--- AnyEvent/Changes 2012/04/08 04:18:46 1.545 +++ AnyEvent/Changes 2017/07/01 15:48:51 1.624 @@ -3,11 +3,174 @@ TODO: document TCP_*** constants TODO: add debug/trace logging to some modules TODO: use the eval-with-cb-call trick also to speed up JSON? -lib/AnyEvent/DNS.pm: open my $fh, "<", $resolv_conf -lib/AnyEvent/DNS.pm: if (open my $fh, "ipconfig /all |") { -lib/AnyEvent/TLS.pm: or croak "$dh_file: failed to open DH parameter file: $!"; +TODO: FAQ: common pitfalls? invoke-before-return +TODO: FAQ: scope-ids? hosts file order? +TODO: AnyEvent::Handle with AnyEvent::IO? +TODO: invalid. and localhost. specialcasing inside AEDNS and not AESocket (rfc6761) +TODO: maybe implement env variable to give hosts precedence +TODO: more formats for parse_ipv6 (single ipv6 address without port, ...p80, ...#80) +TODO: inet_aton maybe pack C4? no, add a comment why not +TODO: socket prepare callbacks, can they easily signal failure as well? + + - AnyEvent::Socket::parse_ipv6 would NOT, as advertised, accept ipv4 + addresses. It now does and converts them to ipv4 mapped addresses. + +7.14 Sat Jun 24 01:44:19 CEST 2017 + - fix a crash bug in AnyEvent::Handle with openssl 1.1.0 (patched + by Paul Howarth and apparently tracked down by Mike McCauley). + - AnyEvent::Handle->keepalive was documented (and defined) twice + (found by Matt Merhar). + - AnyEvent::Socket::tcp_bind/tcp_server would immediately unlink a unix + listening socket unless a guard is used. Change this so that no + cleanup will be performed unless a guard is used and document this more + clearly. + - make tcp_bind/tcp_server error messages more regular. + - work around latest perl upstream breakage - this time, perl5porters were + apparently bullied by a bogus CVE (CVE-2016-1238), and since distros + stupidly apply anything that has "security fix" stamped on it, it's likely + going to be a problem in practise (and working around it is trivial on + windows and unix). + - add TCP_FASTOPEN/MSG_FASTOPEN and MSG_NOSIGNAL/MSG_MORE/MSG_DONTWAIT + to constants. + - update warnings to common::sense 3.74 standards. + +7.13 Sat Sep 17 04:31:49 CEST 2016 + - Only call tlsext_host_name for non-empty common names (reported + by Maxime Soulé). + - log a (single) notice message if SNI is not supported. + - upgrade to UTS-46:9.0.0 draft and switch to non-transitional + behaviour, beating thunderbird, ie, edge, chrome and safari to it :) + (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1218179) + - turns out the UTS-46 IDNA testcase failures were indeed bugs in the + testcases and the specification and not in the code - the post-9.0.0 + unicode files have all known problems fixed, so finally the AnyEvent + IDNA implementation can pass the full IDNA testsuite - without needing + a single fix :) + - guarantee (and document) that condvar callbacks will be removed + on invocation - important to avoid circular references. + +7.12 Wed Jan 27 19:12:26 CET 2016 + - use common name as hostname for tls connects, if Net::SSLeay + supports SNI. + - fix documentation of tls_autostart read type in AnyEvent::Handle, + analyzed by Felix Ostmann. + +7.11 Thu Jul 16 14:36:00 CEST 2015 + - AnyEvent::Socket::parse_ipv6 could accept malformed ipv6 + addresses (extra "::" at end and similar cases). + - add a more explicit warning to AnyEvent::Handle that it doesn't + work on files, people keep getting confused. + - new function AnyEvent::Socket::tcp_bind. + - new functions AnyEvent::fh_block and AnyEvent::fh_unblock. + - aligned ipv6 address formatting with RFC 5952 (by not shortening + a single :0: to ::). + - added stability canary support. + +7.09 Sat May 2 16:38:53 CEST 2015 + - AnyEvent::Debug called an internal function (AnyEvent::Log::ft) + that was renamed to AnyEvent::Log:format_time. uinder its old name + (analyzed by Michael Stovenour). + - update AnyEvent::DNS fallback resolver addresses: + seems google effectively killed most other free dns resolvers, + so remove them, but add cable and wireless (ecrc) since it was + stable for 20 years or so, official or not, and there should be + an alternative to google. + - perl5porters broke windows error codes in 5.20, and mapped + WSAEWOULDBLOCK on the (different) EWOULDBLOCK error code, and + WSAEINPROGRESS into the incompatible ERINPROGRESS code, probably + because they were so cool. They probably broke other error codes + for no reason, too, but I didn't care for checking, it's too + depressing. This version only works around the WSAEWOULDBLOCK + issue, because I don't have a nice way to work around the + WSAEINPROGRESS bug. + +7.08 Wed Dec 10 05:27:17 CET 2014 + - work around a newly introduced bug in Socket 2.011 (an + errornous sun_length check) (analyzed by Maxime Soulé). + - AnyEvent::TLS didn't load (but refer to) AnyEvent::Socket + (analyzed by Ben Magistro). + - AnyEvent::Strict will now confess, not croak. This is in line with + it being a development/debugging tool. + - work around a number of libglib bugs (debug builds of libglib enforce + certain undocumented behaviour patterns such as not being able to + remove a child watch source after it has fired, which we will try + to emulate to avoid "criticals". what where they thinking...). + - mention json security issues in AnyEvent::Handle, now that Douglas + Crockford has foolishly and incompatibly changed JSON. + - changed default dns resolver "max_outstanding" value from 1 to 10, + the latter beinfg the intended value all along + (reported by Ilya Chesnokov). + - added new "AnyEvent::Impl::UV" interface module to the UV event lib + (written by Mike Lowell). + +7.07 Tue Dec 17 17:45:02 CET 2013 + - the documentation for custom tls verify schemes was wrong. make it agree + with the code (reported by Maxime Soulé). + - added cbor read and write types to AnyEvent::Handle (using CBOR::XS). + - work around an API change in openssl that could cause wrong tls connection + aborts, likely on windows only (analyzed by sten). + - calling AnyEvent->now_update with AnyEvent::Impl::Perl caused an + endless loop (reported by Dietrich Rebmann). + - add tlsv1_1 and tlsv1_2 protocols to AnyEvent::TLS + (patch by Maxime Soulé). + - document AnyEvent::Impl::IOAsync::set_loop and + $AnyEvent::Impl::IOAsync::LOOP. Though only documented now, this + functionality has _always_ been available. + - force a toplevel domain name in t/81_hosts.t (analyzed by + David Jack Wange Olrik). + - document that AnyEvent::Log uses AnyEvent::IO. + - warn about AnyEvent::Filesys::Notify performance. + - praise the joys of AnyEvent::Fork::*. + - time for an =encoding directive. + - do no longer use JSON to create a default json coder, use + JSON::XS or JSON::PP directly. + +7.05 Wed Aug 21 10:38:08 CEST 2013 + - uts46data.pl couldn't be found due to wrong naming of the file + (reported by Fulko Hew). + - handle lone \015's properly in AE::Handle's default line read + (reported by various people). + - untaint ip addresses found in /etc/hosts (patch by José Micó). + - the memleak fix in 7.03 caused resolving via /etc/hosts to always + fail on first use (reported and testcase by Andrew Whatson). + - expose AnyEvent::Log::format_time, and allow users to redefine it. + - expose AnyEvent::Log::default_format, and allow redefinition. + - expose AnyEvent::Log::fatal_exit, to allow redefinition. + - AnyEvent::Debug shell can now run coro shell commands, if available. + - t/63* tests were wrongly in MANIFEST. + - kernel.org's finger server went MIA, switch to freebsd.org and + icculus.org. + - clarify that IO::AIO and AnyEvent::AIO are needed for AnyEvent::IO + to function asynchronously (reported by Daniel Carosone). + - hard-disable $^W in most tests, it generates too much garbage output. + - use a (hopefully) more future-proof method to emulate common::sense. + - upgrade to UTS-46:6.2.0. + - switch to INSTLIB from INSTLIBDIR, as INSTLIBDIR was wrongly + documented. should not affect anything. + +7.04 Thu Nov 15 02:23:58 CET 2012 + - debugging code left in. + +7.03 Thu Nov 15 02:16:11 CET 2012 + - AnyEvent::Socket::inet_aton did not work when dns resolution was + used to find the addresses (analyzed and patch by Maxime Soulé). + - fix a memory leak in the /etc/hosts lookup code when hosts don't + resolve and are not in hosts (analyzed by sten). + +7.02 Tue Aug 14 04:27:58 CEST 2012 + - AnyEvent::Util::run_cmd could block indefinitely (analyzed and test + program by Yorhel). + - verified that AnyEvent::Socket follows RFC5952. + - try to parse "ADDR#PORT" in addition to "ADDR PORT". + +7.01 Sun May 13 01:03:17 CEST 2012 + - fail with EPROTO in AnyEvent::Handle wqhen TLS is requested but + not available, instead of throwing an exception. + - use File::Spec to get the tmpdir in t/*, to avoid needless + failures on (most, not mine :) windows boxes. + - new handle read types: tls_detect and tls_autostart. -7 +7.0 Fri Apr 13 06:33:30 CEST 2012 - child watchers are broken in POE 1.352 (also many earlier versions) and there seems to be no way to work around it, as POE itself is inherently racy. Document this regression and add a delay @@ -18,6 +181,7 @@ - load /etc/hosts only when DNS has no answer. - stat /etc/hosts on every access and reload it if it changed. - load /etc/hosts via AnyEvent::IO - potentially asynchronous. + - fix a buggy croak in the dh parameter reading in AnyEvent::TLS. - AnyEvent::Log log_to_file and log_to_path now use AnyEvent::IO. As a side effect, they now use true appending as opposed to libc appending, and the file might not have been opened when the function @@ -25,7 +189,7 @@ - the default logging level was not properly documented in a variety of places, this has hopefully been rectified. - updated uts46data.pl for unicode 6.1.0. - - made log messages genearted by AnyEvent submodules not + - made log messages generated by AnyEvent submodules not include the package name anymore, as it will be logged by default already. - upgrade to the trick used by common-sense 3.5 to work @@ -560,7 +724,7 @@ - add an additional error message parameter to AnyEvent::Handle's on_error callback (for TLS, $! is still available). - add AnyEvent::Handle on_starttls/on_stoptls callbacks. - - make AnyEvent::Handle more robust against early conenction + - make AnyEvent::Handle more robust against early connection failures (during new), and return C in that case from the constructor. - AnyEvent::Handle will now try to load only JSON::XS first,