Simple update, fixing CVE-2019-16782. See https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 for details.
I'm guessing the vulnerability shouldn't affect most apps using rack, since in most cases the cookie store is used (and the session ID is ignored in that case). However, if a database backed session store is used, there is a possible timing attack. I'll commit this tomorrow unless I hear objections. This should probably be backported to -stable after being merged to -current. However, I won't be able to handle that until late next week at the earliest. Thanks, Jeremy Index: Makefile =================================================================== RCS file: /cvs/ports/www/ruby-rack/Makefile,v retrieving revision 1.25 diff -u -p -r1.25 Makefile --- Makefile 12 Jul 2019 20:51:04 -0000 1.25 +++ Makefile 19 Dec 2019 23:45:30 -0000 @@ -2,7 +2,7 @@ COMMENT= modular Ruby webserver interface -DISTNAME= rack-2.0.6 +DISTNAME= rack-2.0.8 CATEGORIES= www HOMEPAGE= http://rack.github.io/ Index: distinfo =================================================================== RCS file: /cvs/ports/www/ruby-rack/distinfo,v retrieving revision 1.13 diff -u -p -r1.13 distinfo --- distinfo 9 Nov 2018 16:27:32 -0000 1.13 +++ distinfo 19 Dec 2019 23:45:41 -0000 @@ -1,2 +1,2 @@ -SHA256 (rack-2.0.6.gem) = 9YdKycIiPsxl/K0xIMiE/CqGjBwY9Uj/Z2pushvaj90= -SIZE (rack-2.0.6.gem) = 255488 +SHA256 (rack-2.0.8.gem) = +YFx+zDhBJUKvh6fuXwXfYu1ZD3WSbwu2DeGTrWWoMU= +SIZE (rack-2.0.8.gem) = 256000
