Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-rack for openSUSE:Factory
checked in at 2023-03-21 17:41:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack"
Tue Mar 21 17:41:46 2023 rev:26 rq:1073283 version:3.0.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack/rubygem-rack.changes
2023-03-09 17:46:55.807287996 +0100
+++ /work/SRC/openSUSE:Factory/.rubygem-rack.new.31432/rubygem-rack.changes
2023-03-21 17:41:46.933903209 +0100
@@ -1,0 +2,13 @@
+Mon Mar 20 11:53:21 UTC 2023 - pgaj...@suse.com
+
+- version update to 3.0.7
+ [3.0.7] - 2023-03-16
+ Make query parameters without = have nil values. (#2059, @jeremyevans)
+ [3.0.6.1] - 2023-03-13
+ [CVE-2023-27539] Avoid ReDoS in header parsing [bsc#1209503]
+ [3.0.6] - 2023-03-13
+ Add QueryParser#missing_value for handling missing values + tests. (#2052,
@ioquatix)
+ [3.0.5] - 2023-03-13
+ Split form/query parsing into two steps. (#2038, @matthewd)
+
+-------------------------------------------------------------------
Old:
----
rack-3.0.4.2.gem
New:
----
rack-3.0.7.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack.spec ++++++
--- /var/tmp/diff_new_pack.0aFi7Y/_old 2023-03-21 17:41:47.437905620 +0100
+++ /var/tmp/diff_new_pack.0aFi7Y/_new 2023-03-21 17:41:47.441905639 +0100
@@ -24,7 +24,7 @@
#
Name: rubygem-rack
-Version: 3.0.4.2
+Version: 3.0.7
Release: 0
%define mod_name rack
%define mod_full_name %{mod_name}-%{version}
++++++ rack-3.0.4.2.gem -> rack-3.0.7.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2023-03-02 23:56:21.000000000 +0100
+++ new/CHANGELOG.md 2023-03-16 03:22:41.000000000 +0100
@@ -2,6 +2,22 @@
All notable changes to this project will be documented in this file. For info
on how to format all future additions to this file please reference [Keep A
Changelog](https://keepachangelog.com/en/1.0.0/).
+## [3.0.7] - 2023-03-16
+
+- Make query parameters without `=` have `nil` values.
([#2059](https://github.com/rack/rack/pull/2059), [@jeremyevans])
+
+## [3.0.6.1] - 2023-03-13
+
+- [CVE-2023-27539] Avoid ReDoS in header parsing
+
+## [3.0.6] - 2023-03-13
+
+- Add `QueryParser#missing_value` for handling missing values + tests.
([#2052](https://github.com/rack/rack/pull/2052), [@ioquatix])
+
+## [3.0.5] - 2023-03-13
+
+- Split form/query parsing into two steps.
([#2038](https://github.com/rack/rack/pull/2038),
[@matthewd](https://github.com/matthewd))
+
## [3.0.4.1] - 2023-03-02
- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
@@ -12,7 +28,7 @@
- [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
- [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
-## [3.0.4] - 2022-01-17
+## [3.0.4] - 2023-01-17
- `Rack::Request#POST` should consistently raise errors. Cache errors that
occur when invoking `Rack::Request#POST` so they can be raised again later.
([#2010](https://github.com/rack/rack/pull/2010), [@ioquatix])
- Fix `Rack::Lint` error message for `HTTP_CONTENT_TYPE` and
`HTTP_CONTENT_LENGTH`. ([#2007](https://github.com/rack/rack/pull/2007),
[@byroot](https://github.com/byroot))
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/query_parser.rb new/lib/rack/query_parser.rb
--- old/lib/rack/query_parser.rb 2023-03-02 23:56:21.000000000 +0100
+++ new/lib/rack/query_parser.rb 2023-03-16 03:22:41.000000000 +0100
@@ -1,5 +1,7 @@
# frozen_string_literal: true
+require 'uri'
+
module Rack
class QueryParser
DEFAULT_SEP = /[&] */n
@@ -128,8 +130,6 @@
return if k.empty?
- v ||= String.new
-
if after == ''
if k == '[]' && depth != 0
return [v]
@@ -190,8 +190,8 @@
true
end
- def unescape(s)
- Utils.unescape(s)
+ def unescape(string, encoding = Encoding::UTF_8)
+ URI.decode_www_form_component(string, encoding)
end
class Params
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/request.rb new/lib/rack/request.rb
--- old/lib/rack/request.rb 2023-03-02 23:56:21.000000000 +0100
+++ new/lib/rack/request.rb 2023-03-16 03:22:41.000000000 +0100
@@ -501,10 +501,20 @@
end
begin
- if get_header(RACK_INPUT).nil?
- raise "Missing rack.input"
- elsif get_header(RACK_REQUEST_FORM_INPUT) == get_header(RACK_INPUT)
- get_header(RACK_REQUEST_FORM_HASH)
+ rack_input = get_header(RACK_INPUT)
+
+ # If the form hash was already memoized:
+ if form_hash = get_header(RACK_REQUEST_FORM_HASH)
+ # And it was memoized from the same input:
+ if get_header(RACK_REQUEST_FORM_INPUT).equal?(rack_input)
+ return form_hash
+ end
+ end
+
+ # Otherwise, figure out how to parse the input:
+ if rack_input.nil?
+ set_header RACK_REQUEST_FORM_INPUT, nil
+ set_header(RACK_REQUEST_FORM_HASH, {})
elsif form_data? || parseable_data?
unless set_header(RACK_REQUEST_FORM_HASH, parse_multipart)
form_vars = get_header(RACK_INPUT).read
@@ -516,6 +526,7 @@
set_header RACK_REQUEST_FORM_VARS, form_vars
set_header RACK_REQUEST_FORM_HASH, parse_query(form_vars, '&')
end
+
set_header RACK_REQUEST_FORM_INPUT, get_header(RACK_INPUT)
get_header RACK_REQUEST_FORM_HASH
else
@@ -634,8 +645,8 @@
end
def parse_http_accept_header(header)
- header.to_s.split(/\s*,\s*/).map do |part|
- attribute, parameters = part.split(/\s*;\s*/, 2)
+ header.to_s.split(",").each(&:strip!).map do |part|
+ attribute, parameters = part.split(";", 2).each(&:strip!)
quality = 1.0
if parameters and /\Aq=([\d.]+)/ =~ parameters
quality = $1.to_f
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/version.rb new/lib/rack/version.rb
--- old/lib/rack/version.rb 2023-03-02 23:56:21.000000000 +0100
+++ new/lib/rack/version.rb 2023-03-16 03:22:41.000000000 +0100
@@ -25,7 +25,7 @@
VERSION
end
- RELEASE = "3.0.4.2"
+ RELEASE = "3.0.7"
# Return the Rack release as a dotted string.
def self.release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack.rb new/lib/rack.rb
--- old/lib/rack.rb 2023-03-02 23:56:21.000000000 +0100
+++ new/lib/rack.rb 2023-03-16 03:22:41.000000000 +0100
@@ -41,6 +41,7 @@
autoload :MethodOverride, "rack/method_override"
autoload :Mime, "rack/mime"
autoload :NullLogger, "rack/null_logger"
+ autoload :QueryParser, "rack/query_parser"
autoload :Recursive, "rack/recursive"
autoload :Reloader, "rack/reloader"
autoload :RewindableInput, "rack/rewindable_input"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2023-03-02 23:56:21.000000000 +0100
+++ new/metadata 2023-03-16 03:22:41.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: rack
version: !ruby/object:Gem::Version
- version: 3.0.4.2
+ version: 3.0.7
platform: ruby
authors:
- Leah Neukirchen
autorequire:
bindir: bin
cert_chain: []
-date: 2023-03-02 00:00:00.000000000 Z
+date: 2023-03-16 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: minitest
@@ -164,7 +164,7 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.4.1
+rubygems_version: 3.4.6
signing_key:
specification_version: 4
summary: A modular Ruby webserver interface.
