Makefile.PL 2022-10-12 17:57:48.000000000 +0200
@@ -18,6 +18,7 @@
"NAME" => "HTTP::Message",
"PREREQ_PM" => {
"Carp" => 0,
+ "Compress::Raw::Bzip2" => 0,
"Compress::Raw::Zlib" => 0,
"Encode" => "3.01",
"Encode::Locale" => 1,
@@ -36,7 +37,7 @@
"MIME::Base64" => "2.1",
"MIME::QuotedPrint" => 0,
"URI" => "1.10",
- "base" => 0,
+ "parent" => 0,
"strict" => 0,
"warnings" => 0
},
@@ -53,7 +54,7 @@
"lib" => 0,
"overload" => 0
},
- "VERSION" => "6.37",
+ "VERSION" => "6.41",
"test" => {
"TESTS" => "t/*.t"
}
@@ -62,6 +63,7 @@
my %FallbackPrereqs = (
"Carp" => 0,
+ "Compress::Raw::Bzip2" => 0,
"Compress::Raw::Zlib" => 0,
"Encode" => "3.01",
"Encode::Locale" => 1,
@@ -88,9 +90,9 @@
"Try::Tiny" => 0,
"URI" => "1.10",
"URI::URL" => 0,
- "base" => 0,
"lib" => 0,
"overload" => 0,
+ "parent" => 0,
"strict" => 0,
"warnings" => 0
);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/README.md
new/HTTP-Message-6.41/README.md
--- old/HTTP-Message-6.37/README.md 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/README.md 2022-10-12 17:57:48.000000000 +0200
@@ -4,11 +4,11 @@
# VERSION
-version 6.37
+version 6.41
# SYNOPSIS
- use base 'HTTP::Message';
+ use parent 'HTTP::Message';
# DESCRIPTION
@@ -115,12 +115,12 @@
- `charset`
- This override the charset parameter for text content. The value
+ This overrides the charset parameter for text content. The value
`none` can used to suppress decoding of the charset.
- `default_charset`
- This override the default charset guessed by content\_charset() or
+ This overrides the default charset guessed by content\_charset() or
if that fails "ISO-8859-1".
- `alt_charset`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/cpanfile
new/HTTP-Message-6.41/cpanfile
--- old/HTTP-Message-6.37/cpanfile 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/cpanfile 2022-10-12 17:57:48.000000000 +0200
@@ -2,6 +2,7 @@
# Do not edit this file directly. To change prereqs, edit the `dist.ini` file.
requires "Carp" => "0";
+requires "Compress::Raw::Bzip2" => "0";
requires "Compress::Raw::Zlib" => "0";
requires "Encode" => "3.01";
requires "Encode::Locale" => "1";
@@ -20,7 +21,7 @@
requires "MIME::Base64" => "2.1";
requires "MIME::QuotedPrint" => "0";
requires "URI" => "1.10";
-requires "base" => "0";
+requires "parent" => "0";
requires "perl" => "5.008001";
requires "strict" => "0";
requires "warnings" => "0";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Config.pm
new/HTTP-Message-6.41/lib/HTTP/Config.pm
--- old/HTTP-Message-6.37/lib/HTTP/Config.pm 2022-06-14 16:09:09.000000000
+0200
+++ new/HTTP-Message-6.41/lib/HTTP/Config.pm 2022-10-12 17:57:48.000000000
+0200
@@ -3,7 +3,7 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
use URI;
@@ -249,7 +249,7 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Headers/Auth.pm
new/HTTP-Message-6.41/lib/HTTP/Headers/Auth.pm
--- old/HTTP-Message-6.37/lib/HTTP/Headers/Auth.pm 2022-06-14
16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/lib/HTTP/Headers/Auth.pm 2022-10-12
17:57:48.000000000 +0200
@@ -3,7 +3,7 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
use HTTP::Headers;
@@ -111,7 +111,7 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 AUTHOR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Headers/ETag.pm
new/HTTP-Message-6.41/lib/HTTP/Headers/ETag.pm
--- old/HTTP-Message-6.37/lib/HTTP/Headers/ETag.pm 2022-06-14
16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/lib/HTTP/Headers/ETag.pm 2022-10-12
17:57:48.000000000 +0200
@@ -3,7 +3,7 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
require HTTP::Date;
@@ -107,7 +107,7 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 AUTHOR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Headers/Util.pm
new/HTTP-Message-6.41/lib/HTTP/Headers/Util.pm
--- old/HTTP-Message-6.37/lib/HTTP/Headers/Util.pm 2022-06-14
16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/lib/HTTP/Headers/Util.pm 2022-10-12
17:57:48.000000000 +0200
@@ -3,7 +3,7 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
use Exporter 5.57 'import';
@@ -103,7 +103,7 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Headers.pm
new/HTTP-Message-6.41/lib/HTTP/Headers.pm
--- old/HTTP-Message-6.37/lib/HTTP/Headers.pm 2022-06-14 16:09:09.000000000
+0200
+++ new/HTTP-Message-6.41/lib/HTTP/Headers.pm 2022-10-12 17:57:48.000000000
+0200
@@ -3,7 +3,7 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
use Carp ();
@@ -475,7 +475,7 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Message.pm
new/HTTP-Message-6.41/lib/HTTP/Message.pm
--- old/HTTP-Message-6.37/lib/HTTP/Message.pm 2022-06-14 16:09:09.000000000
+0200
+++ new/HTTP-Message-6.41/lib/HTTP/Message.pm 2022-10-12 17:57:48.000000000
+0200
@@ -3,11 +3,13 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
require HTTP::Headers;
require Carp;
+our $MAXIMUM_BODY_SIZE;
+
my $CRLF = "\015\012"; # "\r\n" is not portable
unless ($HTTP::URI_CLASS) {
if ($ENV{PERL_HTTP_URI_CLASS}
@@ -53,10 +55,10 @@
bless {
'_headers' => $header,
'_content' => $content,
+ '_max_body_size' => $HTTP::Message::MAXIMUM_BODY_SIZE,
}, $class;
}
-
sub parse
{
my($class, $str) = @_;
@@ -277,6 +279,17 @@
return undef;
}
+sub max_body_size {
+ my $self = $_[0];
+ my $old = $self->{_max_body_size};
+ $self->_set_max_body_size($_[1]) if @_ > 1;
+ return $old;
+}
+
+sub _set_max_body_size {
+ my $self = $_[0];
+ $self->{_max_body_size} = $_[1];
+}
sub decoded_content
{
@@ -288,6 +301,14 @@
$content_ref = $self->content_ref;
die "Can't decode ref content" if ref($content_ref) ne "SCALAR";
+ my $content_limit = exists $opt{ max_body_size } ? $opt{ max_body_size }
+ : defined $self->max_body_size ? $self->max_body_size
+ : undef
+ ;
+ my %limiter_options;
+ if( defined $content_limit ) {
+ %limiter_options = (LimitOutput => 1, Bufsize => $content_limit);
+ };
if (my $h = $self->header("Content-Encoding")) {
$h =~ s/^\s+//;
$h =~ s/\s+$//;
@@ -295,27 +316,70 @@
next unless $ce;
next if $ce eq "identity" || $ce eq "none";
if ($ce eq "gzip" || $ce eq "x-gzip") {
- require IO::Uncompress::Gunzip;
- my $output;
- IO::Uncompress::Gunzip::gunzip($content_ref, \$output,
Transparent => 0)
- or die "Can't gunzip content:
$IO::Uncompress::Gunzip::GunzipError";
+ require Compress::Raw::Zlib; # 'WANT_GZIP_OR_ZLIB',
'Z_BUF_ERROR';
+
+ if( ! $content_ref_iscopy and keys %limiter_options) {
+ # Create a copy of the input because Zlib will
overwrite it
+ # :-(
+ my $input = "$$content_ref";
+ $content_ref = \$input;
+ $content_ref_iscopy++;
+ };
+ my ($i, $status) = Compress::Raw::Zlib::Inflate->new(
+ %limiter_options,
+ ConsumeInput => 0, # overridden by Zlib if we have
%limiter_options :-(
+ WindowBits => Compress::Raw::Zlib::WANT_GZIP_OR_ZLIB(),
+ );
+ my $res = $i->inflate( $content_ref, \my $output );
+ $res == Compress::Raw::Zlib::Z_BUF_ERROR()
+ and Carp::croak("Decoded content would be larger than
$content_limit octets");
+ $res == Compress::Raw::Zlib::Z_OK()
+ or $res == Compress::Raw::Zlib::Z_STREAM_END()
+ or die "Can't gunzip content: $res";
$content_ref = \$output;
$content_ref_iscopy++;
}
elsif ($ce eq 'br') {
require IO::Uncompress::Brotli;
my $bro = IO::Uncompress::Brotli->create;
- my $output = eval { $bro->decompress($$content_ref) };
+
+ my $output;
+ if( defined $content_limit ) {
+ $output = eval { $bro->decompress( $$content_ref,
$content_limit ); }
+ } else {
+ $output = eval { $bro->decompress($$content_ref) };
+ }
+
$@ and die "Can't unbrotli content: $@";
$content_ref = \$output;
$content_ref_iscopy++;
}
elsif ($ce eq "x-bzip2" or $ce eq "bzip2") {
- require IO::Uncompress::Bunzip2;
+ require Compress::Raw::Bzip2;
+
+ if( ! $content_ref_iscopy ) {
+ # Create a copy of the input because Bzlib2 will
overwrite it
+ # :-(
+ my $input = "$$content_ref";
+ $content_ref = \$input;
+ $content_ref_iscopy++;
+ };
+ my ($i, $status) = Compress::Raw::Bunzip2->new(
+ 1, # appendInput
+ 0, # consumeInput
+ 0, # small
+ $limiter_options{ LimitOutput } || 0,
+ );
my $output;
- IO::Uncompress::Bunzip2::bunzip2($content_ref, \$output,
Transparent => 0)
- or die "Can't bunzip content:
$IO::Uncompress::Bunzip2::Bunzip2Error";
- $content_ref = \$output;
+ $output = "\0" x $limiter_options{ Bufsize }
+ if $limiter_options{ Bufsize };
+ my $res = $i->bzinflate( $content_ref, \$output );
+ $res == Compress::Raw::Bzip2::BZ_OUTBUFF_FULL()
+ and Carp::croak("Decoded content would be larger than
$content_limit octets");
+ $res == Compress::Raw::Bzip2::BZ_OK()
+ or $res == Compress::Raw::Bzip2::BZ_STREAM_END()
+ or die "Can't bunzip content: $res";
+ $content_ref = \$output;
$content_ref_iscopy++;
}
elsif ($ce eq "deflate") {
@@ -820,11 +884,11 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 SYNOPSIS
- use base 'HTTP::Message';
+ use parent 'HTTP::Message';
=head1 DESCRIPTION
@@ -940,12 +1004,12 @@
=item C<charset>
-This override the charset parameter for text content. The value
+This overrides the charset parameter for text content. The value
C<none> can used to suppress decoding of the charset.
=item C<default_charset>
-This override the default charset guessed by content_charset() or
+This overrides the default charset guessed by content_charset() or
if that fails "ISO-8859-1".
=item C<alt_charset>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Request/Common.pm
new/HTTP-Message-6.41/lib/HTTP/Request/Common.pm
--- old/HTTP-Message-6.37/lib/HTTP/Request/Common.pm 2022-06-14
16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/lib/HTTP/Request/Common.pm 2022-10-12
17:57:48.000000000 +0200
@@ -3,7 +3,7 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
our $DYNAMIC_FILE_UPLOAD ||= 0; # make it defined (don't know why)
@@ -314,7 +314,7 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 SYNOPSIS
@@ -413,6 +413,10 @@
The same as C<POST> below, but the method in the request is C<OPTIONS>
+This was added in version 6.21, so you should require that in your code:
+
+ use HTTP::Request::Common 6.21;
+
=item POST $url
=item POST $url, Header => Value,...
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Request.pm
new/HTTP-Message-6.41/lib/HTTP/Request.pm
--- old/HTTP-Message-6.37/lib/HTTP/Request.pm 2022-06-14 16:09:09.000000000
+0200
+++ new/HTTP-Message-6.41/lib/HTTP/Request.pm 2022-10-12 17:57:48.000000000
+0200
@@ -3,9 +3,9 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
-use base 'HTTP::Message';
+use parent 'HTTP::Message';
sub new
{
@@ -155,7 +155,7 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Response.pm
new/HTTP-Message-6.41/lib/HTTP/Response.pm
--- old/HTTP-Message-6.37/lib/HTTP/Response.pm 2022-06-14 16:09:09.000000000
+0200
+++ new/HTTP-Message-6.41/lib/HTTP/Response.pm 2022-10-12 17:57:48.000000000
+0200
@@ -3,9 +3,9 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
-use base 'HTTP::Message';
+use parent 'HTTP::Message';
use HTTP::Status ();
@@ -351,7 +351,7 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/lib/HTTP/Status.pm
new/HTTP-Message-6.41/lib/HTTP/Status.pm
--- old/HTTP-Message-6.37/lib/HTTP/Status.pm 2022-06-14 16:09:09.000000000
+0200
+++ new/HTTP-Message-6.41/lib/HTTP/Status.pm 2022-10-12 17:57:48.000000000
+0200
@@ -3,12 +3,12 @@
use strict;
use warnings;
-our $VERSION = '6.37';
+our $VERSION = '6.41';
use Exporter 5.57 'import';
our @EXPORT = qw(is_info is_success is_redirect is_error status_message);
-our @EXPORT_OK = qw(is_client_error is_server_error is_cacheable_by_default);
+our @EXPORT_OK = qw(is_client_error is_server_error is_cacheable_by_default
status_constant_name);
# Note also addition of mnemonics to @EXPORT below
@@ -90,6 +90,8 @@
511 => 'Network Authentication Required', # RFC 6585: Additional Codes
);
+my %StatusCodeName;
+
# keep some unofficial codes that used to be in this distribution
%StatusCode = (
%StatusCode,
@@ -104,10 +106,12 @@
# create mnemonic subroutines
$message =~ s/I'm/I am/;
$message =~ tr/a-z \-/A-Z__/;
- $mnemonicCode .= "sub HTTP_$message () { $code }\n";
+ my $constant_name = "HTTP_".$message;
+ $mnemonicCode .= "sub $constant_name () { $code }\n";
$mnemonicCode .= "*RC_$message = \\&HTTP_$message;\n"; # legacy
$mnemonicCode .= "push(\@EXPORT_OK, 'HTTP_$message');\n";
$mnemonicCode .= "push(\@EXPORT, 'RC_$message');\n";
+ $StatusCodeName{$code} = $constant_name
}
eval $mnemonicCode; # only one eval for speed
die if $@;
@@ -139,6 +143,9 @@
sub status_message ($) { $StatusCode{$_[0]}; }
+sub status_constant_name ($) {
+ exists($StatusCodeName{$_[0]}) ? $StatusCodeName{$_[0]} : undef;
+}
sub is_info ($) { $_[0] && $_[0] >= 100 && $_[0] < 200; }
sub is_success ($) { $_[0] && $_[0] >= 200 && $_[0] < 300; }
@@ -174,7 +181,7 @@
=head1 VERSION
-version 6.37
+version 6.41
=head1 SYNOPSIS
@@ -280,7 +287,20 @@
The status_message() function will translate status codes to human
readable strings. The string is the same as found in the constant
-names above. If the $code is not registered in the L<list of IANA HTTP Status
+names above.
+For example, C<status_message(303)> will return C<"Not Found">.
+
+If the $code is not registered in the L<list of IANA HTTP Status
+Codes|https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml>
+then C<undef> is returned.
+
+=item status_constant_name( $code )
+
+The status_constant_name() function will translate a status code
+to a string which has the name of the constant for that status code.
+For example, C<status_constant_name(404)> will return C<"HTTP_NOT_FOUND">.
+
+If the C<$code> is not registered in the L<list of IANA HTTP Status
Codes|https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml>
then C<undef> is returned.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/t/00-report-prereqs.dd
new/HTTP-Message-6.41/t/00-report-prereqs.dd
--- old/HTTP-Message-6.37/t/00-report-prereqs.dd 2022-06-14
16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/t/00-report-prereqs.dd 2022-10-12
17:57:48.000000000 +0200
@@ -30,6 +30,7 @@
},
'requires' => {
'Carp' => '0',
+ 'Compress::Raw::Bzip2' => '0',
'Compress::Raw::Zlib' => '0',
'Encode' => '3.01',
'Encode::Locale' => '1',
@@ -48,7 +49,7 @@
'MIME::Base64' => '2.1',
'MIME::QuotedPrint' => '0',
'URI' => '1.10',
- 'base' => '0',
+ 'parent' => '0',
'perl' => '5.008001',
'strict' => '0',
'warnings' => '0'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/t/headers-auth.t
new/HTTP-Message-6.41/t/headers-auth.t
--- old/HTTP-Message-6.37/t/headers-auth.t 2022-06-14 16:09:09.000000000
+0200
+++ new/HTTP-Message-6.41/t/headers-auth.t 2022-10-12 17:57:48.000000000
+0200
@@ -28,7 +28,7 @@
note $res->as_string;
$res->www_authenticate(Basic => {realm => "foo2"});
-print $res->as_string;
+note $res->as_string;
$res->www_authenticate(Basic => [realm => "foo3", foo=>33],
Digest => {nonce=>"bar", foo=>'foo'});
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/t/message-decode-brotlibomb.t
new/HTTP-Message-6.41/t/message-decode-brotlibomb.t
--- old/HTTP-Message-6.37/t/message-decode-brotlibomb.t 1970-01-01
01:00:00.000000000 +0100
+++ new/HTTP-Message-6.41/t/message-decode-brotlibomb.t 2022-10-12
17:57:48.000000000 +0200
@@ -0,0 +1,97 @@
+# https://rt.cpan.org/Public/Bug/Display.html?id=52572
+
+use strict;
+use warnings;
+
+use Test::More;
+
+use HTTP::Headers qw();
+use HTTP::Response qw();
+
+use Test::Needs 'IO::Compress::Brotli', 'IO::Uncompress::Brotli';
+
+plan tests => 9;
+
+# Create a nasty brotli stream:
+my $size = 16 * 1024 * 1024;
+my $stream = "\0" x $size;
+
+# Compress that stream one time (since it won't compress it twice?!):
+my $compressed = $stream;
+my $bro = IO::Compress::Brotli->create;
+
+for( 1 ) {
+ my $last = $compressed;
+ $compressed = $bro->compress( $compressed );
+ $compressed .= $bro->finish();
+ note sprintf "Encoded size %d bytes after round %d", length $compressed,
$_;
+};
+
+my $body = $compressed;
+
+my $headers = HTTP::Headers->new(
+ Content_Type => "application/xml",
+ Content_Encoding => 'br', # only one round needed for Brotli
+);
+my $response = HTTP::Response->new(200, "OK", $headers, $body);
+
+my $len = length $response->decoded_content;
+is($len, 16 * 1024 * 1024, "Self-test: The decoded content length is 16M as
expected" );
+
+# Manual decompression check
+my $output = $compressed;
+for( 1 ) {
+ my $unbro = IO::Uncompress::Brotli->create();
+ $output = $unbro->decompress($compressed);
+};
+
+$headers = HTTP::Headers->new(
+ Content_Type => "application/xml",
+ Content_Encoding => 'br' # say my name, but only once
+);
+
+$HTTP::Message::MAXIMUM_BODY_SIZE = 1024 * 1024;
+
+$response = HTTP::Response->new(200, "OK", $headers, $body);
+is $response->max_body_size, 1024*1024, "The default maximum body size holds";
+
+$response->max_body_size( 512*1024 );
+is $response->max_body_size, 512*1024, "We can change the maximum body size";
+
+my $content;
+my $lives = eval {
+ $content = $response->decoded_content( raise_error => 1 );
+ 1;
+};
+my $err = $@;
+is $lives, undef, "We die when trying to decode something larger than our
global limit of 512k"
+ or diag "... using IO::Uncompress::Brotli version
$IO::Uncompress::Brotli::VERSION";
+
+$response->max_body_size(undef);
+is $response->max_body_size, undef, "We can remove the maximum size
restriction";
+$lives = eval {
+ $content = $response->decoded_content( raise_error => 0 );
+ 1;
+};
+is $lives, 1, "We don't die when trying to decode something larger than our
global limit of 1M";
+is length $content, 16 * 1024*1024, "We get the full content";
+is $content, $stream, "We really get the full content";
+
+# The best usage of ->decoded_content:
+$lives = eval {
+ $content = $response->decoded_content(
+ raise_error => 1,
+ max_body_size => 512 * 1024 );
+ 1;
+};
+$err = $@;
+is $lives, undef, "We die when trying to decode something larger than our
limit of 512k using a parameter"
+ or diag "... using IO::Uncompress::Brotli version
$IO::Uncompress::Brotli::VERSION";
+
+=head1 SEE ALSO
+
+L<https://security.stackexchange.com/questions/51071/zlib-deflate-decompression-bomb>
+
+L<http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html>
+
+=cut
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/t/message-decode-bzipbomb.t
new/HTTP-Message-6.41/t/message-decode-bzipbomb.t
--- old/HTTP-Message-6.37/t/message-decode-bzipbomb.t 1970-01-01
01:00:00.000000000 +0100
+++ new/HTTP-Message-6.41/t/message-decode-bzipbomb.t 2022-10-12
17:57:48.000000000 +0200
@@ -0,0 +1,101 @@
+# https://rt.cpan.org/Public/Bug/Display.html?id=52572
+
+use strict;
+use warnings;
+
+use Test::More;
+plan tests => 10;
+
+use HTTP::Headers qw( );
+use HTTP::Response qw( );
+
+# Create a nasty bzip2 stream:
+my $size = 16 * 1024 * 1024;
+my $stream = "\0" x $size;
+
+# Compress that stream three times:
+my $compressed = $stream;
+for( 1..3 ) {
+ require IO::Compress::Bzip2;
+ my $last = $compressed;
+ IO::Compress::Bzip2::bzip2(\$last, \$compressed)
+ or die "Can't bzip2 content: $IO::Compress::Bzip2::Bzip2Error";
+ #diag sprintf "Encoded size %d bytes after round %d", length $compressed,
$_;
+};
+
+my $body = $compressed;
+
+my $headers = HTTP::Headers->new(
+ Content_Type => "application/xml",
+ Content_Encoding => 'bzip2,bzip2,bzip2', # say my name three times
+);
+my $response = HTTP::Response->new(200, "OK", $headers, $body);
+
+my $len = length $response->decoded_content( raise_error => 1 );
+is($len, 16 * 1024 * 1024, "Self-test: The decoded content length is 16M as
expected" );
+
+# Manual decompression check
+my $output = $compressed;
+for( 1..3 ) {
+ my $last = $output;
+ require Compress::Raw::Bzip2;
+ my ($i, $status) = Compress::Raw::Bunzip2->new(
+ 1, # appendInput
+ 0, # consumeInput
+ 0, # small
+ 1,
+ );
+ $output = "\0" x (1024*1024);
+ # Will modify $last, but we made a copy above
+ my $res = $i->bzinflate( \$last, \$output );
+};
+is length $output, 1024*1024, "We manually recreate the limited original
stream";
+
+$headers = HTTP::Headers->new(
+ Content_Type => "application/xml",
+ Content_Encoding => 'bzip2,bzip2,bzip2', # say my name three times
+);
+
+$HTTP::Message::MAXIMUM_BODY_SIZE = 1024 * 1024;
+
+$response = HTTP::Response->new(200, "OK", $headers, $body);
+is $response->max_body_size, 1024*1024, "The default maximum body size holds";
+
+$response->max_body_size( 512*1024 );
+is $response->max_body_size, 512*1024, "We can change the maximum body size";
+
+my $content;
+my $lives = eval {
+ $content = $response->decoded_content( raise_error => 1 );
+ 1;
+};
+my $err = $@;
+is $lives, undef, "We die when trying to decode something larger than our
limit of 512k";
+
+$response->max_body_size(undef);
+is $response->max_body_size, undef, "We can remove the maximum size
restriction";
+$lives = eval {
+ $content = $response->decoded_content( raise_error => 0 );
+ 1;
+};
+is $lives, 1, "We don't die when trying to decode something larger than our
global limit of 1M";
+is length $content, 16 * 1024*1024, "We get the full content";
+is $content, $stream, "We really get the full content";
+
+# The best usage of ->decoded_content:
+$lives = eval {
+ $content = $response->decoded_content(
+ raise_error => 1,
+ max_body_size => 512 * 1024 );
+ 1;
+};
+$err = $@;
+is $lives, undef, "We die when trying to decode something larger than our
limit of 512k";
+
+=head1 SEE ALSO
+
+L<https://security.stackexchange.com/questions/51071/zlib-deflate-decompression-bomb>
+
+L<http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html>
+
+=cut
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/t/message-decode-zipbomb.t
new/HTTP-Message-6.41/t/message-decode-zipbomb.t
--- old/HTTP-Message-6.37/t/message-decode-zipbomb.t 1970-01-01
01:00:00.000000000 +0100
+++ new/HTTP-Message-6.41/t/message-decode-zipbomb.t 2022-10-12
17:57:48.000000000 +0200
@@ -0,0 +1,105 @@
+# https://rt.cpan.org/Public/Bug/Display.html?id=52572
+
+use strict;
+use warnings;
+
+use Test::More;
+
+use HTTP::Headers qw( );
+use HTTP::Response qw( );
+
+use Test::Needs { 'Compress::Raw::Zlib' => '2.061' };
+plan tests => 9;
+
+# Create a nasty gzip stream:
+my $size = 16 * 1024 * 1024;
+my $stream = "\0" x $size;
+
+# Compress that stream three times:
+my $compressed = $stream;
+for( 1..3 ) {
+ require IO::Compress::Gzip;
+ my $last = $compressed;
+ IO::Compress::Gzip::gzip(\$last, \$compressed, Level => 9, -Minimal => 1)
+ or die "Can't gzip content: $IO::Compress::Gzip::GzipError";
+ #diag sprintf "Encoded size %d bytes after round %d", length $compressed,
$_;
+};
+
+my $body = $compressed;
+
+my $headers = HTTP::Headers->new(
+ Content_Type => "application/xml",
+ Content_Encoding => 'gzip,gzip,gzip', # say my name three times
+);
+my $response = HTTP::Response->new(200, "OK", $headers, $body);
+
+my $len = length $response->decoded_content;
+is($len, 16 * 1024 * 1024, "Self-test: The decoded content length is 16M as
expected" );
+
+# Manual decompression check
+my $output = $compressed;
+for( 1..3 ) {
+ use Compress::Raw::Zlib 'WANT_GZIP_OR_ZLIB', 'Z_BUF_ERROR';
+
+ my $last = $output;
+ require Compress::Raw::Zlib;
+ my ($i, $status) = Compress::Raw::Zlib::Inflate->new(
+ Bufsize => 1024*1024,
+ LimitOutput => 1,
+ WindowBits => WANT_GZIP_OR_ZLIB
+ );
+ $output = '';
+ # Will modify $last, but we made a copy above
+ my $res = $i->inflate( \$last, \$output );
+};
+
+$headers = HTTP::Headers->new(
+ Content_Type => "application/xml",
+ Content_Encoding => 'gzip, gzip, gzip' # say my name three times
+);
+
+$HTTP::Message::MAXIMUM_BODY_SIZE = 1024 * 1024;
+
+$response = HTTP::Response->new(200, "OK", $headers, $body);
+is $response->max_body_size, 1024*1024, "The default maximum body size holds";
+
+$response->max_body_size( 512*1024 );
+is $response->max_body_size, 512*1024, "We can change the maximum body size";
+
+my $content;
+my $lives = eval {
+ $content = $response->decoded_content( raise_error => 1 );
+ 1;
+};
+my $err = $@;
+is $lives, undef, "We die when trying to decode something larger than our
global limit of 512k"
+ or diag "... using Compress::Raw::Zlib version
$Compress::Raw::Zlib::VERSION";
+
+$response->max_body_size(undef);
+is $response->max_body_size, undef, "We can remove the maximum size
restriction";
+$lives = eval {
+ $content = $response->decoded_content( raise_error => 0 );
+ 1;
+};
+is $lives, 1, "We don't die when trying to decode something larger than our
global limit of 1M";
+is length $content, 16 * 1024*1024, "We get the full content";
+is $content, $stream, "We really get the full content";
+
+# The best usage of ->decoded_content:
+$lives = eval {
+ $content = $response->decoded_content(
+ raise_error => 1,
+ max_body_size => 512 * 1024 );
+ 1;
+};
+$err = $@;
+is $lives, undef, "We die when trying to decode something larger than our
limit of 512k using a parameter"
+ or diag "... using Compress::Raw::Zlib version
$Compress::Raw::Zlib::VERSION";
+
+=head1 SEE ALSO
+
+L<https://security.stackexchange.com/questions/51071/zlib-deflate-decompression-bomb>
+
+L<http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html>
+
+=cut
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/t/response.t
new/HTTP-Message-6.41/t/response.t
--- old/HTTP-Message-6.37/t/response.t 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/t/response.t 2022-10-12 17:57:48.000000000 +0200
@@ -34,7 +34,7 @@
$r->last_modified($time - 5000000);
$r->request($req);
-#print $r->as_string;
+#note $r->as_string;
my $current_age = $r->current_age;
@@ -48,19 +48,15 @@
ok($is_fresh);
is($r->is_fresh(heuristic_expiry => 0), undef);
-print "# current_age = $current_age\n";
-print "# freshness_lifetime = $freshness_lifetime\n";
-print "# response is ";
-print " not " unless $is_fresh;
-print "fresh\n";
-
-print "# it will be fresh for ";
-print $freshness_lifetime - $current_age;
-print " more seconds\n";
+note "current_age = $current_age";
+note "freshness_lifetime = $freshness_lifetime";
+note "response is ", "not " x !$is_fresh, "fresh";
+note "it will be fresh for ", $freshness_lifetime - $current_age,
+ " more seconds";
# OK, now we add an Expires header
$r->expires($time);
-print "\n", $r->dump(prefix => "# ");
+note "\n", $r->dump;
$freshness_lifetime = $r->freshness_lifetime;
is($freshness_lifetime, 25);
@@ -71,13 +67,13 @@
$r->push_header('Cache-Control', 'junk');
$r->push_header(Cache_Control => 'max-age = 10');
-#print $r->as_string;
+#note $r->as_string;
$current_age = $r->current_age;
$freshness_lifetime = $r->freshness_lifetime;
-print "# current_age = $current_age\n";
-print "# freshness_lifetime = $freshness_lifetime\n";
+note "current_age = $current_age";
+note "freshness_lifetime = $freshness_lifetime";
ok($current_age >= 300);
is($freshness_lifetime, 10);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/t/status.t
new/HTTP-Message-6.41/t/status.t
--- old/HTTP-Message-6.37/t/status.t 2022-06-14 16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/t/status.t 2022-10-12 17:57:48.000000000 +0200
@@ -2,9 +2,9 @@
use warnings;
use Test::More;
-plan tests => 49;
+plan tests => 52;
-use HTTP::Status qw(:constants :is status_message);
+use HTTP::Status qw(:constants :is status_message status_constant_name);
is(HTTP_OK, 200);
@@ -52,3 +52,7 @@
ok(!is_cacheable_by_default($_),
"... is not cacheable [$_] " . status_message($_)
) for (100,201,302,400,500);
+
+is(status_constant_name(HTTP_OK), "HTTP_OK");
+is(status_constant_name(404), "HTTP_NOT_FOUND");
+is(status_constant_name(999), undef);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/xt/author/portability.t
new/HTTP-Message-6.41/xt/author/portability.t
--- old/HTTP-Message-6.37/xt/author/portability.t 2022-06-14
16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/xt/author/portability.t 2022-10-12
17:57:48.000000000 +0200
@@ -3,8 +3,6 @@
use Test::More;
-eval 'use Test::Portability::Files';
-plan skip_all => 'Test::Portability::Files required for testing portability'
- if $@;
+use Test::Portability::Files;
run_tests();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/HTTP-Message-6.37/xt/release/changes_has_content.t
new/HTTP-Message-6.41/xt/release/changes_has_content.t
--- old/HTTP-Message-6.37/xt/release/changes_has_content.t 2022-06-14
16:09:09.000000000 +0200
+++ new/HTTP-Message-6.41/xt/release/changes_has_content.t 2022-10-12
17:57:48.000000000 +0200
@@ -8,7 +8,7 @@
note 'Checking Changes';
my $changes_file = 'Changes';
-my $newver = '6.37';
+my $newver = '6.41';
my $trial_token = '-TRIAL';
my $encoding = 'UTF-8';
