Hello community, here is the log from the commit of package rubygem-rack-1_4 for openSUSE:12.3 checked in at 2013-02-12 22:27:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3/rubygem-rack-1_4 (Old) and /work/SRC/openSUSE:12.3/.rubygem-rack-1_4.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-1_4", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:12.3/rubygem-rack-1_4/rubygem-rack-1_4.changes 2013-01-31 01:37:01.000000000 +0100 +++ /work/SRC/openSUSE:12.3/.rubygem-rack-1_4.new/rubygem-rack-1_4.changes 2013-02-12 22:27:12.000000000 +0100 @@ -1,0 +2,45 @@ +Mon Feb 11 08:19:08 UTC 2013 - [email protected] + +- updated to version 1.4.5 + * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie + * Fix CVE-2013-0262, symlink path traversal in Rack::File + +- from 1.4.4: + * [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings + * Fixed erroneous test case in the 1.3.x series + +------------------------------------------------------------------- +Tue Jan 8 20:26:44 UTC 2013 - [email protected] + +- updated to version 1.4.3 + * Add warnings when users do not provide a session secret + * Fix parsing performance for unquoted filenames + * Updated URI backports + * Fix URI backport version matching, and silence constant warnings + * Correct parameter parsing with empty values + * Correct rackup '-I' flag, to allow multiple uses + * Correct rackup pidfile handling + * Report rackup line numbers correctly + * Fix request loops caused by non-stale nonces with time limits + * Fix reloader on Windows + * Prevent infinite recursions from Response#to_ary + * Various middleware better conforms to the body close specification + * Updated language for the body close specification + * Additional notes regarding ECMA escape compatibility issues + * Fix the parsing of multiple ranges in range headers + * Prevent errors from empty parameter keys + * Added PATCH verb to Rack::Request + * Various documentation updates + * Fix session merge semantics (fixes rack-test) + * Rack::Static :index can now handle multiple directories + * All tests now utilize Rack::Lint (special thanks to Lars Gierth) + * Rack::File cache_control parameter is now deprecated, and removed by 1.5 + * Correct Rack::Directory script name escaping + * Rack::Static supports header rules for sophisticated configurations + * Multipart parsing now works without a Content-Length header + * New logos courtesy of Zachary Scott! + * Rack::BodyProxy now explicitly defines #each, useful for C extensions + * Cookies that are not URI escaped no longer cause exceptions + * Security: Prevent unbounded reads in large multipart boundaries + +------------------------------------------------------------------- Old: ---- rack-1.4.1.gem New: ---- rack-1.4.5.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-rack-1_4.spec ++++++ --- /var/tmp/diff_new_pack.dYTcgE/_old 2013-02-12 22:27:12.000000000 +0100 +++ /var/tmp/diff_new_pack.dYTcgE/_new 2013-02-12 22:27:12.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package rubygem-rack-1_4 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: rubygem-rack-1_4 -Version: 1.4.1 +Version: 1.4.5 Release: 0 %define mod_name rack %define mod_branch -1_4 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
