commit perl-Apache-AuthCookie for openSUSE:Factory
Hello community, here is the log from the commit of package perl-Apache-AuthCookie for openSUSE:Factory checked in at 2015-12-29 12:59:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Apache-AuthCookie (Old) and /work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "perl-Apache-AuthCookie" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Apache-AuthCookie/perl-Apache-AuthCookie.changes 2015-04-16 14:13:22.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new/perl-Apache-AuthCookie.changes 2015-12-29 12:59:38.000000000 +0100 @@ -1,0 +2,15 @@ +Sat Dec 26 09:27:49 UTC 2015 - coolo@suse.com + +- updated to 3.23 + see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes + + 3.23 2015-09-10 + - Improve CGI mode param() handling to avoi CGI.pm's "param() called in list context" warning. + - add support for Apache 2.4 via mod_perl 1.09. + ***** IMPORTANT ***** + Apache 2.4 has a *VERY* different API for authentication. You will need + to port your subclass and configuration over to the Apache 2.4 API in + order to use Apache 2.4! Please be sure to read README.apache-2.4.pod for + porting instructions! + +------------------------------------------------------------------- Old: ---- Apache-AuthCookie-3.22.tar.gz New: ---- Apache-AuthCookie-3.23.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Apache-AuthCookie.spec ++++++ --- /var/tmp/diff_new_pack.lU2TCJ/_old 2015-12-29 12:59:39.000000000 +0100 +++ /var/tmp/diff_new_pack.lU2TCJ/_new 2015-12-29 12:59:39.000000000 +0100 @@ -17,7 +17,7 @@ Name: perl-Apache-AuthCookie -Version: 3.22 +Version: 3.23 Release: 0 %define cpan_name Apache-AuthCookie Summary: Perl Authentication and Authorization via cookies @@ -31,10 +31,12 @@ BuildRequires: perl BuildRequires: perl-macros BuildRequires: perl(Apache::Test) >= 1.35 +BuildRequires: perl(CGI) >= 3.12 BuildRequires: perl(Class::Load) >= 0.03 BuildRequires: perl(autobox) >= 1.1 BuildRequires: perl(mod_perl2) >= 1.999022 Requires: perl(Apache::Test) >= 1.35 +Requires: perl(CGI) >= 3.12 Requires: perl(Class::Load) >= 0.03 Requires: perl(autobox) >= 1.1 Requires: perl(mod_perl2) >= 1.999022 @@ -59,73 +61,73 @@ * 'authen_cred()' - Verify the user-supplied credentials and return a session key. The - session key can be any string - often you'll use some string containing - username, timeout info, and any other information you need to determine - access to documents, and append a one-way hash of those values together - with some secret key. +Verify the user-supplied credentials and return a session key. The session +key can be any string - often you'll use some string containing username, +timeout info, and any other information you need to determine access to +documents, and append a one-way hash of those values together with some +secret key. * 'authen_ses_key()' - Verify the session key (previously generated by 'authen_cred()', possibly - during a previous request) and return the user ID. This user ID will be - fed to '$r->connection->user()' to set Apache's idea of who's logged in. +Verify the session key (previously generated by 'authen_cred()', possibly +during a previous request) and return the user ID. This user ID will be fed +to '$r->connection->user()' to set Apache's idea of who's logged in. By using AuthCookie versus Apache's built-in AuthBasic you can design your own authentication system. There are several benefits. * 1. - The client doesn't *have* to pass the user credentials on every - subsequent access. If you're using passwords, this means that the - password can be sent on the first request only, and subsequent requests - don't need to send this (potentially sensitive) information. This is - known as "ticket-based" authentication. +The client doesn't *have* to pass the user credentials on every subsequent +access. If you're using passwords, this means that the password can be sent +on the first request only, and subsequent requests don't need to send this +(potentially sensitive) information. This is known as "ticket-based" +authentication. * 2. - When you determine that the client should stop using the - credentials/session key, the server can tell the client to delete the - cookie. Letting users "log out" is a notoriously impossible-to-solve - problem of AuthBasic. +When you determine that the client should stop using the +credentials/session key, the server can tell the client to delete the +cookie. Letting users "log out" is a notoriously impossible-to-solve +problem of AuthBasic. * 3. - AuthBasic dialog boxes are ugly. You can design your own HTML login forms - when you use AuthCookie. +AuthBasic dialog boxes are ugly. You can design your own HTML login forms +when you use AuthCookie. * 4. - You can specify the domain of a cookie using PerlSetVar commands. For - instance, if your AuthName is 'WhatEver', you can put the command +You can specify the domain of a cookie using PerlSetVar commands. For +instance, if your AuthName is 'WhatEver', you can put the command PerlSetVar WhatEverDomain .yourhost.com - into your server setup file and your access cookies will span all hosts - ending in '.yourhost.com'. +into your server setup file and your access cookies will span all hosts +ending in '.yourhost.com'. * 5. - You can optionally specify the name of your cookie using the 'CookieName' - directive. For instance, if your AuthName is 'WhatEver', you can put the - command +You can optionally specify the name of your cookie using the 'CookieName' +directive. For instance, if your AuthName is 'WhatEver', you can put the +command PerlSetVar WhatEverCookieName MyCustomName - into your server setup file and your cookies for this AuthCookie realm - will be named MyCustomName. Default is AuthType_AuthName. +into your server setup file and your cookies for this AuthCookie realm will +be named MyCustomName. Default is AuthType_AuthName. * 6. - By default users must satisfy ALL of the 'require' directives. If you - want authentication to succeed if ANY 'require' directives are met, use - the 'Satisfy' directive. For instance, if your AuthName is 'WhatEver', - you can put the command +By default users must satisfy ALL of the 'require' directives. If you want +authentication to succeed if ANY 'require' directives are met, use the +'Satisfy' directive. For instance, if your AuthName is 'WhatEver', you can +put the command PerlSetVar WhatEverSatisfy Any - into your server startup file and authentication for this realm will - succeed if ANY of the 'require' directives are met. +into your server startup file and authentication for this realm will +succeed if ANY of the 'require' directives are met. This is the flow of the authentication handler, less the details of the redirects. Two REDIRECT's are used to keep the client from displaying the @@ -200,7 +202,7 @@ %prep %setup -q -n %{cpan_name}-%{version} -find . -type f -print0 | xargs -0 chmod 644 +find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644 %build %{__perl} Makefile.PL INSTALLDIRS=vendor ++++++ Apache-AuthCookie-3.22.tar.gz -> Apache-AuthCookie-3.23.tar.gz ++++++ ++++ 2076 lines of diff (skipped)
participants (1)
-
root@hilbert.suse.de