Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-rack-2.2 for
openSUSE:Factory checked in at 2023-03-15 18:56:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-2.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack-2.2.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-2.2"
Wed Mar 15 18:56:04 2023 rev:4 rq:1072043 version:2.2.6.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack-2.2/rubygem-rack-2.2.changes
2023-03-14 18:17:26.567987773 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-rack-2.2.new.31432/rubygem-rack-2.2.changes
2023-03-15 18:56:12.104924065 +0100
@@ -1,0 +2,7 @@
+Wed Mar 15 08:19:14 UTC 2023 - Daniel Donisa <daniel.don...@suse.com>
+
+- updated to version 2.2.6.4
+
+ [CVE-2023-27539] Avoid ReDoS in header parsing
+
+-------------------------------------------------------------------
Old:
----
rack-2.2.6.3.gem
New:
----
rack-2.2.6.4.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack-2.2.spec ++++++
--- /var/tmp/diff_new_pack.v2u04B/_old 2023-03-15 18:56:12.604926725 +0100
+++ /var/tmp/diff_new_pack.v2u04B/_new 2023-03-15 18:56:12.604926725 +0100
@@ -24,7 +24,7 @@
#
Name: rubygem-rack-2.2
-Version: 2.2.6.3
+Version: 2.2.6.4
Release: 0
%define mod_name rack
%define mod_full_name %{mod_name}-%{version}
++++++ rack-2.2.6.3.gem -> rack-2.2.6.4.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2023-03-02 23:55:39.000000000 +0100
+++ new/CHANGELOG.md 2023-03-13 19:09:27.000000000 +0100
@@ -2,6 +2,10 @@
All notable changes to this project will be documented in this file. For info
on how to format all future additions to this file please reference [Keep A
Changelog](https://keepachangelog.com/en/1.0.0/).
+## [2.2.6.4] - 2023-03-13
+
+- [CVE-2023-27539] Avoid ReDoS in header parsing
+
## [2.2.6.3] - 2023-03-02
- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/request.rb new/lib/rack/request.rb
--- old/lib/rack/request.rb 2023-03-02 23:55:39.000000000 +0100
+++ new/lib/rack/request.rb 2023-03-13 19:09:27.000000000 +0100
@@ -572,8 +572,8 @@
end
def parse_http_accept_header(header)
- header.to_s.split(/\s*,\s*/).map do |part|
- attribute, parameters = part.split(/\s*;\s*/, 2)
+ header.to_s.split(",").each(&:strip!).map do |part|
+ attribute, parameters = part.split(";", 2).each(&:strip!)
quality = 1.0
if parameters and /\Aq=([\d.]+)/ =~ parameters
quality = $1.to_f
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/version.rb new/lib/rack/version.rb
--- old/lib/rack/version.rb 2023-03-02 23:55:39.000000000 +0100
+++ new/lib/rack/version.rb 2023-03-13 19:09:27.000000000 +0100
@@ -20,7 +20,7 @@
VERSION.join(".")
end
- RELEASE = "2.2.6.3"
+ RELEASE = "2.2.6.4"
# Return the Rack release as a dotted string.
def self.release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2023-03-02 23:55:39.000000000 +0100
+++ new/metadata 2023-03-13 19:09:27.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: rack
version: !ruby/object:Gem::Version
- version: 2.2.6.3
+ version: 2.2.6.4
platform: ruby
authors:
- Leah Neukirchen
-autorequire:
+autorequire:
bindir: bin
cert_chain: []
-date: 2023-03-02 00:00:00.000000000 Z
+date: 2023-03-13 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: minitest
@@ -169,7 +169,7 @@
changelog_uri: https://github.com/rack/rack/blob/master/CHANGELOG.md
documentation_uri: https://rubydoc.info/github/rack/rack
source_code_uri: https://github.com/rack/rack
-post_install_message:
+post_install_message:
rdoc_options: []
require_paths:
- lib
@@ -184,8 +184,8 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.4.1
-signing_key:
+rubygems_version: 3.0.3.1
+signing_key:
specification_version: 4
summary: A modular Ruby webserver interface.
test_files: []
