7030196 Problem with utility/perl
authorCraig Mohrman <craig.mohrman@oracle.com>
Wed, 20 Jun 2012 13:50:44 -0700
changeset 884 cd5a2da081ff
parent 883 50516829ab64
child 885 2af25a1da825
7030196 Problem with utility/perl
components/perl512/patches/CVE-2010-2761.patch
components/perl512/patches/CVE-2011-2728.patch
components/perl512/patches/CVE-2011-3597.patch
components/perl512/patches/patchlevel_h.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/perl512/patches/CVE-2010-2761.patch	Wed Jun 20 13:50:44 2012 -0700
@@ -0,0 +1,2873 @@
+diff -Naur perl-5.12.4/cpan/CGI/Changes CGI.pm-3.59/cpan/CGI/Changes
+--- perl-5.12.4/cpan/CGI/Changes	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/Changes	2011-12-30 05:28:52.000000000 -0800
[email protected]@ -1,10 +1,184 @@
+-Version 3.49
++Version 3.59 Dec 29th, 2011
++
++ [BUG FIXES]
++ - We no longer read from STDIN when the Content-Length is not set, preventing
++   requests with no Content-Length from freezing in some cases. This is consistent
++   with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
++   behavior may have been expected by some command-line uses of CGI.pm.
++   Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
++   https://rt.cpan.org/Public/Bug/Display.html?id=52469
++
++ [INTERNALS]
++ - remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
++ - use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
++ - remove use of define(@arr). Thanks to rjbs.
++ - spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini.
++ - fix test count and warning in t/fast.t. Thanks to Yanick.
++
++Version 3.58 Nov 11th, 2011
++
++    [DOCUMENTATION]
++    - Clarify that using query_string() only has defined behavior when using the GET method. (RT#60813)
++
++Version 3.57 Nov 9th, 2011
++    [INTERNALS]
++    - test failure in t/fast.t introduced in 3.56 is fixed. (Thanks to zefram and chansen).
++    - Test::More requirement has been bumped to 0.98
++
++Version 3.56 Nov 8th, 2011
++
++    [SECURITY]
++    Use public and documented FCGI.pm API in CGI::Fast
++        CGI::Fast was using an FCGI API that was deprecated and removed from
++        documentation more than ten years ago. Usage of this deprecated API with
++        FCGI >= 0.70 or FCGI <= 0.73 introduces a security issue.
++        <https://rt.cpan.org/Public/Bug/Display.html?id=68380>
++        <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766>
++        (Thanks to chansen)
++
++    [INTERNALS]
++    - tmp files are now cleaned up on VMS ( RT#69210, thanks to [email protected] )
++    - Fixed test failure: done_testing() added to url.t (Thanks to Ryan Jendoubi)
++    - Clarify preferred bug submission location in docs, and note that Mark Stosberg
++      is the current maintainer.
++
++Version 3.55 June 3rd, 2011
++
++    [THINGS THAT MAY BREAK YOUR CODE]
++    url() was fixed to return "PATH_INFO" when it is explicitly requested 
++    with either the path=>1 or path_info=>1 flag. 
++
++    If your code is running under mod_rewrite (or compatible) and you are calling self_url() or
++    you are calling url() and passing path_info=>1, These methods will actually be
++    returning PATH_INFO now, as you have explicitly requested, or has self_url()
++    has requested on your behalf.
++
++    The PATH_INFO has been omitted in such URLs since the issue was introduced
++    in the 3.12 release in December, 2005. 
++
++    This bug is so old your application may have come to depend on it or
++    workaround it. Check for application before upgrading to this release. 
++
++    Examples of affected method calls:
++
++     $q->url(-absolute => 1, -query => 1, -path_info => 1 ) 
++     $q->url(-path=>1)
++     $q->url(-full=>1,-path=>1) 
++     $q->url(-rewrite=>1,-path=>1)
++     $q->self_url();
++
++Version 3.54, Apr 28, 2011
++   No code changes
++
++   [INTERNALS]
++   - Address test failures in t/tmpdir.t, thanks to Niko Tyni.
++     Some tests here are failing on some platforms and have been marked as TODO.
++
++Version 3.53, Apr 25, 2011
++  
++  [NEW FEATURES]
++  - The DELETE HTTP verb is now supported. 
++    (RT#52614, James Robson, Eduardo Ari�o de la Rubia) 
++
++  [INTERNALS]  
++  - Correct t/tmpdir.t MANIFEST entry. (RT#64949)
++  - Update minimum required Perl version to be Perl 5.8.1, which
++    has been out since 2003. This allows us to drop some hacks
++    and exceptions (Mark Stosberg)
++
++Version 3.52, Jan 24, 2011
++  
++  [DOCUMENTATION]
++  - The documentation for multi-line header handling was been updated to reflect
++    the changes in 3.51. (Mark Stosberg, [email protected]) 
++
++  [INTERNALS]
++  - Add missing t/tmpfile.t file. (RT#64949)  
++  - Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg)     
++  - Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni)
++
++Version 3.51, Jan 5, 2011
++
++  [NEW FEATURES]  
++  - A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly  
++    exclude a particular scope from triggering printing to the browser when
++    fatatlsToBrowser is set. (RT#62783, Thanks to papowell) 
++  - The <script> tag now supports the "charset" attribute. 
++    (RT#62907, Thanks to Fabrice Metge)
++  - In CGI::Cookie, "Max-Age" is now supported for better spec compliance. 
++    (Mark Stosberg)
++
++  [BUG FIXES]  
++  - Setting charset() now works for all content types, not just "text/*". 
++    (RT#57945, Thanks to Yanick and Gerv.)
++  - support for user temporary directories ($HOME/tmp) was commented out
++    in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni)
++  - setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been
++    working but undocumented since 3.12 (which listed it in Changes as
++    $CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni)
++  - unfortunately the previous change broke the runtime check for looking
++    for a new temporary directory if the current one suddenly became
++    unwritable (Peter Gervai, Niko Tyni)
++  - A bug was fixed in CGI::Carp triggered by certain death cases in
++    the BEGIN phase of parent classes. 
++    (RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg)
++  - CGI::Cookie->new() now follows the documentation and returns undef 
++    if the -name and -value args aren't provided. This new behavior is also
++    consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg)
++  - CGI::Cookie->parse() now trims leading and trailing whitespace from cookie  
++    elements as intended. The change also makes this part of the parsing 
++    identical to CGI::Simple::Cookie (Mark Stosberg) 
++  - Temp file handling was improved (RT#62762)  
++
++  [SECURITY]
++  - Further improvements have been made to guard against newline injections
++    in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg)
++
++  [PERFORMANCE]
++  - Make EBCDIC a compile-time constant so there's zero overhead (and less
++    compiled code) in subroutines that test for it. (Tim Bunce) 
++  - If you just want to use CGI::Cookie, CGI.pm will no longer be loaded
++    unless you call the bake() method, which requires it. (Mark Stosberg)
++
++  [DOCUMENTATION]
++  - quit referring to the <link> tag as being "rarely used".  (Victor Sanders)
++  - typo and whitespace fixes (RT#62785, thanks to  [email protected]) 
++  - The -dtd argument to start_html() is now documented 
++    (RT#60473, Thanks to giecrilj and [email protected]) 
++  - CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0. 
++  - when creating a temporary file in the directory fails, the error message
++    could indicate the root of the problem better (Peter Gervai, Niko Tyni)
++
++  [INTERNALS]
++  - Re-fixing https test in http.t. (RT#54768, thanks to SPROUT)
++  - param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg)
++
++Version 3.50, Nov 8, 2010
++  
++  [SECURITY]
++  1. The MIME boundary in multipart_init is now random. 
++     Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and  Mark Stosberg
++  2. Further improvements to handling of newlines embedded in header values. 
++     An exception is thrown if header values contain invalid newlines. 
++     Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux,
++     Lincoln Stein, Fr�d�ric Buclin and Mark Stosberg
++
++  [DOCUMENTATION]
++  1. Correcting/clarifying documentation for param_fetch(). Thanks to 
++        Ren�e B�cker. (RT#59132)
++
++  [INTERNALS]
++  1. Fixing https test in http.t. (RT#54768)
++  2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple. 
++
++Version 3.49, Feb 5th, 2010
+ 
+   [BUG FIXES]
+   1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0". 
+      Thanks to Alex Vandiver (RT#51109)
+   2. Suppress uninitialized warnings under -w. Thanks to burak.  (RT#50301)
+   3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562)
++  4. CGI::Carp now properly handles stringifiable objects, like Exception::Class throws (RT#39904)
+ 
+   [SECURITY]
+   1. embedded newlines are now filtered out of header values in header(). 
[email protected]@ -18,7 +192,7 @@
+   1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
+   2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599)
+ 
+-Version 3.48
++Version 3.48, Sep 25, 2009
+ 
+   [BUG FIXES]
+   1. <optgroup> default values are now properly escaped.
[email protected]@ -35,14 +209,15 @@
+   [INTERNALS]
+   1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
+ 
+-Version 3.47
+-  Released September 9th, 2009.
++Version 3.47,  Sep 9, 2009
++
+   No code changes. 
+ 
+   [INTERNALS]
+     Re-release of 3.46, which did not contain a proper MANIFEST
+ 
+ Version 3.46
++
+   [BUG FIXES]
+   1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and
+      and Mark Stosberg. (RT#42114).
[email protected]@ -66,7 +241,7 @@
+   11.Calling CGI->new() no longer clobbers the value of $_ in the current scope.
+      Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131)
+   12.UTF-8 params should not get double-decoded now.
+-     Thanks to Yves, Bodo, Burak Grsoy, and Michael Schout. (RT#19913)
++     Thanks to Yves, Bodo, Burak G�rsoy, and Michael Schout. (RT#19913)
+   13.We now give objects passed to CGI::Carp::die a chance to be stringified.
+      Thanks to teek and Yanick Champoux (RT#41530)
+   14.Turning off autoEscape() now only affects the behavior of built-in HTML
[email protected]@ -95,7 +270,8 @@
+   2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436)
+   3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo.
+ 
+-Version 3.45
++Version 3.45, Aug 14, 2009
++
+   [BUG FIXES]
+   1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables.
+      Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065)
[email protected]@ -113,7 +289,7 @@
+   8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu().
+      Thanks to Stuart Johnston (RT#30097)
+   9. CGI::Pretty now works properly when $" is set to ''. Thanks to Jim Keenan (RT#12401)
+- 10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak Grsoy (RT#19902)
++ 10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak G�rsoy (RT#19902)
+ 
+   [DOCUMENTATION]
+   1. Several typos were fixed, Thanks to ambs. (RT#41105)
[email protected]@ -134,41 +310,48 @@
+   4. CGI::Switch and CGI::Apache now properly set their VERSION in their own name space.
+      Thanks to Alexey Tourbin (RT#11941,RT#11942)
+ 
+-  Version 3.44
++Version 3.44, Jul 30, 2009
++
+   1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown.
+   2. Patch from Pavel merdin to fix a problem for one of the FireFox addons.
+   3. Fixed issue in mod_perl & fastCGI environment of cookies returned from
+      CGI->cookie() leaking from one session to another.
+ 
+-  Version 3.43
++Version 3.43, Apr 06, 2009
++
+   1. Documentation patch from [email protected] to replace all occurrences of
+   "new CGI" with CGI->new()" to reflect best perl practices.
+   2. Patch from Stepan Kasal to fix utf-8 related problems in perl 5.10
+ 
+-  Version 3.42
++Version 3.42, Sep 08, 2008
++
+   1. Added patch from Renee Baecker that makes it possible to subclass
+   CGI::Pretty.
+   2. Added patch from Nicholas Clark to allow ~ characters in temporary directories.
+   3. Added patch from Renee Baecker that fixes the inappropriate escaping of fields
+      in multipart headers.
+ 
+-  Version 3.41
++Version 3.41, Aug 25, 2008
++
+   1. Fix url() returning incorrect path when query string contains escaped newline.
+   2. Added additional windows temporary directories and environment variables, courtesy patch from Renee Baecker
+   3. Added a handle() method to the lightweight upload
+   filehandles. This method returns a real IO::Handle object.
+   4. Added patch from Tony Vanlingen to fix deep recursion warnings in CGI::Pretty.
+ 
+-  Version 3.40
++Version 3.40, Aug 06, 2008
++
+   1. Fixed CGI::Fast docs to eliminate references to a "special"
+   version of Perl.
+   2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly.
+   3. Fix script_name() call from Stephane Chazelas.
+ 
+-  Version 3.39
++Version 3.39, Jun 29, 2008
++
+   1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars.
+ 
+-  Version 3.38
++Version 3.38, Jun 25, 2008
++
+   1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551
+   2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377
+   3. popup_menu() allows multiple items to be selected by default, satisfying
[email protected]@ -179,56 +362,68 @@
+   6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435
+   7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294
+ 
+-  Version 3.37
++Version 3.37, Apr 22, 2008
++
+   1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761)
+   2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt
+      who reported and fixed the problem.
+ 
+-  Version 3.36
++Version 3.36
++
+   1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";".
+ 
+-  Version 3.35
++Version 3.35, Mar 27, 2008
++
+   1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames.
+ 
+-  Version 3.34
++Version 3.34, Mar 18, 2008
++
+   1. Handle Unicode %uXXXX  escapes properly -- patch from [email protected]
+   2. Fix url() method to not choke on path names that contain regex characters.
+ 
+-  Version 3.33
++Version 3.33, Jan 02, 2008
++
+   1. Remove uninit variable warning when calling url(-relative=>1)
+   2. Fix uninit variable warnings for two lc calls
+   3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10
+ 
+-  Version 3.32
++Version 3.32, Dec 27, 2007
++
+   1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0
+ 
+-  Version 3.31
++Version 3.31, Nov 30, 2007
++
+   1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code.
+   2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works.
+   3. Possibly fixed "wrapped pack" error on 5.10 and higher.
+ 
+-  Version 3.30
++Version 3.30 
++
+   1. Patch from Mike Barry to handle POSTDATA in the same way as PUT.
+   2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values.
+ 
+-  Version 3.29
++Version 3.29, Apr 16, 2007
++
+   1. The position of file handles is now reset to zero when CGI->new is called.
+     (Mark Stosberg)
+   2. uploadInfo() now works across multiple object instances. Also, the first
+      tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with
+      contributions from drfrench and Mark Stosberg).
+ 
+-  Version 3.28
++Version 3.28, Mar 29, 2007
++
+   1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant
+ 	(attribute/values can be separated by commas as well as semicolons).
+   2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly.
+   3. Fixed problem with url(-full) in which port number appears twice.
+ 
+-  Version 3.27
++Version 3.27, Feb 27, 2007
++
+   1. Applied patch from Steve Taylor that allows checkbox_groups to be
+   disabled with a new -disabled=> option.
+ 
+-  Version 3.26
++Version 3.26
++
+   1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
+   2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
+   3. Added "~" as an unreserved character in escape().
[email protected]@ -236,31 +431,37 @@
+   5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
+   6. Fixed bug in seconds calculation in CGI::Util::expire_calc.
+ 
+-  Version 3.25
++Version 3.25, Sep 28, 2006
++
+   1. Fixed the link to the Netscape frames page.
+   2. Added ability to specify an alternate stylesheet.
+   3. Add support for XForms POST submssion both as application/xml or as multipart/related
+ 
+-  Version 3.24
++Version 3.24
++
+   1. In startform(), if request_uri() returns undef, then falls back
+   to self_url(). This should rarely happen except when run outside of
+   the CGI environment.
+   2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.
+ 
+-  Version 3.23
++Version 3.23, Aug 23, 2006
++
+   1. Typo in upload() persisted, now fixed for real. Thanks to
+   Emanuele Zeppieri for correct patch and regression test.
+ 
+-  Version 3.22
++Version 3.22, Aug 23, 2006
++
+   1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).
+ 
+-  Version 3.21
++Version 3.21, Aug 21, 2006
++
+   1. Don't try to read data at all when POST > $POST_MAX.
+   2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
+   3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
+   4. Incorporated patch from [email protected] to support HTTPcookies (CPAN bug 21019).
+ 
+-  Version 3.20
++Version 3.20
++
+   1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl headers_out->add()
+ 	rather than headers_out->set().
+   2. Fixed problem identified by Andrei Voronkov in which start_form() output was screwed
[email protected]@ -268,7 +469,8 @@
+   3. Quashed uninitialized variable warnings coming from script_name(), url() and other
+         functions that require access to the PATH_INFO environment variable.
+ 
+-  Version 3.19
++Version 3.19
++
+   1. Added patch from Stephen Frost that allows one to suppress use of the temp file that is
+ 	created during uploads.
+   2. Fixed problem noted by Martin Foster in which regular expression meta-character terms
[email protected]@ -277,12 +479,14 @@
+   3. More fixes to the url() method.
+   4. Removed "hack to fix broken PATH_INFO in MSII".
+ 
+-  Version 3.18
++Version 3.18
++
+   1.  Doc typo fixes.
+   2.  Patch from Steve Peters to default the document type to match the charset.
+   3.  Fixed param() so that param(-name=>'foo',-values=>[]) sets the parameter to empty list.
+ 
+-  Version 3.17 Fri Feb 24 14:01:27 EST 2006
++Version 3.17, Feb 24, 2006
++
+    1. Added patch from Mike Hanafey which caused 0 arguments to CGI::Cookie->new() to
+ 	be treated as empty.
+    2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of CGI::Carp
[email protected]@ -291,7 +495,8 @@
+ 	with another's variables.
+    4. Fixed upload failure on files that contain semicolons in their names.
+ 
+-  Version 3.16 Wed Feb  8 13:29:11 EST 2006
++Version 3.16, Feb 8, 2006
++
+    1. header() -charset option now works even when the MIME type is not "text".
+    2. Fixed documentation for cookie() function and fastCGI.
+    3. Upload filehandles now only closed automatically on Windows systems.
[email protected]@ -302,16 +507,20 @@
+ 	but was "Moved".
+    7. Fixed charset in start_html() and header() to be in synch.
+ 
+-  Version 3.15 Wed Dec  7 15:13:22 EST 2005
++Version 3.15, Dec 7, 2005
++
+    1. Remove extraneous "?" from self_url() when URI contains a ? but no query string.
+ 
+-  Version 3.14 Tue Dec  6 17:12:03 EST 2005
++Version 3.14, Dec 6,  2005
++
+    1. Fixed broken scrolling_list() select attribute.
+ 
+-  Version 3.13
++Version 3.13, Dec 4, 2005
++
+     1. Removed extraneous empty "?" from end of self_url().
+ 
+-  Version 3.12
++Version 3.12, Dec 4, 2005
++
+     1. Fixed virtual_port so that it works properly with https protocol.
+     2. Fixed documentation for upload_hook().
+     3. Added POSTDATA documentation.
[email protected]@ -328,7 +537,8 @@
+     9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment.
+    10. Setting $CGI::TMPDIRECTORY should now be effective.
+ 
+-  Version 3.11
++Version 3.11, Aug 3, 2005
++
+     1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION
+     2. Fixed append() so that it works in function mode.
+     3. Workaround for a bug that appears in Apache2 versions through 2.0.54
[email protected]@ -338,21 +548,25 @@
+        not handle the uncommon case of a ScriptAlias directive that adds additional
+        path information to the end of the translated URI.
+ 
+-  Version 3.10
++Version 3.10, May 13, 2005
++
+     1. Added Apache2::RequestIO, which is necessary for mp2 interoperability.
+ 
+-  Version 3.09
++Version 3.09, May 5, 2005
++
+     1. Fixed tabindex="0" when using CGI to create forms without a prior start_html
+     2. Removed warning about non-numeric MOD_PERL_API_VERSION.
+ 
+-  Version 3.08
++Version 3.08, Apr 20, 2005
++
+     1. update support for mod_perl 2.0.  versions prior to
+        mod_perl 1.999_22 (2.0.0-RC5) are no longer supported.
+ 
+-  Version 3.07
++Version 3.07, Mar 14, 2005
++
+     1. Fixed typo in mod_perl detection.
+ 
+-  Version 3.06
++Version 3.06, Mar 09, 2005
+ 
+     1. Fixed bare call to script() in start_html
+     2. Moved Fh::DESTROY out of autoloaded functions so as to avoid
[email protected]@ -381,7 +595,7 @@
+ 	higher perls (fix courtesy Slaven Rezic).
+ 
+ 
+-  Version 3.05
++Version 3.05, Apr 12, 2004
+ 
+     1. Fixed uninitialized variable warning on start_form() when running
+        from command line.
[email protected]@ -414,23 +628,23 @@
+    15. Fixed documentation bug in -style argument to start_html()
+    16. Added -status argument to redirect().
+ 
+-  Version 3.04
++Version 3.04, Jan 18, 2004
+ 
+     1. Fixed the problem with mod_perl crashing when "defaults" button
+        pressed.
+ 
+-  Version 3.03
++Version 3.03, Jan 13, 2004
+ 
+     1. Fix upload hook functionality
+     2. Workaround for CGI->unescape_html()
+     3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe
+ 
+-  Version 3.02
++Version 3.02
+ 
+     1. Bring in Apache::Response just in case.
+     2. File upload on EBCDIC systems now works.
+ 
+-  Version 3.01
++Version 3.01, Dec 10, 2003
+ 
+     1. No fix yet for upload failures when running on EBCDIC server.
+     2. Fixed uninitialized glob warnings that appeared when file
[email protected]@ -453,7 +667,7 @@
+    12. Added virtual_port() method for finding out what port server is
+        listening on in a virtual-host aware fashion.
+ 
+-  Version 3.00
++Version 3.00, Aug 18, 2003
+ 
+     1. Patch from Randal Schwartz to fix bug introduced by cross-site
+        scripting vulnerability "fix."
[email protected]@ -607,7 +821,7 @@
+   Version 2.83
+ 
+     1. Fixed autoEscape() documentation inconsistencies.
+-    2. Patch from Ville Skytt to fix a number of XHTML inconsistencies.
++    2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies.
+     3. Added Max-Age to list of CGI::Cookie headers.
+ 
+   Version 2.82
[email protected]@ -1062,7 +1276,7 @@
+    21. Fixed warning in initialize_globals() under mod_perl.
+    22. File uploads from Macintosh versions of MSIE should now work.
+    23. Pragmas now preceded by dashes (-nph) rather than colons (:nph).
+-       Old style is supported for backward compatability.
++       Old style is supported for backward compatibility.
+    24. Can now pass arguments to all functions using {} brackets,
+        resolving historical inconsistencies.
+    25. Removed autoloader warnings about absent MultipartBuffer::DESTROY.
[email protected]@ -1294,7 +1508,7 @@
+ 
+     1. Added cookie() support routines.
+     2. Added -expires parameter to header().
+-    3. Added cgi-lib.pl compatability mode.
++    3. Added cgi-lib.pl compatibility mode.
+     4. Made the module more configurable for different operating systems.
+     5. Fixed a dumb bug in JavaScript button() method.
+ 
[email protected]@ -1424,7 +1638,7 @@
+ 
+     1. The user_agent() method is now documented;
+     2. A potential security hole in import() is now plugged.
+-    3. Changed name of import() to import_names() for compatability with
++    3. Changed name of import() to import_names() for compatibility with
+        CGI:: modules.
+ 
+   Bug fixes in version 1.53
+diff -Naur perl-5.12.4/cpan/CGI/lib/CGI/Carp.pm CGI.pm-3.59/cpan/CGI/lib/CGI/Carp.pm
+--- perl-5.12.4/cpan/CGI/lib/CGI/Carp.pm	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/lib/CGI/Carp.pm	2011-01-05 10:13:45.000000000 -0800
[email protected]@ -116,7 +116,7 @@
+ Nonfatal errors will still be directed to the log file only (unless redirected
+ with carpout).
+ 
+-Note that fatalsToBrowser does B<not> work with mod_perl version 2.0
++Note that fatalsToBrowser may B<not> work well with mod_perl version 2.0
+ and higher.
+ 
+ =head2 Changing the default message
[email protected]@ -183,6 +183,28 @@
+ this module's functionality, or this module may interfere with 
+ your module's functionality.
+ 
++=head2 SUPPRESSING PERL ERRORS APPEARING IN THE BROWSER WINDOW
++
++A problem sometimes encountered when using fatalsToBrowser is
++when a C<die()> is done inside an C<eval> body or expression.
++Even though the
++fatalsToBrower support takes precautions to avoid this,
++you still may get the error message printed to STDOUT.
++This may have some undesireable effects when the purpose of doing the
++eval is to determine which of several algorithms is to be used.
++
++By setting C<$CGI::Carp::TO_BROWSER> to 0 you can suppress printing the C<die> messages
++but without all of the complexity of using C<set_die_handler>.
++You can localize this effect to inside C<eval> bodies if this is desireable:
++For example:
++
++ eval {
++   local $CGI::Carp::TO_BROWSER = 0;
++   die "Fatal error messages not sent browser"
++ }
++ # [email protected] will contain error message
++
++
+ =head1 MAKING WARNINGS APPEAR AS HTML COMMENTS
+ 
+ It is now also possible to make non-fatal errors appear as HTML
[email protected]@ -245,6 +267,8 @@
+   
+ =head1 CHANGE LOG
+ 
++3.51 Added $CGI::Carp::TO_BROWSER
++
+ 1.29 Patch from Peter Whaite to fix the unfixable problem of CGI::Carp
+      not behaving correctly in an eval() context.
+ 
[email protected]@ -321,9 +345,10 @@
+ 
+ $main::SIG{__WARN__}=\&CGI::Carp::warn;
+ 
+-$CGI::Carp::VERSION     = '3.45';
++$CGI::Carp::VERSION     = '3.51';
+ $CGI::Carp::CUSTOM_MSG  = undef;
+ $CGI::Carp::DIE_HANDLER = undef;
++$CGI::Carp::TO_BROWSER  = 1;
+ 
+ 
+ # fancy import routine detects and handles 'errorWrap' specially.
[email protected]@ -421,23 +446,27 @@
+ }
+ 
+ sub die {
+-  my ($arg,@rest) = @_;
++    # if no argument is passed, propagate [email protected] like
++    # the real die
++  my ($arg,@rest) = @_ ? @_ 
++                  : [email protected] ? "[email protected]\t...propagated" 
++                  :      "Died"
++                  ;
+ 
+   &$DIE_HANDLER($arg,@rest) if $DIE_HANDLER;
+ 
++  # the "$arg" is done on purpose!
+   # if called as die( $object, 'string' ),
+   # all is stringified, just like with
+   # the real 'die'
+   $arg = join '' => "$arg", @rest if @rest;
+ 
+-  $arg ||= 'Died';
+-
+   my($file,$line,$id) = id(1);
+ 
+   $arg .= " at $file line $line.\n" unless ref $arg or $arg=~/\n$/;
+ 
+   realdie $arg           if ineval();
+-  &fatalsToBrowser($arg) if $WRAP;
++  &fatalsToBrowser($arg) if ($WRAP and $CGI::Carp::TO_BROWSER);
+ 
+   $arg=~s/^/ stamp() /gme if $arg =~ /\n$/ or not exists $ENV{MOD_PERL};
+ 
+diff -Naur perl-5.12.4/cpan/CGI/lib/CGI/Cookie.pm CGI.pm-3.59/cpan/CGI/lib/CGI/Cookie.pm
+--- perl-5.12.4/cpan/CGI/lib/CGI/Cookie.pm	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/lib/CGI/Cookie.pm	2011-01-05 10:14:15.000000000 -0800
[email protected]@ -12,23 +12,20 @@
+ 
+ # Copyright 1995-1999, Lincoln D. Stein.  All rights reserved.
+ # It may be used and modified freely, but I do request that this copyright
+-# notice remain attached to the file.  You may modify this module as you 
++# notice remain attached to the file.  You may modify this module as you
+ # wish, but if you redistribute a modified version, please attach a note
+ # listing the modifications you have made.
+ 
+-$CGI::Cookie::VERSION='1.29';
++our $VERSION='1.30';
+ 
+ use CGI::Util qw(rearrange unescape escape);
+-use CGI;
+-use overload '""' => \&as_string,
+-    'cmp' => \&compare,
+-    'fallback'=>1;
++use overload '""' => \&as_string, 'cmp' => \&compare, 'fallback' => 1;
+ 
+ my $PERLEX = 0;
+ # Turn on special checking for ActiveState's PerlEx
+ $PERLEX++ if defined($ENV{'GATEWAY_INTERFACE'}) && $ENV{'GATEWAY_INTERFACE'} =~ /^CGI-PerlEx/;
+ 
+-# Turn on special checking for Doug MacEachern's modperl
++# Turn on special checking for mod_perl
+ # PerlEx::DBI tries to fool DBI by setting MOD_PERL
+ my $MOD_PERL = 0;
+ if (exists $ENV{MOD_PERL} && ! $PERLEX) {
[email protected]@ -60,20 +57,14 @@
+    my($key,$value);
+    
+    my @pairs = split("[;,] ?",$raw_cookie);
+-   foreach (@pairs) {
+-     s/\s*(.*?)\s*/$1/;
+-     if (/^([^=]+)=(.*)/) {
+-       $key = $1;
+-       $value = $2;
+-     }
+-     else {
+-       $key = $_;
+-       $value = '';
+-     }
+-     $results{$key} = $value;
+-   }
+-   return \%results unless wantarray;
+-   return %results;
++  for my $pair ( @pairs ) {
++    $pair =~ s/^\s+|\s+$//g;    # trim leading trailing whitespace
++    my ( $key, $value ) = split "=", $pair;
++
++    $value = defined $value ? $value : '';
++    $results{$key} = $value;
++  }
++  return wantarray ? %results : \%results;
+ }
+ 
+ sub get_raw_cookie {
[email protected]@ -93,11 +84,15 @@
+ 
+ sub parse {
+   my ($self,$raw_cookie) = @_;
++  return wantarray ? () : {} unless $raw_cookie;
++
+   my %results;
+ 
+   my @pairs = split("[;,] ?",$raw_cookie);
+-  foreach (@pairs) {
+-    s/\s*(.*?)\s*/$1/;
++  for (@pairs) {
++    s/^\s+//;
++    s/\s+$//;
++
+     my($key,$value) = split("=",$_,2);
+ 
+     # Some foreign cookies are not in name=value format, so ignore
[email protected]@ -113,49 +108,37 @@
+     # appear.  The FIRST one in HTTP_COOKIE is the most recent version.
+     $results{$key} ||= $self->new(-name=>$key,-value=>\@values);
+   }
+-  return \%results unless wantarray;
+-  return %results;
++  return wantarray ? %results : \%results;
+ }
+ 
+ sub new {
+-  my $class = shift;
+-  $class = ref($class) if ref($class);
+-  # Ignore mod_perl request object--compatability with Apache::Cookie.
+-  shift if ref $_[0]
+-        && eval { $_[0]->isa('Apache::Request::Req') || $_[0]->isa('Apache') };
+-  my($name,$value,$path,$domain,$secure,$expires,$httponly) =
+-    rearrange([ 'NAME', ['VALUE','VALUES'], qw/ PATH DOMAIN SECURE EXPIRES
+-        HTTPONLY / ], @_);
+-  
+-  # Pull out our parameters.
+-  my @values;
+-  if (ref($value)) {
+-    if (ref($value) eq 'ARRAY') {
+-      @values = @$value;
+-    } elsif (ref($value) eq 'HASH') {
+-      @values = %$value;
+-    }
+-  } else {
+-    @values = ($value);
+-  }
+-  
+-  bless my $self = {
+-		    'name'=>$name,
+-		    'value'=>[@values],
+-		   },$class;
+-
+-  # IE requires the path and domain to be present for some reason.
+-  $path   ||= "/";
+-  # however, this breaks networks which use host tables without fully qualified
+-  # names, so we comment it out.
+-  #    $domain = CGI::virtual_host()    unless defined $domain;
+-
+-  $self->path($path)     if defined $path;
+-  $self->domain($domain) if defined $domain;
+-  $self->secure($secure) if defined $secure;
+-  $self->expires($expires) if defined $expires;
+-  $self->httponly($httponly) if defined $httponly;
+-#  $self->max_age($expires) if defined $expires;
++  my ( $class, @params ) = @_;
++  $class = ref( $class ) || $class;
++  # Ignore mod_perl request object--compatibility with Apache::Cookie.
++  shift if ref $params[0]
++        && eval { $params[0]->isa('Apache::Request::Req') || $params[0]->isa('Apache') };
++  my ( $name, $value, $path, $domain, $secure, $expires, $max_age, $httponly )
++   = rearrange(
++    [
++      'NAME', [ 'VALUE', 'VALUES' ],
++      'PATH',   'DOMAIN',
++      'SECURE', 'EXPIRES',
++      'MAX-AGE','HTTPONLY'
++    ],
++    @params
++   );
++  return undef unless defined $name and defined $value;
++  my $self = {};
++  bless $self, $class;
++  $self->name( $name );
++  $self->value( $value );
++  $path ||= "/";
++  $self->path( $path )         if defined $path;
++  $self->domain( $domain )     if defined $domain;
++  $self->secure( $secure )     if defined $secure;
++  $self->expires( $expires )   if defined $expires;
++  $self->max_age($expires)     if defined $max_age;
++  $self->httponly( $httponly ) if defined $httponly;
+   return $self;
+ }
+ 
[email protected]@ -163,23 +146,24 @@
+     my $self = shift;
+     return "" unless $self->name;
+ 
+-    my(@constant_values,$domain,$path,$expires,$max_age,$secure,$httponly);
++    no warnings; # some things may be undefined, that's OK.
++
++    my $name  = escape( $self->name );
++    my $value = join "&", map { escape($_) } $self->value;
++    my @cookie = ( "$name=$value" );
++
++    push @cookie,"domain=".$self->domain   if $self->domain;
++    push @cookie,"path=".$self->path       if $self->path;
++    push @cookie,"expires=".$self->expires if $self->expires;
++    push @cookie,"max-age=".$self->max_age if $self->max_age;
++    push @cookie,"secure"                  if $self->secure;
++    push @cookie,"HttpOnly"                if $self->httponly;
+ 
+-    push(@constant_values,"domain=$domain")   if $domain = $self->domain;
+-    push(@constant_values,"path=$path")       if $path = $self->path;
+-    push(@constant_values,"expires=$expires") if $expires = $self->expires;
+-    push(@constant_values,"max-age=$max_age") if $max_age = $self->max_age;
+-    push(@constant_values,"secure") if $secure = $self->secure;
+-    push(@constant_values,"HttpOnly") if $httponly = $self->httponly;
+-
+-    my($key) = escape($self->name);
+-    my($cookie) = join("=",(defined $key ? $key : ''),join("&",map escape(defined $_ ? $_ : ''),$self->value));
+-    return join("; ",$cookie,@constant_values);
++    return join "; ", @cookie;
+ }
+ 
+ sub compare {
+-    my $self = shift;
+-    my $value = shift;
++    my ( $self, $value ) = @_;
+     return "$self" cmp $value;
+ }
+ 
[email protected]@ -194,6 +178,7 @@
+   if ($r) {
+       $r->headers_out->add('Set-Cookie' => $self->as_string);
+   } else {
++      require CGI;
+       print CGI::header(-cookie => $self);
+   }
+ 
[email protected]@ -201,70 +186,56 @@
+ 
+ # accessors
+ sub name {
+-    my $self = shift;
+-    my $name = shift;
++    my ( $self, $name ) = @_;
+     $self->{'name'} = $name if defined $name;
+     return $self->{'name'};
+ }
+ 
+ sub value {
+-    my $self = shift;
+-    my $value = shift;
+-      if (defined $value) {
+-              my @values;
+-        if (ref($value)) {
+-            if (ref($value) eq 'ARRAY') {
+-                @values = @$value;
+-            } elsif (ref($value) eq 'HASH') {
+-                @values = %$value;
+-            }
+-        } else {
+-            @values = ($value);
+-        }
+-      $self->{'value'} = [@values];
+-      }
+-    return wantarray ? @{$self->{'value'}} : $self->{'value'}->[0]
++  my ( $self, $value ) = @_;
++  if ( defined $value ) {
++    my @values
++     = ref $value eq 'ARRAY' ? @$value
++     : ref $value eq 'HASH'  ? %$value
++     :                         ( $value );
++    $self->{'value'} = [@values];
++  }
++  return wantarray ? @{ $self->{'value'} } : $self->{'value'}->[0];
+ }
+ 
+ sub domain {
+-    my $self = shift;
+-    my $domain = shift;
++    my ( $self, $domain ) = @_;
+     $self->{'domain'} = lc $domain if defined $domain;
+     return $self->{'domain'};
+ }
+ 
+ sub secure {
+-    my $self = shift;
+-    my $secure = shift;
++    my ( $self, $secure ) = @_;
+     $self->{'secure'} = $secure if defined $secure;
+     return $self->{'secure'};
+ }
+ 
+ sub expires {
+-    my $self = shift;
+-    my $expires = shift;
++    my ( $self, $expires ) = @_;
+     $self->{'expires'} = CGI::Util::expires($expires,'cookie') if defined $expires;
+     return $self->{'expires'};
+ }
+ 
+ sub max_age {
+-  my $self = shift;
+-  my $expires = shift;
+-  $self->{'max-age'} = CGI::Util::expire_calc($expires)-time() if defined $expires;
+-  return $self->{'max-age'};
++    my ( $self, $max_age ) = @_;
++    $self->{'max-age'} = CGI::Util::expire_calc($max_age)-time() if defined $max_age;
++    return $self->{'max-age'};
+ }
+ 
+ sub path {
+-    my $self = shift;
+-    my $path = shift;
++    my ( $self, $path ) = @_;
+     $self->{'path'} = $path if defined $path;
+     return $self->{'path'};
+ }
+ 
+ 
+ sub httponly { # HttpOnly
+-    my $self     = shift;
+-    my $httponly = shift;
++    my ( $self, $httponly ) = @_;
+     $self->{'httponly'} = $httponly if defined $httponly;
+     return $self->{'httponly'};
+ }
[email protected]@ -273,7 +244,7 @@
+ 
+ =head1 NAME
+ 
+-CGI::Cookie - Interface to Netscape Cookies
++CGI::Cookie - Interface to HTTP Cookies
+ 
+ =head1 SYNOPSIS
+ 
[email protected]@ -281,23 +252,23 @@
+     use CGI::Cookie;
+ 
+     # Create new cookies and send them
+-    $cookie1 = new CGI::Cookie(-name=>'ID',-value=>123456);
+-    $cookie2 = new CGI::Cookie(-name=>'preferences',
++    $cookie1 = CGI::Cookie->new(-name=>'ID',-value=>123456);
++    $cookie2 = CGI::Cookie->new(-name=>'preferences',
+                                -value=>{ font => Helvetica,
+                                          size => 12 } 
+                                );
+     print header(-cookie=>[$cookie1,$cookie2]);
+ 
+     # fetch existing cookies
+-    %cookies = fetch CGI::Cookie;
++    %cookies = CGI::Cookie->fetch;
+     $id = $cookies{'ID'}->value;
+ 
+     # create cookies returned from an external source
+-    %cookies = parse CGI::Cookie($ENV{COOKIE});
++    %cookies = CGI::Cookie->parse($ENV{COOKIE});
+ 
+ =head1 DESCRIPTION
+ 
+-CGI::Cookie is an interface to Netscape (HTTP/1.1) cookies, an
++CGI::Cookie is an interface to HTTP/1.1 cookies, an
+ innovation that allows Web servers to store persistent information on
+ the browser's side of the connection.  Although CGI::Cookie is
+ intended to be used in conjunction with CGI.pm (and is in fact used by
[email protected]@ -305,7 +276,9 @@
+ 
+ For full information on cookies see 
+ 
+-	http://www.ics.uci.edu/pub/ietf/http/rfc2109.txt
++	http://tools.ietf.org/html/rfc2109
++	http://tools.ietf.org/html/rfc2965
++	http://tools.ietf.org/html/draft-ietf-httpstate-cookie
+ 
+ =head1 USING CGI::Cookie
+ 
[email protected]@ -332,7 +305,7 @@
+ This is a partial or complete domain name for which the cookie is 
+ valid.  The browser will return the cookie to any host that matches
+ the partial domain name.  For example, if you specify a domain name
+-of ".capricorn.com", then Netscape will return the cookie to
++of ".capricorn.com", then the browser will return the cookie to
+ Web servers running on any of the machines "www.capricorn.com", 
+ "ftp.capricorn.com", "feckless.capricorn.com", etc.  Domain names
+ must contain at least two periods to prevent attempts to match
[email protected]@ -355,24 +328,25 @@
+ If the "secure" attribute is set, the cookie will only be sent to your
+ script if the CGI request is occurring on a secure channel, such as SSL.
+ 
+-=item B<4. httponly flag>
++=item B<5. httponly flag>
+ 
+ If the "httponly" attribute is set, the cookie will only be accessible
+ through HTTP Requests. This cookie will be inaccessible via JavaScript
+ (to prevent XSS attacks).
+ 
+-But, currently this feature only used and recognised by 
+-MS Internet Explorer 6 Service Pack 1 and later.
++This feature is only supported by recent browsers like Internet Explorer
++6 Service Pack 1, Firefox 3.0 and Opera 9.5 (and later of course).
+ 
+-See this URL for more information:
++See these URLs for more information:
+ 
+-L<http://msdn.microsoft.com/en-us/library/ms533046%28VS.85%29.aspx>
++	http://msdn.microsoft.com/en-us/library/ms533046.aspx
++	http://www.owasp.org/index.php/HTTPOnly#Browsers_Supporting_HTTPOnly
+ 
+ =back
+ 
+ =head2 Creating New Cookies
+ 
+-	my $c = new CGI::Cookie(-name    =>  'foo',
++	my $c = CGI::Cookie->new(-name    =>  'foo',
+                              -value   =>  'bar',
+                              -expires =>  '+3M',
+                              -domain  =>  '.capricorn.com',
[email protected]@ -390,6 +364,14 @@
+ recognized by CGI.pm, for example "+3M" for three months in the
+ future.  See CGI.pm's documentation for details.
+ 
++B<-max-age> accepts the same data formats as B<< -expires >>, but sets a
++relative value instead of an absolute like B<< -expires >>. This is intended to be
++more secure since a clock could be changed to fake an absolute time. In
++practice, as of 2011, C<< -max-age >> still does not enjoy the widespread support
++that C<< -expires >> has. You can set both, and browsers that support
++C<< -max-age >> should ignore the C<< Expires >> header. The drawback
++to this approach is the bit of bandwidth for sending an extra header on each cookie.
++
+ B<-domain> points to a domain name or to a fully qualified host name.
+ If not specified, the cookie will be returned only to the Web server
+ that created it.
[email protected]@ -409,7 +391,7 @@
+ a mod_perl request object as the first argument to C<new()>. It will
+ simply be ignored:
+ 
+-  my $c = new CGI::Cookie($r,
++  my $c = CGI::Cookie->new($r,
+                           -name    =>  'foo',
+                           -value   =>  ['bar','baz']);
+ 
[email protected]@ -420,6 +402,10 @@
+ 
+   $c->bake;
+ 
++This will print the Set-Cookie HTTP header to STDOUT using CGI.pm. CGI.pm
++will be loaded for this purpose if it is not already. Otherwise CGI.pm is not
++required or used by this module.
++
+ Under mod_perl, pass in an Apache request object:
+ 
+   $c->bake($r);
[email protected]@ -428,7 +414,7 @@
+ a cookie to the browser by creating one or more Set-Cookie: fields in the
+ HTTP header.  Here is a typical sequence:
+ 
+-  my $c = new CGI::Cookie(-name    =>  'foo',
++  my $c = CGI::Cookie->new(-name    =>  'foo',
+                           -value   =>  ['bar','baz'],
+                           -expires =>  '+3M');
+ 
[email protected]@ -456,14 +442,14 @@
+ 
+ =head2 Recovering Previous Cookies
+ 
+-	%cookies = fetch CGI::Cookie;
++	%cookies = CGI::Cookie->fetch;
+ 
+ B<fetch> returns an associative array consisting of all cookies
+ returned by the browser.  The keys of the array are the cookie names.  You
+ can iterate through the cookies this way:
+ 
+-	%cookies = fetch CGI::Cookie;
+-	foreach (keys %cookies) {
++	%cookies = CGI::Cookie->fetch;
++	for (keys %cookies) {
+ 	   do_something($cookies{$_});
+         }
+ 
[email protected]@ -479,13 +465,16 @@
+ form using the parse() class method:
+ 
+        $COOKIES = `cat /usr/tmp/Cookie_stash`;
+-       %cookies = parse CGI::Cookie($COOKIES);
++       %cookies = CGI::Cookie->parse($COOKIES);
+ 
+ If you are in a mod_perl environment, you can save some overhead by
+ passing the request object to fetch() like this:
+ 
+    CGI::Cookie->fetch($r);
+ 
++If the value passed to parse() is undefined, an empty array will returned in list
++contact, and an empty hashref will be returned in scalar context.
++
+ =head2 Manipulating Cookies
+ 
+ Cookie objects have a series of accessor methods to get and set cookie
[email protected]@ -546,4 +535,6 @@
+ 
+ L<CGI::Carp>, L<CGI>
+ 
++L<RFC 2109|http://www.ietf.org/rfc/rfc2109.txt>, L<RFC 2695|http://www.ietf.org/rfc/rfc2965.txt>
++
+ =cut
+diff -Naur perl-5.12.4/cpan/CGI/lib/CGI/Fast.pm CGI.pm-3.59/cpan/CGI/lib/CGI/Fast.pm
+--- perl-5.12.4/cpan/CGI/lib/CGI/Fast.pm	2011-06-01 00:47:46.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/lib/CGI/Fast.pm	2011-11-09 07:49:15.000000000 -0800
[email protected]@ -19,7 +19,7 @@
+ # wish, but if you redistribute a modified version, please attach a note
+ # listing the modifications you have made.
+ 
+-$CGI::Fast::VERSION='1.08';
++$CGI::Fast::VERSION='1.09';
+ 
+ use CGI;
+ use FCGI;
[email protected]@ -43,27 +43,23 @@
+ # in this package variable.
+ use vars qw($Ext_Request);
+ BEGIN {
+-   # If ENV{FCGI_SOCKET_PATH} is given, explicitly open the socket,
+-   # and keep the request handle around from which to call Accept().
+-   if ($ENV{FCGI_SOCKET_PATH}) {
+-	my $path    = $ENV{FCGI_SOCKET_PATH};
+-	my $backlog = $ENV{FCGI_LISTEN_QUEUE} || 100;
+-	my $socket  = FCGI::OpenSocket( $path, $backlog );
+-	$Ext_Request = FCGI::Request( \*STDIN, \*STDOUT, \*STDERR,
+-					\%ENV, $socket, 1 );
+-   }
++    # If ENV{FCGI_SOCKET_PATH} is given, explicitly open the socket.
++    if ($ENV{FCGI_SOCKET_PATH}) {
++        my $path    = $ENV{FCGI_SOCKET_PATH};
++        my $backlog = $ENV{FCGI_LISTEN_QUEUE} || 100;
++        my $socket  = FCGI::OpenSocket( $path, $backlog );
++        $Ext_Request = FCGI::Request( \*STDIN, \*STDOUT, \*STDERR,
++                    \%ENV, $socket, 1 );
++    }
++    else {
++        $Ext_Request = FCGI::Request();
++    }
+ }
+ 
+-# New is slightly different in that it calls FCGI's
+-# accept() method.
+ sub new {
+      my ($self, $initializer, @param) = @_;
+      unless (defined $initializer) {
+-	if ($Ext_Request) {
+-          return undef unless $Ext_Request->Accept() >= 0;
+-	} else {
+-         return undef unless FCGI::accept() >= 0;
+-     }
++         return undef unless $Ext_Request->Accept() >= 0;
+      }
+      CGI->_reset_globals;
+      $self->_setup_symbols(@CGI::SAVED_SYMBOLS) if @CGI::SAVED_SYMBOLS;
+diff -Naur perl-5.12.4/cpan/CGI/lib/CGI/Pretty.pm CGI.pm-3.59/cpan/CGI/lib/CGI/Pretty.pm
+--- perl-5.12.4/cpan/CGI/lib/CGI/Pretty.pm	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/lib/CGI/Pretty.pm	2011-01-05 10:13:45.000000000 -0800
[email protected]@ -252,7 +252,7 @@
+ =head2 Recommendation for when to use CGI::Pretty
+ 
+ CGI::Pretty is far slower than using CGI.pm directly. A benchmark showed that
+-it could be about 10 times slower. Adding newslines and spaces may alter the
++it could be about 10 times slower. Adding newlines and spaces may alter the
+ rendered appearance of HTML. Also, the extra newlines and spaces also make the
+ file size larger, making the files take longer to download.
+ 
+diff -Naur perl-5.12.4/cpan/CGI/lib/CGI/Push.pm CGI.pm-3.59/cpan/CGI/lib/CGI/Push.pm
+--- perl-5.12.4/cpan/CGI/lib/CGI/Push.pm	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/lib/CGI/Push.pm	2011-01-05 10:13:45.000000000 -0800
[email protected]@ -16,7 +16,7 @@
+ # The most recent version and complete docs are available at:
+ #   http://stein.cshl.org/WWW/software/CGI/
+ 
+-$CGI::Push::VERSION='1.04';
++$CGI::Push::VERSION='1.05';
+ use CGI;
+ use CGI::Util 'rearrange';
+ @ISA = ('CGI');
[email protected]@ -214,7 +214,7 @@
+ 
+ This optional parameter indicates the content type of each page.  It
+ defaults to "text/html".  Normally the module assumes that each page
+-is of a homogenous MIME type.  However if you provide either of the
++is of a homogeneous MIME type.  However if you provide either of the
+ magic values "heterogeneous" or "dynamic" (the latter provided for the
+ convenience of those who hate long parameter names), you can specify
+ the MIME type -- and other header fields -- on a per-page basis.  See 
+diff -Naur perl-5.12.4/cpan/CGI/lib/CGI/Util.pm CGI.pm-3.59/cpan/CGI/lib/CGI/Util.pm
+--- perl-5.12.4/cpan/CGI/lib/CGI/Util.pm	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/lib/CGI/Util.pm	2011-04-28 07:34:54.000000000 -0700
[email protected]@ -1,17 +1,17 @@
+ package CGI::Util;
+-
++require 5.008001;
+ use strict;
+-use vars qw($VERSION @EXPORT_OK @ISA $EBCDIC @A2E @E2A);
+ require Exporter;
[email protected] = qw(Exporter);
[email protected]_OK = qw(rearrange rearrange_header make_attributes unescape escape 
++our @ISA = qw(Exporter);
++our @EXPORT_OK = qw(rearrange rearrange_header make_attributes unescape escape 
+ 		expires ebcdic2ascii ascii2ebcdic);
+ 
+-$VERSION = '3.48';
++our $VERSION = '3.53';
++
++use constant EBCDIC => "\t" ne "\011";
+ 
+-$EBCDIC = "\t" ne "\011";
+ # (ord('^') == 95) for codepage 1047 as on os390, vmesa
[email protected] = (
++our @A2E = (
+    0,  1,  2,  3, 55, 45, 46, 47, 22,  5, 21, 11, 12, 13, 14, 15,
+   16, 17, 18, 19, 60, 61, 50, 38, 24, 25, 63, 39, 28, 29, 30, 31,
+   64, 90,127,123, 91,108, 80,125, 77, 93, 92, 78,107, 96, 75, 97,
[email protected]@ -29,7 +29,7 @@
+   68, 69, 66, 70, 67, 71,156, 72, 84, 81, 82, 83, 88, 85, 86, 87,
+  140, 73,205,206,203,207,204,225,112,221,222,219,220,141,142,223
+ 	 );
[email protected] = (
++our @E2A = (
+    0,  1,  2,  3,156,  9,134,127,151,141,142, 11, 12, 13, 14, 15,
+   16, 17, 18, 19,157, 10,  8,135, 24, 25,146,143, 28, 29, 30, 31,
+  128,129,130,131,132,133, 23, 27,136,137,138,139,140,  5,  6,  7,
[email protected]@ -48,7 +48,7 @@
+   48, 49, 50, 51, 52, 53, 54, 55, 56, 57,179,219,220,217,218,159
+ 	 );
+ 
+-if ($EBCDIC && ord('^') == 106) { # as in the BS2000 posix-bc coded character set
++if (EBCDIC && ord('^') == 106) { # as in the BS2000 posix-bc coded character set
+      $A2E[91] = 187;   $A2E[92] = 188;  $A2E[94] = 106;  $A2E[96] = 74;
+      $A2E[123] = 251;  $A2E[125] = 253; $A2E[126] = 255; $A2E[159] = 95;
+      $A2E[162] = 176;  $A2E[166] = 208; $A2E[168] = 121; $A2E[172] = 186;
[email protected]@ -61,7 +61,7 @@
+      $E2A[221] = 219; $E2A[224] = 217; $E2A[251] = 123; $E2A[253] = 125;
+      $E2A[255] = 126;
+    }
+-elsif ($EBCDIC && ord('^') == 176) { # as in codepage 037 on os400
++elsif (EBCDIC && ord('^') == 176) { # as in codepage 037 on os400
+   $A2E[10] = 37;  $A2E[91] = 186;  $A2E[93] = 187; $A2E[94] = 176;
+   $A2E[133] = 21; $A2E[168] = 189; $A2E[172] = 95; $A2E[221] = 173;
+ 
[email protected]@ -161,47 +161,10 @@
+ }
+ 
+ sub utf8_chr {
+-        my $c = shift(@_);
+-	if ($] >= 5.006){
+-	    require utf8;
+-	    my $u = chr($c);
+-	    utf8::encode($u); # drop utf8 flag
+-	    return $u;
+-	}
+-        if ($c < 0x80) {
+-                return sprintf("%c", $c);
+-        } elsif ($c < 0x800) {
+-                return sprintf("%c%c", 0xc0 | ($c >> 6), 0x80 | ($c & 0x3f));
+-        } elsif ($c < 0x10000) {
+-                return sprintf("%c%c%c",
+-                                           0xe0 |  ($c >> 12),
+-                                           0x80 | (($c >>  6) & 0x3f),
+-                                           0x80 | ( $c          & 0x3f));
+-        } elsif ($c < 0x200000) {
+-                return sprintf("%c%c%c%c",
+-                                           0xf0 |  ($c >> 18),
+-                                           0x80 | (($c >> 12) & 0x3f),
+-                                           0x80 | (($c >>  6) & 0x3f),
+-                                           0x80 | ( $c          & 0x3f));
+-        } elsif ($c < 0x4000000) {
+-                return sprintf("%c%c%c%c%c",
+-                                           0xf8 |  ($c >> 24),
+-                                           0x80 | (($c >> 18) & 0x3f),
+-                                           0x80 | (($c >> 12) & 0x3f),
+-                                           0x80 | (($c >>  6) & 0x3f),
+-                                           0x80 | ( $c          & 0x3f));
+-
+-        } elsif ($c < 0x80000000) {
+-                return sprintf("%c%c%c%c%c%c",
+-                                           0xfc |  ($c >> 30),
+-                                           0x80 | (($c >> 24) & 0x3f),
+-                                           0x80 | (($c >> 18) & 0x3f),
+-                                           0x80 | (($c >> 12) & 0x3f),
+-                                           0x80 | (($c >> 6)  & 0x3f),
+-                                           0x80 | ( $c          & 0x3f));
+-        } else {
+-                return utf8_chr(0xfffd);
+-        }
++    my $c = shift(@_);
++    my $u = chr($c);
++    utf8::encode($u); # drop utf8 flag
++    return $u;
+ }
+ 
+ # unescape URL-encoded data
[email protected]@ -210,10 +173,10 @@
+   my $todecode = shift;
+   return undef unless defined($todecode);
+   $todecode =~ tr/+/ /;       # pluses become spaces
+-    if ($EBCDIC) {
++    if (EBCDIC) {
+       $todecode =~ s/%([0-9a-fA-F]{2})/chr $A2E[hex($1)]/ge;
+     } else {
+-	# handle surrogate pairs first -- dankogai
++	# handle surrogate pairs first -- dankogai. Ref: http://unicode.org/faq/utf_bom.html#utf16-2
+ 	$todecode =~ s{
+ 			%u([Dd][89a-bA-B][0-9a-fA-F]{2}) # hi
+ 		        %u([Dd][c-fC-F][0-9a-fA-F]{2})   # lo
[email protected]@ -235,7 +198,7 @@
+ # We cannot use the %u escapes, they were rejected by W3C, so the official
+ # way is %XX-escaped utf-8 encoding.
+ # Naturally, Unicode strings have to be converted to their utf-8 byte
+-# representation.  (No action is required on 5.6.)
++# representation. 
+ # Byte strings were traditionally used directly as a sequence of octets.
+ # This worked if they actually represented binary data (i.e. in CGI::Compress).
+ # This also worked if these byte strings were actually utf-8 encoded; e.g.,
[email protected]@ -244,39 +207,14 @@
+ # was always so and cannot be fixed without breaking the binary data case.
+ # -- Stepan Kasal <[email protected]>
+ #
+-if ($] == 5.008) {
+-   package utf8;
+-
+-   no warnings 'redefine'; # needed for Perl 5.8.1+
+-
+-   my $is_utf8_redefinition = <<'EOR';
+-      sub is_utf8 {
+-         my ($text) = @_;
+-
+-         my $ctext = pack q{C0a*}, $text;
+-
+-         return ($text ne $ctext) && ($ctext =~ m/^(
+-          [\x09\x0A\x0D\x20-\x7E]
+-          | [\xC2-\xDF][\x80-\xBF]
+-          | \xE0[\xA0-\xBF][\x80-\xBF]
+-          | [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}
+-          | \xED[\x80-\x9F][\x80-\xBF]
+-          | \xF0[\x90-\xBF][\x80-\xBF]{2}
+-          | [\xF1-\xF3][\x80-\xBF]{3}
+-          | \xF4[\x80-\x8F][\x80-\xBF]{2}
+-          )*$/xo);
+-      }
+-EOR
+-
+-   eval $is_utf8_redefinition;
+-}
+ 
+ sub escape {
++  # If we being called in an OO-context, discard the first argument.
+   shift() if @_ > 1 and ( ref($_[0]) || (defined $_[1] && $_[0] eq $CGI::DefaultClass));
+   my $toencode = shift;
+   return undef unless defined($toencode);
+-  utf8::encode($toencode) if ($] >= 5.008 && utf8::is_utf8($toencode));
+-    if ($EBCDIC) {
++  utf8::encode($toencode) if utf8::is_utf8($toencode);
++    if (EBCDIC) {
+       $toencode=~s/([^a-zA-Z0-9_.~-])/uc sprintf("%%%02x",$E2A[ord($1)])/eg;
+     } else {
+       $toencode=~s/([^a-zA-Z0-9_.~-])/uc sprintf("%%%02x",ord($1))/eg;
[email protected]@ -340,7 +278,8 @@
+     } else {
+       return $time;
+     }
+-    return (time+$offset);
++    my $cur_time = time; 
++    return ($cur_time+$offset);
+ }
+ 
+ sub ebcdic2ascii {
[email protected]@ -373,7 +312,7 @@
+ 
+ =head1 AUTHOR INFORMATION
+ 
+-Copyright 1995-1998, Lincoln D. Stein.  All rights reserved.  
++Copyright 1995-1998, Lincoln D. Stein.  All rights reserved.
+ 
+ This library is free software; you can redistribute it and/or modify
+ it under the same terms as Perl itself.
[email protected]@ -383,7 +322,7 @@
+ Perl, the name and version of your Web server, and the name and
+ version of the operating system you are using.  If the problem is even
+ remotely browser dependent, please provide information about the
+-affected browers as well.
++affected browsers as well.
+ 
+ =head1 SEE ALSO
+ 
+diff -Naur perl-5.12.4/cpan/CGI/lib/CGI.pm CGI.pm-3.59/cpan/CGI/lib/CGI.pm
+--- perl-5.12.4/cpan/CGI/lib/CGI.pm	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/lib/CGI.pm	2011-12-30 05:31:41.000000000 -0800
[email protected]@ -1,5 +1,5 @@
+ package CGI;
+-require 5.004;
++require 5.008001;
+ use Carp 'croak';
+ 
+ # See the bottom of this file for the POD documentation.  Search for the
[email protected]@ -16,10 +16,11 @@
+ # listing the modifications you have made.
+ 
+ # The most recent version and complete docs are available at:
+-#   http://stein.cshl.org/WWW/software/CGI/
++#   http://search.cpan.org/dist/CGI.pm
+ 
++# The revision is no longer being updated since moving to git. 
+ $CGI::revision = '$Id: CGI.pm,v 1.266 2009/07/30 16:32:34 lstein Exp $';
+-$CGI::VERSION='3.49';
++$CGI::VERSION='3.59';
+ 
+ # HARD-CODED LOCATION FOR FILE UPLOAD TEMPORARY FILES.
+ # UNCOMMENT THIS ONLY IF YOU KNOW WHAT YOU'RE DOING.
[email protected]@ -385,7 +386,7 @@
+ # user is still holding any reference to them as well.
+ sub DESTROY {
+   my $self = shift;
+-  if ($OS eq 'WINDOWS') {
++  if ($OS eq 'WINDOWS' || $OS eq 'VMS') {
+     for my $href (values %{$self->{'.tmpfiles'}}) {
+       $href->{hndl}->DESTROY if defined $href->{hndl};
+       $href->{name}->DESTROY if defined $href->{name};
[email protected]@ -524,7 +525,7 @@
+     # if we get called more than once, we want to initialize
+     # ourselves from the original query (which may be gone
+     # if it was read from STDIN originally.)
+-    if (defined(@QUERY_PARAM) && !defined($initializer)) {
++    if (@QUERY_PARAM && !defined($initializer)) {
+         for my $name (@QUERY_PARAM) {
+             my $val = $QUERY_PARAM{$name}; # always an arrayref;
+             $self->param('-name'=>$name,'-value'=> $val);
[email protected]@ -647,9 +648,9 @@
+ 	  last METHOD;
+       }
+ 
+-      # If method is GET or HEAD, fetch the query from
++      # If method is GET, HEAD or DELETE, fetch the query from
+       # the environment.
+-      if ($is_xforms || $meth=~/^(GET|HEAD)$/) {
++      if ($is_xforms || $meth=~/^(GET|HEAD|DELETE)$/) {
+ 	  if ($MOD_PERL) {
+ 	    $query_string = $self->r->args;
+ 	  } else {
[email protected]@ -663,14 +664,6 @@
+ 	  if ( $content_length > 0 ) {
+ 	    $self->read_from_client(\$query_string,$content_length,0);
+ 	  }
+-	  elsif (not defined $ENV{CONTENT_LENGTH}) {
+-	    $self->read_from_stdin(\$query_string);
+-	    # should this be PUTDATA in case of PUT ?
+-	    my($param) = $meth . 'DATA' ;
+-	    $self->add_parameter($param) ;
+-	    push (@{$self->{param}{$param}},$query_string);
+-	    undef $query_string ;
+-	  }
+ 	  # Some people want to have their cake and eat it too!
+ 	  # Uncomment this line to have the contents of the query string
+ 	  # APPENDED to the POST data.
[email protected]@ -1023,47 +1016,6 @@
+ }
+ END_OF_FUNC
+ 
+-'read_from_stdin' => <<'END_OF_FUNC',
+-# Read data from stdin until all is read
+-sub read_from_stdin {
+-    my($self, $buff) = @_;
+-    local $^W=0;                # prevent a warning
+-
+-    #
+-    # TODO: loop over STDIN until all is read
+-    #
+-
+-    my($eoffound) = 0;
+-    my($localbuf) = '';
+-    my($tempbuf) = '';
+-    my($bufsiz) = 1024;
+-    my($res);
+-    while ($eoffound == 0) {
+-	if ( $MOD_PERL ) {
+-	    $res = $self->r->read($tempbuf, $bufsiz, 0)
+-	}
+-	else {
+-	    $res = read(\*STDIN, $tempbuf, $bufsiz);
+-	}
+-
+-	if ( !defined($res) ) {
+-	    # TODO: how to do error reporting ?
+-	    $eoffound = 1;
+-	    last;
+-	}
+-	if ( $res == 0 ) {
+-	    $eoffound = 1;
+-	    last;
+-	}
+-	$localbuf .= $tempbuf;
+-    }
+-
+-    $$buff = $localbuf;
+-
+-    return $res;
+-}
+-END_OF_FUNC
+-
+ 'delete' => <<'END_OF_FUNC',
+ #### Method: delete
+ # Deletes the named parameter entirely.
[email protected]@ -1570,12 +1522,8 @@
+ 
+     $type ||= 'text/html' unless defined($type);
+ 
+-    if (defined $charset) {
+-      $self->charset($charset);
+-    } else {
+-      $charset = $self->charset if $type =~ /^text\//;
+-    }
+-   $charset ||= '';
++    # sets if $charset is given, gets if not
++    $charset = $self->charset( $charset );
+ 
+     # rearrange() was designed for the HTML portion, so we
+     # need to fix it up a little.
[email protected]@ -1629,7 +1577,6 @@
+ }
+ END_OF_FUNC
+ 
+-
+ #### Method: cache
+ # Control whether header() will produce the no-cache
+ # Pragma directive.
[email protected]@ -1861,20 +1808,20 @@
+ 
+     my (@scripts) = ref($script) eq 'ARRAY' ? @$script : ($script);
+     for $script (@scripts) {
+-	my($src,$code,$language);
+-	if (ref($script)) { # script is a hash
+-	    ($src,$code,$type) =
+-		rearrange(['SRC','CODE',['LANGUAGE','TYPE']],
+-				 '-foo'=>'bar',	# a trick to allow the '-' to be omitted
+-				 ref($script) eq 'ARRAY' ? @$script : %$script);
++    my($src,$code,$language,$charset);
++    if (ref($script)) { # script is a hash
++        ($src,$code,$type,$charset) =
++        rearrange(['SRC','CODE',['LANGUAGE','TYPE'],'CHARSET'],
++                 '-foo'=>'bar', # a trick to allow the '-' to be omitted
++                 ref($script) eq 'ARRAY' ? @$script : %$script);
+             $type ||= 'text/javascript';
+             unless ($type =~ m!\w+/\w+!) {
+                 $type =~ s/[\d.]+$//;
+                 $type = "text/$type";
+             }
+-	} else {
+-	    ($src,$code,$type) = ('',$script, 'text/javascript');
+-	}
++    } else {
++        ($src,$code,$type,$charset) = ('',$script, 'text/javascript', '');
++    }
+ 
+     my $comment = '//';  # javascript by default
+     $comment = '#' if $type=~/perl|tcl/i;
[email protected]@ -1892,6 +1839,7 @@
+      my(@satts);
+      push(@satts,'src'=>$src) if $src;
+      push(@satts,'type'=>$type);
++     push(@satts,'charset'=>$charset) if ($src && $charset);
+      $code = $cdata_start . $code . $cdata_end if defined $code;
+      push(@result,$self->script({@satts},$code || ''));
+     }
[email protected]@ -2859,7 +2807,6 @@
+     my $query_str   =  $self->query_string;
+ 
+     my $rewrite_in_use = $request_uri && $request_uri !~ /^\Q$script_name/;
+-    undef $path if $rewrite_in_use && $rewrite;  # path not valid when rewriting active
+ 
+     my $uri         =  $rewrite && $request_uri ? $request_uri : $script_name;
+     $uri            =~ s/\?.*$//s;                                # remove query string
[email protected]@ -2961,6 +2908,8 @@
+ sub param_fetch {
+     my($self,@p) = self_or_default(@_);
+     my($name) = rearrange([NAME],@p);
++    return [] unless defined $name;
++
+     unless (exists($self->{param}{$name})) {
+ 	$self->add_parameter($name);
+ 	$self->{param}{$name} = [];
[email protected]@ -3532,11 +3481,11 @@
+     if ($DEBUG && @ARGV) {
+ 	@words = @ARGV;
+     } elsif ($DEBUG > 1) {
+-	require "shellwords.pl";
++	require Text::ParseWords;
+ 	print STDERR "(offline mode: enter name=value pairs on standard input; press ^D or ^Z when done)\n";
+ 	chomp(@lines = <STDIN>); # remove newlines
+ 	$input = join(" ",@lines);
+-	@words = &shellwords($input);    
++	@words = &Text::ParseWords::old_shellwords($input);    
+     }
+     for (@words) {
+ 	s/\\=/%3D/g;
[email protected]@ -3636,7 +3585,7 @@
+ 	    last if defined($filehandle = Fh->new($filename,$tmp,$PRIVATE_TEMPFILES));
+             $seqno += int rand(100);
+           }
+-          die "CGI open of tmpfile: $!\n" unless defined $filehandle;
++          die "CGI.pm open of tmpfile $tmp/$filename failed: $!\n" unless defined $filehandle;
+ 	  $CGI::DefaultClass->binmode($filehandle) if $CGI::needs_binmode 
+                      && defined fileno($filehandle);
+ 
[email protected]@ -4271,7 +4220,10 @@
+ sub new {
+     my($package,$sequence) = @_;
+     my $filename;
+-    find_tempdir() unless -w $TMPDIRECTORY;
++    unless (-w $TMPDIRECTORY) {
++        $TMPDIRECTORY = undef;
++        find_tempdir();
++    }
+     for (my $i = 0; $i < $MAXTRIES; $i++) {
+ 	last if ! -f ($filename = sprintf("\%s${SL}CGItemp%d", $TMPDIRECTORY, $sequence++));
+     }
[email protected]@ -4522,7 +4474,7 @@
+ 
+      $query = CGI->new;
+ 
+-This will parse the input (from both POST and GET methods) and store
++This will parse the input (from POST, GET and DELETE methods) and store
+ it into a perl5 object called $query. 
+ 
+ Any filehandles from file uploads will have their position reset to 
[email protected]@ -4721,9 +4673,10 @@
+    unshift @{$q->param_fetch(-name=>'address')},'George Munster';
+ 
+ If you need access to the parameter list in a way that isn't covered
+-by the methods above, you can obtain a direct reference to it by
+-calling the B<param_fetch()> method with the name of the .  This
+-will return an array reference to the named parameters, which you then
++by the methods given in the previous sections, you can obtain a direct 
++reference to it by
++calling the B<param_fetch()> method with the name of the parameter.  This
++will return an array reference to the named parameter, which you then
+ can manipulate in any way you like.
+ 
+ You can also use a named argument style using the B<-name> argument.
[email protected]@ -5128,8 +5081,7 @@
+ 
+ The temporary directory is selected using the following algorithm:
+ 
+-    1. if the current user (e.g. "nobody") has a directory named
+-    "tmp" in its home directory, use that (Unix systems only).
++    1. if $CGITempFile::TMPDIRECTORY is already set, use that
+ 
+     2. if the environment variable TMPDIR exists, use the location
+     indicated.
[email protected]@ -5291,17 +5243,14 @@
+ 
+   P3P: policyref="/w3c/p3p.xml" cp="CAO DSP LAW CURa"
+ 
+-Note that if a header value contains a carriage return, a leading space will be
+-added to each new line that doesn't already have one as specified by RFC2616
+-section 4.2.  For example:
+-
+-    print header( -ingredients => "ham\neggs\nbacon" );
++CGI.pm will accept valid multi-line headers when each line is separated with a
++CRLF value ("\r\n" on most platforms) followed by at least one space. For example:
+ 
+-will generate
++    print header( -ingredients => "ham\r\n\seggs\r\n\sbacon" );
+ 
+-    Ingredients: ham
+-     eggs
+-     bacon
++Invalid multi-line header input will trigger in an exception. When multi-line headers
++are received, CGI.pm will always output them back as a single line, according to the
++folding rules of RFC 2616: the newlines will be removed, while the white space remains.
+ 
+ =head2 GENERATING A REDIRECTION HEADER
+ 
[email protected]@ -5357,8 +5306,7 @@
+ 			    -style=>{'src'=>'/styles/style1.css'},
+ 			    -BGCOLOR=>'blue');
+ 
+-After creating the HTTP header, most CGI scripts will start writing
+-out an HTML document.  The start_html() routine creates the top of the
++The start_html() routine creates the top of the
+ page, along with a lot of optional information that controls the
+ page's appearance and behavior.
+ 
[email protected]@ -5412,6 +5360,18 @@
+ The B<-encoding> argument can be used to specify the character set for
+ XHTML.  It defaults to iso-8859-1 if not specified.
+ 
++The B<-dtd> argument can be used to specify a public DTD identifier string. For example:
++
++    -dtd => '-//W3C//DTD HTML 4.01 Transitional//EN')
++
++Alternatively, it can take public and system DTD identifiers as an array:
++
++    dtd => [ '-//W3C//DTD HTML 4.01 Transitional//EN', 'http://www.w3.org/TR/html4/loose.dtd' ]
++
++For the public DTD identifier to be considered, it must be valid. Otherwise it
++will be replaced by the default DTD. If the public DTD contains 'XHTML', CGI.pm
++will emit XML.
++
+ The B<-declare_xml> argument, when used in conjunction with XHTML,
+ will put a <?xml> declaration at the top of the HTML header. The sole
+ purpose of this declaration is to declare the character set
[email protected]@ -5420,11 +5380,11 @@
+ most validators.  The default for -declare_xml is false.
+ 
+ You can place other arbitrary HTML elements to the <head> section with the
+-B<-head> tag.  For example, to place the rarely-used <link> element in the
++B<-head> tag.  For example, to place a <link> element in the
+ head section, use this:
+ 
+-    print start_html(-head=>Link({-rel=>'next',
+-		                  -href=>'http://www.capricorn.com/s2.html'}));
++    print start_html(-head=>Link({-rel=>'shortcut icon',
++		                  -href=>'favicon.ico'}));
+ 
+ To incorporate multiple HTML elements into the <head> section, just pass an
+ array reference:
[email protected]@ -5486,12 +5446,10 @@
+ browsers that do not have JavaScript (or browsers where JavaScript is turned
+ off).
+ 
+-The <script> tag, has several attributes including "type" and src.
+-The latter is particularly interesting, as it allows you to keep the
+-JavaScript code in a file or CGI script rather than cluttering up each
+-page with the source.  To use these attributes pass a HASH reference
+-in the B<-script> parameter containing one or more of -type, -src, or
+--code:
++The <script> tag, has several attributes including "type", "charset" and "src".
++"src" allows you to keep JavaScript code in an external file. To use these
++attributes pass a HASH reference in the B<-script> parameter containing one or
++more of -type, -src, or -code:
+ 
+     print $q->start_html(-title=>'The Riddle of the Sphinx',
+ 			 -script=>{-type=>'JAVASCRIPT',
[email protected]@ -5527,7 +5485,7 @@
+                              );
+ 
+ The option "-language" is a synonym for -type, and is supported for
+-backwad compatibility.
++backwards compatibility.
+ 
+ The old-style positional parameters are as follows:
+ 
[email protected]@ -5558,13 +5516,13 @@
+ 
+ =head2 ENDING THE HTML DOCUMENT:
+ 
+-	print end_html
++	print $q->end_html;
+ 
+ This ends an HTML document by printing the </body></html> tags.
+ 
+ =head2 CREATING A SELF-REFERENCING URL THAT PRESERVES STATE INFORMATION:
+ 
+-    $myself = self_url;
++    $myself = $q->self_url;
+     print q(<a href="$myself">I'm talking to myself.</a>);
+ 
+ self_url() will return a URL, that, when selected, will reinvoke
[email protected]@ -5573,7 +5531,7 @@
+ internal anchors but you don't want to disrupt the current contents
+ of the form(s).  Something like this will do the trick.
+ 
+-     $myself = self_url;
++     $myself = $q->self_url;
+      print "<a href=\"$myself#table1\">See table 1</a>";
+      print "<a href=\"$myself#table2\">See table 2</a>";
+      print "<a href=\"$myself#yourself\">See for yourself</a>";
[email protected]@ -5583,7 +5541,10 @@
+ 
+ You can also retrieve the unprocessed query string with query_string():
+ 
+-    $the_string = query_string;
++    $the_string = $q->query_string();
++
++The behavior of calling query_string is currently undefined when the HTTP method is
++something other than GET.
+ 
+ =head2 OBTAINING THE SCRIPT'S URL
+ 
[email protected]@ -5645,9 +5606,7 @@
+ info probably won't match the request that the user sent. Set
+ -rewrite=>1 (default) to return URLs that match what the user sent
+ (the original request URI). Set -rewrite=>0 to return URLs that match
+-the URL after mod_rewrite's rules have run. Because the additional
+-path information only makes sense in the context of the rewritten URL,
+--rewrite is set to false when you request path info in the URL.
++the URL after mod_rewrite's rules have run. 
+ 
+ =back
+ 
[email protected]@ -5672,14 +5631,8 @@
+ 
+ =head1 CREATING STANDARD HTML ELEMENTS:
+ 
+-CGI.pm defines general HTML shortcut methods for most, if not all of
+-the HTML 3 and HTML 4 tags.  HTML shortcuts are named after a single
+-HTML element and return a fragment of HTML text that you can then
+-print or manipulate as you like.  Each shortcut returns a fragment of
+-HTML code that you can append to a string, save to a file, or, most
+-commonly, print out so that it displays in the browser window.
+-
+-This example shows how to use the HTML methods:
++CGI.pm defines general HTML shortcut methods for many HTML tags.  HTML shortcuts are named after a single
++HTML element and return a fragment of HTML text. Example:
+ 
+    print $q->blockquote(
+ 		     "Many years ago on the island of",
[email protected]@ -5935,7 +5888,7 @@
+    $query->autoEscape(0);
+ 
+ Note that autoEscape() is exclusively used to effect the behavior of how some
+-CGI.pm HTML generation fuctions handle escaping. Calling escapeHTML()
++CGI.pm HTML generation functions handle escaping. Calling escapeHTML()
+ explicitly will always escape the HTML.
+ 
+ I<A Lurking Trap!> Some of the form-element generating methods return
[email protected]@ -5985,7 +5938,7 @@
+     method: POST
+     action: this script
+     enctype: application/x-www-form-urlencoded for non-XHTML
+-             multipart/form-data for XHTML, see mulitpart/form-data below.
++             multipart/form-data for XHTML, see multipart/form-data below.
+ 
+ end_form() returns the closing </form> tag.  
+ 
[email protected]@ -6228,7 +6181,7 @@
+ 
+ =head3 Basics
+ 
+-When the form is processed, you can retrieve an L<IO::Handle> compatibile
++When the form is processed, you can retrieve an L<IO::Handle> compatible
+ handle for a file upload field like this:
+ 
+   $lightweight_fh  = $q->upload('field_name');
[email protected]@ -6316,7 +6269,7 @@
+ CGI.pm gives you low-level access to file upload management through
+ a file upload hook. You can use this feature to completely turn off
+ the temp file storage of file uploads, or potentially write your own
+-file upload progess meter.
++file upload progress meter.
+ 
+ This is much like the UPLOAD_HOOK facility available in L<Apache::Request>, with
+ the exception that the first argument to the callback is an L<Apache::Upload>
[email protected]@ -6369,7 +6322,7 @@
+ To solve this problem the upload() method was added, which always returns a
+ lightweight filehandle. This generally works well, but will have trouble
+ interoperating with some other modules because the file handle is not derived
+-from L<IO::Handle>. So that brings us to current recommedation given above,
++from L<IO::Handle>. So that brings us to current recommendation given above,
+ which is to call the handle() method on the file handle returned by upload().
+ That upgrades the handle to an IO::Handle. It's a big win for compatibility for
+ a small penalty of loading IO::Handle the first time you call it.
[email protected]@ -7608,7 +7561,7 @@
+ 127.0.0.1 if the address is unavailable.
+ 
+ =item B<script_name()>
+-Return the script name as a partial URL, for self-refering
++Return the script name as a partial URL, for self-referring
+ scripts.
+ 
+ =item B<referer()>
[email protected]@ -7725,7 +7678,7 @@
+ 
+ =item In the B<use> statement 
+ 
+-Simply add the "-nph" pragmato the list of symbols to be imported into
++Simply add the "-nph" pragma to the list of symbols to be imported into
+ your script:
+ 
+       use CGI qw(:standard -nph)
[email protected]@ -7911,11 +7864,13 @@
+ compatibility routine "ReadParse" is provided.  Porting is simple:
+ 
+ OLD VERSION
++
+     require "cgi-lib.pl";
+     &ReadParse;
+     print "The value of the antique is $in{antique}.\n";
+ 
+ NEW VERSION
++
+     use CGI;
+     CGI::ReadParse();
+     print "The value of the antique is $in{antique}.\n";
[email protected]@ -7923,30 +7878,79 @@
+ CGI.pm's ReadParse() routine creates a tied variable named %in,
+ which can be accessed to obtain the query variables.  Like
+ ReadParse, you can also provide your own variable.  Infrequently
+-used features of ReadParse, such as the creation of @in and $in 
++used features of ReadParse, such as the creation of @in and $in
+ variables, are not supported.
+ 
+ Once you use ReadParse, you can retrieve the query object itself
+ this way:
+ 
+     $q = $in{CGI};
+-    print textfield(-name=>'wow',
+-			-value=>'does this really work?');
++    print $q->textfield(-name=>'wow',
++            -value=>'does this really work?');
+ 
+ This allows you to start using the more interesting features
+ of CGI.pm without rewriting your old scripts from scratch.
+ 
+-=head1 AUTHOR INFORMATION
++An even simpler way to mix cgi-lib calls with CGI.pm calls is to import both the
++C<:cgi-lib> and C<:standard> method:
++
++ use CGI qw(:cgi-lib :standard);
++ &ReadParse;
++ print "The price of your purchase is $in{price}.\n";
++ print textfield(-name=>'price', -default=>'$1.99');
++
++=head2 Cgi-lib functions that are available in CGI.pm
++
++In compatibility mode, the following cgi-lib.pl functions are
++available for your use:
++
++ ReadParse()
++ PrintHeader()
++ HtmlTop()
++ HtmlBot()
++ SplitParam()
++ MethGet()
++ MethPost()
++
++=head2 Cgi-lib functions that are not available in CGI.pm
++
++  * Extended form of ReadParse()
++    The extended form of ReadParse() that provides for file upload
++    spooling, is not available.
++
++  * MyBaseURL()
++    This function is not available.  Use CGI.pm's url() method instead.
++
++  * MyFullURL()
++    This function is not available.  Use CGI.pm's self_url() method
++    instead.
++
++  * CgiError(), CgiDie()
++    These functions are not supported.  Look at CGI::Carp for the way I
++    prefer to handle error messages.
++
++  * PrintVariables()
++    This function is not available.  To achieve the same effect,
++       just print out the CGI object:
++
++       use CGI qw(:standard);
++       $q = CGI->new;
++       print h1("The Variables Are"),$q;
+ 
+-The CGI.pm distribution is copyright 1995-2007, Lincoln D. Stein.  It is
+-distributed under GPL and the Artistic License 2.0.
++  * PrintEnv()
++    This function is not available. You'll have to roll your own if you really need it.
++
++=head1 AUTHOR INFORMATION
+ 
+-Address bug reports and comments to: [email protected]  When sending
+-bug reports, please provide the version of CGI.pm, the version of
+-Perl, the name and version of your Web server, and the name and
+-version of the operating system you are using.  If the problem is even
+-remotely browser dependent, please provide information about the
+-affected browers as well.
++The CGI.pm distribution is copyright 1995-2007, Lincoln D. Stein. It is
++distributed under GPL and the Artistic License 2.0. It is currently
++maintained by Mark Stosberg with help from many contributors.
++
++Address bug reports and comments to: https://rt.cpan.org/Public/Dist/Display.html?Queue=CGI.pm
++When sending bug reports, please provide the version of CGI.pm, the version of
++Perl, the name and version of your Web server, and the name and version of the
++operating system you are using.  If the problem is even remotely browser
++dependent, please provide information about the affected browsers as well.
+ 
+ =head1 CREDITS
+ 
+diff -Naur perl-5.12.4/cpan/CGI/t/carp.t CGI.pm-3.59/cpan/CGI/t/carp.t
+--- perl-5.12.4/cpan/CGI/t/carp.t	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/t/carp.t	2011-01-05 10:13:45.000000000 -0800
[email protected]@ -1,12 +1,12 @@
+ # -*- Mode: cperl; coding: utf-8; cperl-indent-level: 2 -*-
+-#!/usr/local/bin/perl -w
++#!perl -w
+ 
+ use strict;
+ 
+-use Test::More tests => 59;
++use Test::More tests => 61;
+ use IO::Handle;
+ 
+-BEGIN { use_ok('CGI::Carp') };
++use CGI::Carp;
+ 
+ #-----------------------------------------------------------------------------
+ # Test id
[email protected]@ -337,9 +337,14 @@
+     CGI::Carp::die( My::Stringified::Object->new );
+     $result{string_object} .= $_ while <STDOUT>;
+ 
++    undef [email protected];
+     CGI::Carp::die();
+     $result{no_args} .= $_ while <STDOUT>;
+ 
++    [email protected] = "I think I caught a virus";
++    CGI::Carp::die();
++    $result{propagated} .= $_ while <STDOUT>;
++
+     untie *STDOUT;
+ 
+     like $result{string}    => qr/regular string/, 'regular string, wrapped';
[email protected]@ -352,6 +357,9 @@
+       'stringified object, wrapped';
+     like $result{no_args} => qr/Died at/, 'no args, wrapped';
+ 
++    like $result{propagated} => qr/I think I caught a virus\t\.{3}propagated/, 
++        'propagating [email protected] if no argument';
++
+ }
+ 
+ {
[email protected]@ -371,3 +379,20 @@
+         return bless {}, shift;
+     }
+ }
++
++
[email protected] = ();
++tie *STDOUT, 'StoreStuff' or die "Can't tie STDOUT";
++ {
++ 	eval {
++ 		$CGI::Carp::TO_BROWSER = 0;
++ 		die 'Message ToBrowser = 0';
++	};
++ 	$result[0] = [email protected];
++ 	$result[1] .= $_ while (<STDOUT>);
++ }
++untie *STDOUT;
++
++ like $result[0] => qr/Message ToBrowser/, 'die message for ToBrowser = 0 is OK';
++ ok !$result[1], 'No output for ToBrowser = 0';
++
+diff -Naur perl-5.12.4/cpan/CGI/t/charset.t CGI.pm-3.59/cpan/CGI/t/charset.t
+--- perl-5.12.4/cpan/CGI/t/charset.t	1969-12-31 16:00:00.000000000 -0800
++++ CGI.pm-3.59/cpan/CGI/t/charset.t	2011-01-05 10:13:45.000000000 -0800
[email protected]@ -0,0 +1,27 @@
++#!perl
++
++use strict;
++use warnings;
++
++use Test::More 'no_plan';
++
++use CGI;
++
++my $q = CGI->new;
++
++like( $q->header
++    , qr/charset=ISO-8859-1/, "charset ISO-8859-1 is set by default for default content-type");
++like( $q->header('application/json')
++    , qr/charset=ISO-8859-1/, "charset ISO-8859-1 is set by default for application/json content-type");
++
++{
++    $q->charset('UTF-8');
++    my $out = $q->header('text/plain');
++    like($out, qr{Content-Type: text/plain; charset=UTF-8}, "setting charset alters header of text/plain");
++}
++{
++    $q->charset('UTF-8');
++    my $out = $q->header('application/json');
++    like($out, qr{Content-Type: application/json; charset=UTF-8}, "setting charset alters header of application/json");
++}
++
+diff -Naur perl-5.12.4/cpan/CGI/t/cookie.t CGI.pm-3.59/cpan/CGI/t/cookie.t
+--- perl-5.12.4/cpan/CGI/t/cookie.t	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/t/cookie.t	2011-04-28 07:34:54.000000000 -0700
[email protected]@ -1,23 +1,29 @@
+-#!/usr/local/bin/perl -w
++#!perl -w
+ 
+ use strict;
+ 
+-use Test::More tests => 96;
++# to have a consistent baseline, we nail the current time
++# to 100 seconds after the epoch
++BEGIN {
++    *CORE::GLOBAL::time = sub { 100 };
++}
++
++use Test::More 'no_plan';
+ use CGI::Util qw(escape unescape);
+ use POSIX qw(strftime);
++use CGI::Cookie;
+ 
+ #-----------------------------------------------------------------------------
+ # make sure module loaded
+ #-----------------------------------------------------------------------------
+ 
+-BEGIN {use_ok('CGI::Cookie');}
+-
+ my @test_cookie = (
+-		   'foo=123; bar=qwerty; baz=wibble; qux=a1',
+-		   'foo=123; bar=qwerty; baz=wibble;',
+-		   'foo=vixen; bar=cow; baz=bitch; qux=politician',
+-		   'foo=a%20phrase; bar=yes%2C%20a%20phrase; baz=%5Ewibble; qux=%27',
+-		   );
++           # including leading and trailing whitespace in first cookie
++           ' foo=123 ; bar=qwerty; baz=wibble; qux=a1',
++           'foo=123; bar=qwerty; baz=wibble;',
++           'foo=vixen; bar=cow; baz=bitch; qux=politician',
++           'foo=a%20phrase; bar=yes%2C%20a%20phrase; baz=%5Ewibble; qux=%27',
++           );
+ 
+ #-----------------------------------------------------------------------------
+ # Test parse
[email protected]@ -25,23 +31,29 @@
+ 
+ {
+   my $result = CGI::Cookie->parse($test_cookie[0]);
+-
+   is(ref($result), 'HASH', "Hash ref returned in scalar context");
+ 
+   my @result = CGI::Cookie->parse($test_cookie[0]);
+-
+   is(@result, 8, "returns correct number of fields");
+ 
+   @result = CGI::Cookie->parse($test_cookie[1]);
+-
+   is(@result, 6, "returns correct number of fields");
+ 
+   my %result = CGI::Cookie->parse($test_cookie[0]);
+-
+   is($result{foo}->value, '123', "cookie foo is correct");
+   is($result{bar}->value, 'qwerty', "cookie bar is correct");
+   is($result{baz}->value, 'wibble', "cookie baz is correct");
+   is($result{qux}->value, 'a1', "cookie qux is correct");
++
++  my @array   = CGI::Cookie->parse('');
++  my $scalar  = CGI::Cookie->parse('');
++  is_deeply(\@array, [], " parse('') returns an empty array   in list context   (undocumented)");
++  is_deeply($scalar, {}, " parse('') returns an empty hashref in scalar context (undocumented)");
++
++  @array   = CGI::Cookie->parse(undef);
++  $scalar  = CGI::Cookie->parse(undef);
++  is_deeply(\@array, [], " parse(undef) returns an empty array   in list context   (undocumented)");
++  is_deeply($scalar, {}, " parse(undef) returns an empty hashref in scalar context (undocumented)");
+ }
+ 
+ #-----------------------------------------------------------------------------
[email protected]@ -126,6 +138,10 @@
+   is($result{bar}, 'yes%2C%20a%20phrase', "cookie bar is correct");
+   is($result{baz}, '%5Ewibble', "cookie baz is correct");
+   is($result{qux}, '%27', "cookie qux is correct");
++
++  $ENV{COOKIE} = '$Version=1; foo; $Path="/test"';
++  %result = CGI::Cookie->raw_fetch();
++  is($result{foo}, '', 'no value translates to empty string');
+ }
+ 
+ #-----------------------------------------------------------------------------
[email protected]@ -135,12 +151,13 @@
+ {
+   # Try new with full information provided
+   my $c = CGI::Cookie->new(-name    => 'foo',
+-			   -value   => 'bar',
+-			   -expires => '+3M',
+-			   -domain  => '.capricorn.com',
+-			   -path    => '/cgi-bin/database',
+-			   -secure  => 1
+-			  );
++               -value   => 'bar',
++               -expires => '+3M',
++               -domain  => '.capricorn.com',
++               -path    => '/cgi-bin/database',
++               -secure  => 1,
++               -httponly=> 1
++              );
+   is(ref($c), 'CGI::Cookie', 'new returns objects of correct type');
+   is($c->name   , 'foo',               'name is correct');
+   is($c->value  , 'bar',               'value is correct');
[email protected]@ -148,11 +165,12 @@
+   is($c->domain , '.capricorn.com',    'domain is correct');
+   is($c->path   , '/cgi-bin/database', 'path is correct');
+   ok($c->secure , 'secure attribute is set');
++  ok( $c->httponly, 'httponly attribute is set' );
+ 
+   # now try it with the only two manditory values (should also set the default path)
+   $c = CGI::Cookie->new(-name    =>  'baz',
+-			-value   =>  'qux',
+-		       );
++            -value   =>  'qux',
++               );
+   is(ref($c), 'CGI::Cookie', 'new returns objects of correct type');
+   is($c->name   , 'baz', 'name is correct');
+   is($c->value  , 'qux', 'value is correct');
[email protected]@ -160,6 +178,7 @@
+   ok(!defined $c->domain ,       'domain attributeis not set');
+   is($c->path, '/',      'path atribute is set to default');
+   ok(!defined $c->secure ,       'secure attribute is set');
++  ok( !defined $c->httponly, 'httponly attribute is not set' );
+ 
+ # I'm really not happy about the restults of this section.  You pass
+ # the new method invalid arguments and it just merilly creates a
[email protected]@ -186,12 +205,13 @@
+ 
+ {
+   my $c = CGI::Cookie->new(-name    => 'Jam',
+-			   -value   => 'Hamster',
+-			   -expires => '+3M',
+-			   -domain  => '.pie-shop.com',
+-			   -path    => '/',
+-			   -secure  => 1
+-			  );
++               -value   => 'Hamster',
++               -expires => '+3M',
++               -domain  => '.pie-shop.com',
++               -path    => '/',
++               -secure  => 1,
++               -httponly=> 1
++              );
+ 
+   my $name = $c->name;
+   like($c->as_string, "/$name/", "Stringified cookie contains name");
[email protected]@ -210,9 +230,12 @@
+ 
+   like($c->as_string, '/secure/', "Stringified cookie contains secure");
+ 
++  like( $c->as_string, '/HttpOnly/',
++    "Stringified cookie contains HttpOnly" );
++
+   $c = CGI::Cookie->new(-name    =>  'Hamster-Jam',
+-			-value   =>  'Tulip',
+-		       );
++            -value   =>  'Tulip',
++               );
+ 
+   $name = $c->name;
+   like($c->as_string, "/$name/", "Stringified cookie contains name");
[email protected]@ -228,6 +251,9 @@
+   like($c->as_string, "/$path/", "Stringified cookie contains path");
+ 
+   ok($c->as_string !~ /secure/, "Stringified cookie does not contain secure");
++
++  ok( $c->as_string !~ /HttpOnly/,
++    "Stringified cookie does not contain HttpOnly" );
+ }
+ 
+ #-----------------------------------------------------------------------------
[email protected]@ -236,38 +262,38 @@
+ 
+ {
+   my $c1 = CGI::Cookie->new(-name    => 'Jam',
+-			    -value   => 'Hamster',
+-			    -expires => '+3M',
+-			    -domain  => '.pie-shop.com',
+-			    -path    => '/',
+-			    -secure  => 1
+-			   );
++                -value   => 'Hamster',
++                -expires => '+3M',
++                -domain  => '.pie-shop.com',
++                -path    => '/',
++                -secure  => 1
++               );
+ 
+   # have to use $c1->expires because the time will occasionally be
+   # different between the two creates causing spurious failures.
+   my $c2 = CGI::Cookie->new(-name    => 'Jam',
+-			    -value   => 'Hamster',
+-			    -expires => $c1->expires,
+-			    -domain  => '.pie-shop.com',
+-			    -path    => '/',
+-			    -secure  => 1
+-			   );
++                -value   => 'Hamster',
++                -expires => $c1->expires,
++                -domain  => '.pie-shop.com',
++                -path    => '/',
++                -secure  => 1
++               );
+ 
+   # This looks titally whacked, but it does the -1, 0, 1 comparison
+   # thing so 0 means they match
+   is($c1->compare("$c1"), 0, "Cookies are identical");
+-  is($c1->compare("$c2"), 0, "Cookies are identical");
++  is( "$c1", "$c2", "Cookies are identical");
+ 
+   $c1 = CGI::Cookie->new(-name   => 'Jam',
+-			 -value  => 'Hamster',
+-			 -domain => '.foo.bar.com'
+-			);
++             -value  => 'Hamster',
++             -domain => '.foo.bar.com'
++            );
+ 
+   # have to use $c1->expires because the time will occasionally be
+   # different between the two creates causing spurious failures.
+   $c2 = CGI::Cookie->new(-name    =>  'Jam',
+-			 -value   =>  'Hamster',
+-			);
++             -value   =>  'Hamster',
++            );
+ 
+   # This looks titally whacked, but it does the -1, 0, 1 comparison
+   # thing so 0 (i.e. false) means they match
[email protected]@ -284,12 +310,12 @@
+ 
+ {
+   my $c = CGI::Cookie->new(-name    => 'Jam',
+-			   -value   => 'Hamster',
+-			   -expires => '+3M',
+-			   -domain  => '.pie-shop.com',
+-			   -path    => '/',
+-			   -secure  => 1
+-			   );
++               -value   => 'Hamster',
++               -expires => '+3M',
++               -domain  => '.pie-shop.com',
++               -path    => '/',
++               -secure  => 1
++               );
+ 
+   is($c->name,          'Jam',   'name is correct');
+   is($c->name('Clash'), 'Clash', 'name is set correctly');
[email protected]@ -321,6 +347,36 @@
+   ok(!$c->secure,    'secure attribute is cleared');
+ }
+ 
++#----------------------------------------------------------------------------
++# Max-age
++#----------------------------------------------------------------------------
++
++MAX_AGE: {
++    my $cookie = CGI::Cookie->new( -name=>'a', value=>'b', '-expires' => 'now',);
++    is $cookie->expires, 'Thu, 01-Jan-1970 00:01:40 GMT';
++    is $cookie->max_age => undef, 'max-age is undefined when setting expires';
++
++    $cookie = CGI::Cookie->new( -name=>'a', 'value'=>'b' );
++    $cookie->max_age( '+4d' );
++
++    is $cookie->expires, undef, 'expires is undef when setting max_age';
++    is $cookie->max_age => 4*24*60*60, 'setting via max-age';
++
++    $cookie->max_age( '113' );
++    is $cookie->max_age => 13, 'max_age(num) as delta';
++}
++
++
++#----------------------------------------------------------------------------
++# bake
++#----------------------------------------------------------------------------
++
++BAKE: {
++    my $cookie = CGI::Cookie->new( -name=>'a', value=>'b', '-expires' => 'now',);
++    eval { $cookie->bake };
++    is([email protected],'', "calling bake() without mod_perl should survive"); 
++}
++
+ #-----------------------------------------------------------------------------
+ # Apache2?::Cookie compatibility.
+ #-----------------------------------------------------------------------------
+diff -Naur perl-5.12.4/cpan/CGI/t/delete.t CGI.pm-3.59/cpan/CGI/t/delete.t
+--- perl-5.12.4/cpan/CGI/t/delete.t	1969-12-31 16:00:00.000000000 -0800
++++ CGI.pm-3.59/cpan/CGI/t/delete.t	2011-04-28 07:34:54.000000000 -0700
[email protected]@ -0,0 +1,57 @@
++#!/usr/local/bin/perl
++
++use strict;
++use warnings;
++
++use Test::More;
++
++use CGI ();
++use Config;
++
++my $loaded = 1;
++
++$| = 1;
++
++######################### End of black magic.
++
++# Set up a CGI environment
++$ENV{REQUEST_METHOD}  = 'DELETE';
++$ENV{QUERY_STRING}    = 'game=chess&game=checkers&weather=dull';
++$ENV{PATH_INFO}       = '/somewhere/else';
++$ENV{PATH_TRANSLATED} = '/usr/local/somewhere/else';
++$ENV{SCRIPT_NAME}     = '/cgi-bin/foo.cgi';
++$ENV{SERVER_PROTOCOL} = 'HTTP/1.0';
++$ENV{SERVER_PORT}     = 8080;
++$ENV{SERVER_NAME}     = 'the.good.ship.lollypop.com';
++$ENV{REQUEST_URI}     = "$ENV{SCRIPT_NAME}$ENV{PATH_INFO}?$ENV{QUERY_STRING}";
++$ENV{HTTP_LOVE}       = 'true';
++
++my $q = new CGI;
++ok $q,"CGI::new()";
++is $q->request_method => 'DELETE',"CGI::request_method()";
++is $q->query_string => 'game=chess;game=checkers;weather=dull',"CGI::query_string()";
++is $q->param(), 2,"CGI::param()";
++is join(' ',sort $q->param()), 'game weather',"CGI::param()";
++is $q->param('game'), 'chess',"CGI::param()";
++is $q->param('weather'), 'dull',"CGI::param()";
++is join(' ',$q->param('game')), 'chess checkers',"CGI::param()";
++ok $q->param(-name=>'foo',-value=>'bar'),'CGI::param() put';
++is $q->param(-name=>'foo'), 'bar','CGI::param() get';
++is $q->query_string, 'game=chess;game=checkers;weather=dull;foo=bar',"CGI::query_string() redux";
++is $q->http('love'), 'true',"CGI::http()";
++is $q->script_name, '/cgi-bin/foo.cgi',"CGI::script_name()";
++is $q->url, 'http://the.good.ship.lollypop.com:8080/cgi-bin/foo.cgi',"CGI::url()";
++is $q->self_url,
++     'http://the.good.ship.lollypop.com:8080/cgi-bin/foo.cgi/somewhere/else?game=chess;game=checkers;weather=dull;foo=bar',
++     "CGI::url()";
++is $q->url(-absolute=>1), '/cgi-bin/foo.cgi','CGI::url(-absolute=>1)';
++is $q->url(-relative=>1), 'foo.cgi','CGI::url(-relative=>1)';
++is $q->url(-relative=>1,-path=>1), 'foo.cgi/somewhere/else','CGI::url(-relative=>1,-path=>1)';
++is $q->url(-relative=>1,-path=>1,-query=>1),
++     'foo.cgi/somewhere/else?game=chess;game=checkers;weather=dull;foo=bar',
++     'CGI::url(-relative=>1,-path=>1,-query=>1)';
++$q->delete('foo');
++ok !$q->param('foo'),'CGI::delete()';
++
++
++done_testing();
+diff -Naur perl-5.12.4/cpan/CGI/t/fast.t CGI.pm-3.59/cpan/CGI/t/fast.t
+--- perl-5.12.4/cpan/CGI/t/fast.t	1969-12-31 16:00:00.000000000 -0800
++++ CGI.pm-3.59/cpan/CGI/t/fast.t	2011-12-30 05:07:26.000000000 -0800
[email protected]@ -0,0 +1,34 @@
++#!perl -w
++
++my $fcgi;
++BEGIN {
++    local [email protected];
++    eval { require FCGI };
++    $fcgi = [email protected] ? 0 : 1;
++}
++
++use Test::More tests => 9;
++
++# Shut up "used only once" warnings.
++() = $CGI::Q;
++
++SKIP: {
++    skip( 'FCGI not installed, cannot continue', 9 ) unless $fcgi;
++
++    require CGI::Fast;
++    ok( my $q = CGI::Fast->new(), 'created new CGI::Fast object' );
++    is( $q, $CGI::Q, 'checking to see if the object was stored properly' );
++    is( $q->param(), (), 'no params' );
++
++    ok( $q = CGI::Fast->new({ foo => 'bar' }), 'creating object with params' );
++    is( $q->param('foo'), 'bar', 'checking passed param' );
++
++    is($CGI::PRIVATE_TEMPFILES,0, "reality check default value for CGI::PRIVATE_TEMPFILES");
++    import CGI::Fast '-private_tempfiles';
++    CGI::Fast->new;
++    is($CGI::PRIVATE_TEMPFILES,1, "pragma in subclass set package variable in parent class. ");
++    $q = CGI::Fast->new({ a => 1 });
++    ok($q, "reality check: something was returned from CGI::Fast->new besides undef");
++    is($CGI::PRIVATE_TEMPFILES,1, "package variable in parent class persists through multiple calls to CGI::Fast->new ");
++
++};
+diff -Naur perl-5.12.4/cpan/CGI/t/gen-tests/gen-start-end-tags.pl CGI.pm-3.59/cpan/CGI/t/gen-tests/gen-start-end-tags.pl
+--- perl-5.12.4/cpan/CGI/t/gen-tests/gen-start-end-tags.pl	1969-12-31 16:00:00.000000000 -0800
++++ CGI.pm-3.59/cpan/CGI/t/gen-tests/gen-start-end-tags.pl	2011-01-05 10:13:45.000000000 -0800
[email protected]@ -0,0 +1,75 @@
++#!/usr/bin/perl -w
++
++use strict;
++
++my @tags = 
++    (
++        "h1","h2","h3","h4","h5","h6",
++        "table","ul","li","ol","td",
++        "b","i","u","div",
++    );
++
++my $the_tag;
++my $tests_body = "";
++my $num_tests = 0;
++foreach $the_tag (@tags)
++{
++    my $start_or_end;
++    foreach $start_or_end (qw(start end))
++    {
++        my $slash = ($start_or_end eq "start") ? "" : "/";
++        $tests_body .= "is(${start_or_end}_${the_tag}(), \"<${slash}${the_tag}>\", \"${start_or_end}_${the_tag}\"); # TEST\n";
++        $num_tests++;
++        if ($start_or_end eq "start")
++        {
++            $tests_body .= "is(${start_or_end}_${the_tag}({class => 'hello'}), \"<${slash}${the_tag} class=\\\"hello\\\">\", \"${start_or_end}_${the_tag} with param\"); # TEST\n";
++            $num_tests++;
++        }
++    }
++    $tests_body .= "\n";
++}
++
++my $header1 = <<"EOF";
++#!/usr/local/bin/perl -w
++
++use lib qw(t/lib);
++use strict;
++
++# Due to a bug in older versions of MakeMaker & Test::Harness, we must
++# ensure the blib's are in \@INC, else we might use the core CGI.pm
++use lib qw(blib/lib blib/arch);
++EOF
++;
++
++my $header2 = "use Test::More tests => $num_tests;\n\n";
++
++my $header3;
++
++sub write_file
++{
++    my %args = (@_);
++    local(*O);
++    open O, ">t/start_end_" . $args{'filename'} . ".t\n";
++    my $content = $header1 . $header2 .
++        "use CGI qw(:standard " .
++            join(" ", @{$args{'use_params'}}) . ");\n\n" .
++        $tests_body;
++    print O $content;
++    close(O);
++}
++
++write_file(
++    "filename" => "asterisk",
++    "use_params" => [ map {"\*$_" } @tags ],
++);
++
++write_file(
++    "filename" => "start",
++    "use_params" => [ map {"start_$_"} @tags],
++);
++
++write_file(
++    "filename" => "end",
++    "use_params" => [ map {"end_$_"} @tags],
++);
++
+diff -Naur perl-5.12.4/cpan/CGI/t/html.t CGI.pm-3.59/cpan/CGI/t/html.t
+--- perl-5.12.4/cpan/CGI/t/html.t	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/t/html.t	2011-01-05 10:13:45.000000000 -0800
[email protected]@ -63,11 +63,14 @@
+ is header(), "Content-Type: text/html; charset=ISO-8859-1${CRLF}${CRLF}",
+   "header()";
+ 
+-is header( -type => 'image/gif' ), "Content-Type: image/gif${CRLF}${CRLF}",
++is header( -type => 'image/gif', -charset => '' ), "Content-Type: image/gif${CRLF}${CRLF}",
+   "header()";
+ 
+ is header( -type => 'image/gif', -status => '500 Sucks' ),
+   "Status: 500 Sucks${CRLF}Content-Type: image/gif${CRLF}${CRLF}", "header()";
++ 
++# return to normal 
++charset( 'ISO-8859-1' );
+ 
+ like header( -nph => 1 ),
+   qr!HTTP/1.0 200 OK${CRLF}Server: cmdline${CRLF}Date:.+${CRLF}Content-Type: text/html; charset=ISO-8859-1${CRLF}${CRLF}!,
[email protected]@ -85,13 +88,17 @@
+ <body>
+ END
+ 
+-is start_html( -Title => 'The world of foo' ), <<END, "start_html()";
++is start_html(
++    -Title  => 'The world of foo' ,
++    -Script => [ {-src=> 'foo.js', -charset=>'utf-8'} ],
++    ), <<END, "start_html()";
+ <!DOCTYPE html
+ 	PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ 	 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+ <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
+ <head>
+ <title>The world of foo</title>
++<script src="foo.js" charset="utf-8" type="text/javascript"></script>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+ </head>
+ <body>
+diff -Naur perl-5.12.4/cpan/CGI/t/multipart_init.t CGI.pm-3.59/cpan/CGI/t/multipart_init.t
+--- perl-5.12.4/cpan/CGI/t/multipart_init.t	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/t/multipart_init.t	1969-12-31 16:00:00.000000000 -0800
[email protected]@ -1,20 +0,0 @@
+-use Test::More 'no_plan';
+-
+-use CGI;
+-
+-my $q = CGI->new;
+-
+-my $sv = $q->multipart_init;
+-like( $sv, qr|Content-Type: multipart/x-mixed-replace;boundary="------- =|, 'multipart_init(), basic');
+-
+-like( $sv, qr/$CGI::CRLF$/, 'multipart_init(), ends in CRLF' );
+-
+-$sv = $q->multipart_init( 'this_is_the_boundary' );
+-like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init("simple_boundary")' );
+-$sv = $q->multipart_init( -boundary => 'this_is_another_boundary' );
+-like($sv,
+-     qr/boundary="this_is_another_boundary"/, "multipart_init( -boundary => 'this_is_another_boundary')");
+-
+-$sv = $q->multipart_init;
+-my $sv2 = $q->multipart_init;
+-isnt($sv,$sv2,"due to random boundaries, multiple calls produce different results");
+diff -Naur perl-5.12.4/cpan/CGI/t/param_fetch.t CGI.pm-3.59/cpan/CGI/t/param_fetch.t
+--- perl-5.12.4/cpan/CGI/t/param_fetch.t	1969-12-31 16:00:00.000000000 -0800
++++ CGI.pm-3.59/cpan/CGI/t/param_fetch.t	2011-01-05 10:13:45.000000000 -0800
[email protected]@ -0,0 +1,26 @@
++#!perl
++
++# Tests for the param_fetch() method.
++
++use Test::More 'no_plan';
++use CGI;
++
++{
++    my $q = CGI->new('b=baz;a=foo;a=bar');
++
++    is $q->param_fetch('a')->[0] => 'foo', 'first "a" is "foo"';
++    is $q->param_fetch( -name => 'a' )->[0] => 'foo',
++      'first "a" is "foo", with -name';
++    is $q->param_fetch('a')->[1] => 'bar', 'second "a" is "bar"';
++    is_deeply $q->param_fetch('a') => [qw/ foo bar /], 'a is array ref';
++    is_deeply $q->param_fetch( -name => 'a' ) => [qw/ foo bar /],
++      'a is array ref, w/ name';
++
++    is $q->param_fetch('b')->[0] => 'baz', '"b" is "baz"';
++    is_deeply $q->param_fetch('b') => [qw/ baz /], 'b is array ref too';
++
++    is_deeply $q->param_fetch, [], "param_fetch without parameters";
++
++    is_deeply $q->param_fetch( 'a', 'b' ), [qw/ foo bar /],
++      "param_fetch only take first argument";
++}
+diff -Naur perl-5.12.4/cpan/CGI/t/rt-52469.t CGI.pm-3.59/cpan/CGI/t/rt-52469.t
+--- perl-5.12.4/cpan/CGI/t/rt-52469.t	1969-12-31 16:00:00.000000000 -0800
++++ CGI.pm-3.59/cpan/CGI/t/rt-52469.t	2011-12-30 05:22:19.000000000 -0800
[email protected]@ -0,0 +1,14 @@
++use strict;
++use warnings;
++
++use Test::More tests => 1;                      # last test to print
++
++use CGI;
++
++$ENV{REQUEST_METHOD} = 'PUT';
++
++my $cgi = CGI->new;
++
++pass 'new() returned';
++
++
+diff -Naur perl-5.12.4/cpan/CGI/t/tmpdir.t CGI.pm-3.59/cpan/CGI/t/tmpdir.t
+--- perl-5.12.4/cpan/CGI/t/tmpdir.t	1969-12-31 16:00:00.000000000 -0800
++++ CGI.pm-3.59/cpan/CGI/t/tmpdir.t	2011-12-30 04:52:33.000000000 -0800
[email protected]@ -0,0 +1,40 @@
++#!perl
++use Test::More tests => 9;
++use strict;
++
++my ($testdir, $testdir2);
++
++BEGIN {
++ $testdir = "CGItest";
++ $testdir2 = "CGItest2";
++ for ($testdir, $testdir2) {
++ ( -d ) || mkdir $_;
++ ( ! -w ) || chmod 0700, $_;
++ }
++ $CGITempFile::TMPDIRECTORY = $testdir;
++ $ENV{TMPDIR} = $testdir2;
++}
++
++use CGI;
++is($CGITempFile::TMPDIRECTORY, $testdir, "can pre-set \$CGITempFile::TMPDIRECTORY");
++CGITempFile->new;
++is($CGITempFile::TMPDIRECTORY, $testdir, "\$CGITempFile::TMPDIRECTORY unchanged");
++
++TODO: {
++ local $TODO = "figuring out why these tests fail on some platforms";
++ ok(chmod 0500, $testdir, "revoking write access to $testdir");
++ ok(! -w $testdir, "write access to $testdir revoked");
++CGITempFile->new;
++is($CGITempFile::TMPDIRECTORY, $testdir2,
++ "unwritable \$CGITempFile::TMPDIRECTORY overridden");
++
++ok(chmod 0500, $testdir2, "revoking write access to $testdir2");
++ok(! -w $testdir, "write access to $testdir revoked");
++CGITempFile->new;
++isnt($CGITempFile::TMPDIRECTORY, $testdir2,
++ "unwritable \$ENV{TMPDIR} overridden");
++isnt($CGITempFile::TMPDIRECTORY, $testdir,
++ "unwritable \$ENV{TMPDIR} not overridden with an unwritable \$CGITempFile::TMPDIRECTORY");
++}
++
++END { for ($testdir, $testdir2) { chmod 0700, $_; rmdir; } }
+diff -Naur perl-5.12.4/cpan/CGI/t/url.t CGI.pm-3.59/cpan/CGI/t/url.t
+--- perl-5.12.4/cpan/CGI/t/url.t	2011-06-01 00:47:46.000000000 -0700
++++ CGI.pm-3.59/cpan/CGI/t/url.t	2011-11-09 07:49:15.000000000 -0800
[email protected]@ -1,9 +1,10 @@
+ use strict;
+ use warnings;
+ 
+-use Test::More tests => 4;    # last test to print
++use Test::More;
++
++use CGI ':all';
+ 
+-use CGI qw/ :all /;
+ 
+ $ENV{HTTP_X_FORWARDED_HOST} = 'proxy:8484';
+ $ENV{SERVER_PROTOCOL}       = 'HTTP/1.0';
[email protected]@ -21,3 +22,51 @@
+ 
+ is url() => 'http://proxy', 'url() with default port';
+ 
++subtest 'rewrite_interactions' => sub {
++    # Reference: RT#45019
++
++    local %ENV =  (
++      # These two are always set
++      'SCRIPT_NAME'     => '/real/cgi-bin/dispatch.cgi',
++      'SCRIPT_FILENAME' => '/home/mark/real/path/cgi-bin/dispatch.cgi',
++
++      # These two are added by mod_rewrite Ref: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
++
++      'SCRIPT_URL'      => '/real/path/info',
++      'SCRIPT_URI'      => 'http://example.com/real/path/info',
++
++      'PATH_INFO'       => '/path/info',
++      'REQUEST_URI'     => '/real/path/info',
++      'HTTP_HOST'       => 'example.com'
++    );
++
++    my $q = CGI->new;
++
++    is(
++        $q->url( -absolute => 1, -query => 1, -path_info => 1 ),
++        '/real/path/info',
++        '$q->url( -absolute => 1, -query => 1, -path_info => 1 ) should return complete path, even when mod_rewrite is detected.'
++    );
++    is( $q->url(), 'http://example.com/real', '$q->url(), with rewriting detected' );
++    is( $q->url(-full=>1), 'http://example.com/real', '$q->url(-full=>1), with rewriting detected' );
++    is( $q->url(-path=>1), 'http://example.com/real/path/info', '$q->url(-path=>1), with rewriting detected' );
++    is( $q->url(-path=>0), 'http://example.com/real', '$q->url(-path=>0), with rewriting detected' );
++    is( $q->url(-full=>1,-path=>1), 'http://example.com/real/path/info', '$q->url(-full=>1,-path=>1), with rewriting detected' );
++    is( $q->url(-rewrite=>1,-path=>0), 'http://example.com/real', '$q->url(-rewrite=>1,-path=>0), with rewriting detected' );
++    is( $q->url(-rewrite=>1), 'http://example.com/real',
++                                                '$q->url(-rewrite=>1), with rewriting detected' );
++    is( $q->url(-rewrite=>0), 'http://example.com/real/cgi-bin/dispatch.cgi',
++                                                '$q->url(-rewrite=>0), with rewriting detected' );
++    is( $q->url(-rewrite=>0,-path=>1), 'http://example.com/real/cgi-bin/dispatch.cgi/path/info',
++                                                '$q->url(-rewrite=>0,-path=>1), with rewriting detected' );
++    is( $q->url(-rewrite=>1,-path=>1), 'http://example.com/real/path/info',
++                                                '$q->url(-rewrite=>1,-path=>1), with rewriting detected' );
++    is( $q->url(-rewrite=>0,-path=>0), 'http://example.com/real/cgi-bin/dispatch.cgi',
++                                                '$q->url(-rewrite=>0,-path=>1), with rewriting detected' );
++    done_testing();
++};
++
++
++done_testing();
++
++
+diff -Naur perl-5.12.4/MANIFEST CGI.pm-3.59/MANIFEST
+--- perl-5.12.4/MANIFEST	2011-06-07 13:04:05.000000000 -0700
++++ CGI.pm-3.59/MANIFEST	2012-06-13 14:15:21.906099448 -0700
[email protected]@ -198,30 +198,36 @@
+ cpan/CGI/t/autoescape.t			See if CGI.pm works
+ cpan/CGI/t/can.t			See if CGI.pm works
+ cpan/CGI/t/carp.t			See if CGI::Carp works
++cpan/CGI/t/charset.t
+ cpan/CGI/t/checkbox_group.t		See if CGI.pm works
+ cpan/CGI/t/cookie.t			See if CGI::Cookie works
++cpan/CGI/t/delete.t
+ cpan/CGI/t/Dump.t			See if CGI->Dump works
+ cpan/CGI/t/end_form.t			See if CGI.pm works
++cpan/CGI/t/fast.t			See if CGI.pm works
+ cpan/CGI/t/form.t			See if CGI.pm works
+ cpan/CGI/t/function.t			See if CGI.pm works
++cpan/CGI/t/gen-tests/gen-start-end-tags.pl
+ cpan/CGI/t/headers.t			See if CGI.pm works
+ cpan/CGI/t/hidden.t			See if CGI.pm works
+ cpan/CGI/t/html.t			See if CGI.pm works
+ cpan/CGI/t/http.t			See if CGI.pm works
+ cpan/CGI/t/init.t			See if CGI.pm works
+ cpan/CGI/t/init_test.txt		See if CGI.pm works
+-cpan/CGI/t/multipart_init.t		See if CGI.pm works
+ cpan/CGI/t/no_tabindex.t		See if CGI.pm works
++cpan/CGI/t/param_fetch.t
+ cpan/CGI/t/popup_menu.t			See if CGI pop menus work
+ cpan/CGI/t/pretty.t			See if CGI.pm works
+ cpan/CGI/t/push.t			See if CGI::Push works
+ cpan/CGI/t/query_string.t		See if CGI->query_string() works
+ cpan/CGI/t/request.t			See if CGI.pm works
++cpan/CGI/t/rt-52469.t
+ cpan/CGI/t/save_read_roundtrip.t	See if CGI.pm works
+ cpan/CGI/t/start_end_asterisk.t		See if CGI.pm works
+ cpan/CGI/t/start_end_end.t		See if CGI.pm works
+ cpan/CGI/t/start_end_start.t		See if CGI.pm works
+ cpan/CGI/t/switch.t			See if CGI::Switch still loads
++cpan/CGI/t/tmpdir.t
+ cpan/CGI/t/unescapeHTML.t		See if CGI::unescapeHTML() works
+ cpan/CGI/t/uploadInfo.t			See if CGI.pm works
+ cpan/CGI/t/upload_post_text.txt		Test data for CGI.pm
--- a/components/perl512/patches/CVE-2011-2728.patch	Wed Jun 20 10:19:47 2012 -0700
+++ b/components/perl512/patches/CVE-2011-2728.patch	Wed Jun 20 13:50:44 2012 -0700
@@ -46,12 +46,3 @@
 +# This used to segfault.
 +my $i = bsd_glob('*', GLOB_ALTDIRFUNC);
 +is(&File::Glob::GLOB_ERROR, 0, "Successfuly ignored unsupported flag");
---- perl-5.12.3/patchlevel.h.orig     út lis 15 13:26:11 2011
-+++ perl-5.12.3/patchlevel.h  út lis 15 13:26:17 2011
[email protected]@ -131,6 +131,7 @@
- 	,"uncommitted-changes"
- #endif
- 	PERL_GIT_UNPUSHED_COMMITS    	/* do not remove this line */
-+	,"7111771 Problem with utility/perl"
- 	,NULL
- };
--- a/components/perl512/patches/CVE-2011-3597.patch	Wed Jun 20 10:19:47 2012 -0700
+++ b/components/perl512/patches/CVE-2011-3597.patch	Wed Jun 20 13:50:44 2012 -0700
@@ -298,13 +298,15 @@
 +$LOL::PWNED = 0;
 +eval { Digest->new(q[MD;5;$LOL::PWNED = 42]) };
 +is $LOL::PWNED, 0;
---- perl-5.12.4/patchlevel.h	Mo jun  4 16:58:05 2012
-+++ perl-5.12.4/patchlevel.h	Mo jun  4 16:58:23 2012
[email protected]@ -132,6 +132,7 @@
- #endif
- 	PERL_GIT_UNPUSHED_COMMITS    	/* do not remove this line */
- 	,"7111771 Problem with utility/perl"
-+	,"7125218 Problem with utility/perl"
- 	,NULL
- };
- 
+diff -Naur perl-5.12.4/MANIFEST new/MANIFEST
+--- perl-5.12.4/MANIFEST	2012-06-13 14:23:21.347805553 -0700
++++ new/MANIFEST	2012-06-13 15:08:46.655737770 -0700
[email protected]@ -704,6 +704,8 @@
+ cpan/Digest/t/base.t		See if Digest extensions work
+ cpan/Digest/t/digest.t		See if Digest extensions work
+ cpan/Digest/t/file.t		See if Digest extensions work
++cpan/Digest/t/lib/Digest/Dummy.pm
++cpan/Digest/t/security.t
+ cpan/Encode/AUTHORS		List of authors
+ cpan/Encode/bin/enc2xs		Encode module generator
+ cpan/Encode/bin/piconv		iconv by perl
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/perl512/patches/patchlevel_h.patch	Wed Jun 20 13:50:44 2012 -0700
@@ -0,0 +1,12 @@
+--- perl-5.12.4/patchlevel.h	2011-06-15 10:14:22.000000000 -0700
++++ CGI.pm-3.59/patchlevel.h	2012-06-13 18:10:17.136255349 -0700
[email protected]@ -131,6 +131,9 @@
+ 	,"uncommitted-changes"
+ #endif
+ 	PERL_GIT_UNPUSHED_COMMITS    	/* do not remove this line */
++	,"7111771 Problem with utility/perl"
++	,"7125218 Problem with utility/perl"
++	,"7030196 Problem with utility/perl"
+ 	,NULL
+ };
+