Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-rack-2.2 for
openSUSE:Factory checked in at 2025-09-29 16:32:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-2.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack-2.2.new.11973 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-2.2"
Mon Sep 29 16:32:32 2025 rev:16 rq:1307562 version:2.2.18
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack-2.2/rubygem-rack-2.2.changes
2025-06-13 18:46:44.910017315 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-rack-2.2.new.11973/rubygem-rack-2.2.changes
2025-09-29 16:34:46.204819961 +0200
@@ -1,0 +2,6 @@
+Fri Sep 26 12:10:49 UTC 2025 - Rubhan Azeem <[email protected]>
+
+- update to version 2.2.18
+ *
[CVE-2025-59830](https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm)
Unbounded parameter parsing in `Rack::QueryParser` can lead to memory
exhaustion via semicolon-separated parameters.
+
+-------------------------------------------------------------------
Old:
----
rack-2.2.17.gem
New:
----
rack-2.2.18.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack-2.2.spec ++++++
--- /var/tmp/diff_new_pack.92KrFd/_old 2025-09-29 16:34:46.728842022 +0200
+++ /var/tmp/diff_new_pack.92KrFd/_new 2025-09-29 16:34:46.732842191 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-rack-2.2
#
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-rack-2.2
-Version: 2.2.17
+Version: 2.2.18
Release: 0
%define mod_name rack
%define mod_full_name %{mod_name}-%{version}
++++++ rack-2.2.17.gem -> rack-2.2.18.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 1980-01-02 01:00:00.000000000 +0100
+++ new/CHANGELOG.md 1980-01-02 01:00:00.000000000 +0100
@@ -2,6 +2,10 @@
All notable changes to this project will be documented in this file. For info
on how to format all future additions to this file please reference [Keep A
Changelog](https://keepachangelog.com/en/1.0.0/).
+## [2.2.18] - 2025-09-25
+
+-
[CVE-2025-59830](https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm)
Unbounded parameter parsing in `Rack::QueryParser` can lead to memory
exhaustion via semicolon-separated parameters.
+
## [2.2.17] - 2025-06-03
- Backport `Rack::MediaType#params` now handles parameters without values.
([#2263](https://github.com/rack/rack/pull/2263),
[@AllyMarthaJ](https://github.com/AllyMarthaJ))
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/handler/thin.rb new/lib/rack/handler/thin.rb
--- old/lib/rack/handler/thin.rb 1980-01-02 01:00:00.000000000 +0100
+++ new/lib/rack/handler/thin.rb 1980-01-02 01:00:00.000000000 +0100
@@ -15,8 +15,6 @@
host = options.delete(:Host) || default_host
port = options.delete(:Port) || 8080
args = [host, port, app, options]
- # Thin versions below 0.8.0 do not support additional options
- args.pop if ::Thin::VERSION::MAJOR < 1 && ::Thin::VERSION::MINOR < 8
server = ::Thin::Server.new(*args)
yield server if block_given?
server.start
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/query_parser.rb new/lib/rack/query_parser.rb
--- old/lib/rack/query_parser.rb 1980-01-02 01:00:00.000000000 +0100
+++ new/lib/rack/query_parser.rb 1980-01-02 01:00:00.000000000 +0100
@@ -188,7 +188,7 @@
raise QueryLimitError, "total query size (#{qs.bytesize}) exceeds
limit (#{@bytesize_limit})"
end
- if (param_count = qs.count(sep.is_a?(String) ? sep : '&')) >=
@params_limit
+ if (param_count = qs.count(sep.is_a?(String) ? sep : '&;')) >=
@params_limit
raise QueryLimitError, "total number of query parameters
(#{param_count+1}) exceeds limit (#{@params_limit})"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/version.rb new/lib/rack/version.rb
--- old/lib/rack/version.rb 1980-01-02 01:00:00.000000000 +0100
+++ new/lib/rack/version.rb 1980-01-02 01:00:00.000000000 +0100
@@ -20,7 +20,7 @@
VERSION.join(".")
end
- RELEASE = "2.2.17"
+ RELEASE = "2.2.18"
# Return the Rack release as a dotted string.
def self.release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 1980-01-02 01:00:00.000000000 +0100
+++ new/metadata 1980-01-02 01:00:00.000000000 +0100
@@ -1,7 +1,7 @@
--- !ruby/object:Gem::Specification
name: rack
version: !ruby/object:Gem::Version
- version: 2.2.17
+ version: 2.2.18
platform: ruby
authors:
- Leah Neukirchen
@@ -182,7 +182,7 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.7.0.dev
+rubygems_version: 3.6.9
specification_version: 4
summary: A modular Ruby webserver interface.
test_files: []
