--- AnyEvent/Changes 2012/08/14 02:28:22 1.554 +++ AnyEvent/Changes 2017/08/17 02:12:36 1.625 @@ -6,6 +6,157 @@ TODO: FAQ: common pitfalls? invoke-before-return TODO: FAQ: scope-ids? hosts file order? TODO: AnyEvent::Handle with AnyEvent::IO? +TODO: invalid. and localhost. specialcasing inside AEDNS and not AESocket (rfc6761) +TODO: maybe implement env variable to give hosts precedence +TODO: more formats for parse_ipv6 (single ipv6 address without port, ...p80, ...#80) +TODO: inet_aton maybe pack C4? no, add a comment why not +TODO: socket prepare callbacks, can they easily signal failure as well? + + - AnyEvent::Socket::parse_ipv6 would NOT, as advertised, accept ipv4 + addresses. It now does and converts them to ipv4 mapped addresses. + - support CAA records, based on patch by Steve Atkins. + +7.14 Sat Jun 24 01:44:19 CEST 2017 + - fix a crash bug in AnyEvent::Handle with openssl 1.1.0 (patched + by Paul Howarth and apparently tracked down by Mike McCauley). + - AnyEvent::Handle->keepalive was documented (and defined) twice + (found by Matt Merhar). + - AnyEvent::Socket::tcp_bind/tcp_server would immediately unlink a unix + listening socket unless a guard is used. Change this so that no + cleanup will be performed unless a guard is used and document this more + clearly. + - make tcp_bind/tcp_server error messages more regular. + - work around latest perl upstream breakage - this time, perl5porters were + apparently bullied by a bogus CVE (CVE-2016-1238), and since distros + stupidly apply anything that has "security fix" stamped on it, it's likely + going to be a problem in practise (and working around it is trivial on + windows and unix). + - add TCP_FASTOPEN/MSG_FASTOPEN and MSG_NOSIGNAL/MSG_MORE/MSG_DONTWAIT + to constants. + - update warnings to common::sense 3.74 standards. + +7.13 Sat Sep 17 04:31:49 CEST 2016 + - Only call tlsext_host_name for non-empty common names (reported + by Maxime Soulé). + - log a (single) notice message if SNI is not supported. + - upgrade to UTS-46:9.0.0 draft and switch to non-transitional + behaviour, beating thunderbird, ie, edge, chrome and safari to it :) + (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1218179) + - turns out the UTS-46 IDNA testcase failures were indeed bugs in the + testcases and the specification and not in the code - the post-9.0.0 + unicode files have all known problems fixed, so finally the AnyEvent + IDNA implementation can pass the full IDNA testsuite - without needing + a single fix :) + - guarantee (and document) that condvar callbacks will be removed + on invocation - important to avoid circular references. + +7.12 Wed Jan 27 19:12:26 CET 2016 + - use common name as hostname for tls connects, if Net::SSLeay + supports SNI. + - fix documentation of tls_autostart read type in AnyEvent::Handle, + analyzed by Felix Ostmann. + +7.11 Thu Jul 16 14:36:00 CEST 2015 + - AnyEvent::Socket::parse_ipv6 could accept malformed ipv6 + addresses (extra "::" at end and similar cases). + - add a more explicit warning to AnyEvent::Handle that it doesn't + work on files, people keep getting confused. + - new function AnyEvent::Socket::tcp_bind. + - new functions AnyEvent::fh_block and AnyEvent::fh_unblock. + - aligned ipv6 address formatting with RFC 5952 (by not shortening + a single :0: to ::). + - added stability canary support. + +7.09 Sat May 2 16:38:53 CEST 2015 + - AnyEvent::Debug called an internal function (AnyEvent::Log::ft) + that was renamed to AnyEvent::Log:format_time. uinder its old name + (analyzed by Michael Stovenour). + - update AnyEvent::DNS fallback resolver addresses: + seems google effectively killed most other free dns resolvers, + so remove them, but add cable and wireless (ecrc) since it was + stable for 20 years or so, official or not, and there should be + an alternative to google. + - perl5porters broke windows error codes in 5.20, and mapped + WSAEWOULDBLOCK on the (different) EWOULDBLOCK error code, and + WSAEINPROGRESS into the incompatible ERINPROGRESS code, probably + because they were so cool. They probably broke other error codes + for no reason, too, but I didn't care for checking, it's too + depressing. This version only works around the WSAEWOULDBLOCK + issue, because I don't have a nice way to work around the + WSAEINPROGRESS bug. + +7.08 Wed Dec 10 05:27:17 CET 2014 + - work around a newly introduced bug in Socket 2.011 (an + errornous sun_length check) (analyzed by Maxime Soulé). + - AnyEvent::TLS didn't load (but refer to) AnyEvent::Socket + (analyzed by Ben Magistro). + - AnyEvent::Strict will now confess, not croak. This is in line with + it being a development/debugging tool. + - work around a number of libglib bugs (debug builds of libglib enforce + certain undocumented behaviour patterns such as not being able to + remove a child watch source after it has fired, which we will try + to emulate to avoid "criticals". what where they thinking...). + - mention json security issues in AnyEvent::Handle, now that Douglas + Crockford has foolishly and incompatibly changed JSON. + - changed default dns resolver "max_outstanding" value from 1 to 10, + the latter beinfg the intended value all along + (reported by Ilya Chesnokov). + - added new "AnyEvent::Impl::UV" interface module to the UV event lib + (written by Mike Lowell). + +7.07 Tue Dec 17 17:45:02 CET 2013 + - the documentation for custom tls verify schemes was wrong. make it agree + with the code (reported by Maxime Soulé). + - added cbor read and write types to AnyEvent::Handle (using CBOR::XS). + - work around an API change in openssl that could cause wrong tls connection + aborts, likely on windows only (analyzed by sten). + - calling AnyEvent->now_update with AnyEvent::Impl::Perl caused an + endless loop (reported by Dietrich Rebmann). + - add tlsv1_1 and tlsv1_2 protocols to AnyEvent::TLS + (patch by Maxime Soulé). + - document AnyEvent::Impl::IOAsync::set_loop and + $AnyEvent::Impl::IOAsync::LOOP. Though only documented now, this + functionality has _always_ been available. + - force a toplevel domain name in t/81_hosts.t (analyzed by + David Jack Wange Olrik). + - document that AnyEvent::Log uses AnyEvent::IO. + - warn about AnyEvent::Filesys::Notify performance. + - praise the joys of AnyEvent::Fork::*. + - time for an =encoding directive. + - do no longer use JSON to create a default json coder, use + JSON::XS or JSON::PP directly. + +7.05 Wed Aug 21 10:38:08 CEST 2013 + - uts46data.pl couldn't be found due to wrong naming of the file + (reported by Fulko Hew). + - handle lone \015's properly in AE::Handle's default line read + (reported by various people). + - untaint ip addresses found in /etc/hosts (patch by José Micó). + - the memleak fix in 7.03 caused resolving via /etc/hosts to always + fail on first use (reported and testcase by Andrew Whatson). + - expose AnyEvent::Log::format_time, and allow users to redefine it. + - expose AnyEvent::Log::default_format, and allow redefinition. + - expose AnyEvent::Log::fatal_exit, to allow redefinition. + - AnyEvent::Debug shell can now run coro shell commands, if available. + - t/63* tests were wrongly in MANIFEST. + - kernel.org's finger server went MIA, switch to freebsd.org and + icculus.org. + - clarify that IO::AIO and AnyEvent::AIO are needed for AnyEvent::IO + to function asynchronously (reported by Daniel Carosone). + - hard-disable $^W in most tests, it generates too much garbage output. + - use a (hopefully) more future-proof method to emulate common::sense. + - upgrade to UTS-46:6.2.0. + - switch to INSTLIB from INSTLIBDIR, as INSTLIBDIR was wrongly + documented. should not affect anything. + +7.04 Thu Nov 15 02:23:58 CET 2012 + - debugging code left in. + +7.03 Thu Nov 15 02:16:11 CET 2012 + - AnyEvent::Socket::inet_aton did not work when dns resolution was + used to find the addresses (analyzed and patch by Maxime Soulé). + - fix a memory leak in the /etc/hosts lookup code when hosts don't + resolve and are not in hosts (analyzed by sten). 7.02 Tue Aug 14 04:27:58 CEST 2012 - AnyEvent::Util::run_cmd could block indefinitely (analyzed and test @@ -574,7 +725,7 @@ - add an additional error message parameter to AnyEvent::Handle's on_error callback (for TLS, $! is still available). - add AnyEvent::Handle on_starttls/on_stoptls callbacks. - - make AnyEvent::Handle more robust against early conenction + - make AnyEvent::Handle more robust against early connection failures (during new), and return C in that case from the constructor. - AnyEvent::Handle will now try to load only JSON::XS first,