Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-puma-4 for openSUSE:Factory
checked in at 2022-02-07 23:37:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-puma-4 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-puma-4.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-puma-4"
Mon Feb 7 23:37:47 2022 rev:3 rq:949095 version:4.3.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-puma-4/rubygem-puma-4.changes
2021-07-02 13:28:44.524167034 +0200
+++ /work/SRC/openSUSE:Factory/.rubygem-puma-4.new.1898/rubygem-puma-4.changes
2022-02-07 23:38:50.198138085 +0100
@@ -1,0 +2,17 @@
+Tue Jan 25 07:20:39 UTC 2022 - Stephan Kulow <co...@suse.com>
+
+updated to version 4.3.10
+ see installed History.md
+
+ ## 4.3.10 / 2021-10-12
+
+ * Bugfixes
+ * Allow UTF-8 in HTTP header values
+
+ ## 4.3.9 / 2021-10-12
+
+ * Security
+ * Do not allow LF as a line ending in a header (CVE-2021-41136)
+
+
+-------------------------------------------------------------------
Old:
----
puma-4.3.8.gem
New:
----
puma-4.3.10.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-puma-4.spec ++++++
--- /var/tmp/diff_new_pack.DblkXi/_old 2022-02-07 23:38:50.674134827 +0100
+++ /var/tmp/diff_new_pack.DblkXi/_new 2022-02-07 23:38:50.682134773 +0100
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-puma-4
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-puma-4
-Version: 4.3.8
+Version: 4.3.10
Release: 0
%define mod_name puma
%define mod_full_name %{mod_name}-%{version}
++++++ puma-4.3.8.gem -> puma-4.3.10.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/History.md new/History.md
--- old/History.md 2021-05-11 16:53:19.000000000 +0200
+++ new/History.md 2021-10-13 01:12:41.000000000 +0200
@@ -1,3 +1,13 @@
+## 4.3.10 / 2021-10-12
+
+* Bugfixes
+ * Allow UTF-8 in HTTP header values
+
+## 4.3.9 / 2021-10-12
+
+* Security
+ * Do not allow LF as a line ending in a header (CVE-2021-41136)
+
## 4.3.8 / 2021-05-11
* Security
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ext/puma_http11/http11_parser.c
new/ext/puma_http11/http11_parser.c
--- old/ext/puma_http11/http11_parser.c 2021-05-11 16:53:19.000000000 +0200
+++ new/ext/puma_http11/http11_parser.c 2021-10-13 01:12:41.000000000 +0200
@@ -430,7 +430,13 @@
switch( (*p) ) {
case 13: goto tr26;
case 32: goto tr27;
+ case 127: goto st0;
}
+ if ( (*p) > 8 ) {
+ if ( 10 <= (*p) && (*p) <= 31 )
+ goto st0;
+ } else if ( (*p) >= 0 )
+ goto st0;
goto tr25;
tr25:
#line 44 "ext/puma_http11/http11_parser.rl"
@@ -440,9 +446,16 @@
if ( ++p == pe )
goto _test_eof19;
case 19:
-#line 442 "ext/puma_http11/http11_parser.c"
- if ( (*p) == 13 )
- goto tr29;
+#line 448 "ext/puma_http11/http11_parser.c"
+ switch( (*p) ) {
+ case 13: goto tr29;
+ case 127: goto st0;
+ }
+ if ( (*p) > 8 ) {
+ if ( 10 <= (*p) && (*p) <= 31 )
+ goto st0;
+ } else if ( (*p) >= 0 )
+ goto st0;
goto st19;
tr9:
#line 51 "ext/puma_http11/http11_parser.rl"
@@ -486,7 +499,7 @@
if ( ++p == pe )
goto _test_eof20;
case 20:
-#line 488 "ext/puma_http11/http11_parser.c"
+#line 501 "ext/puma_http11/http11_parser.c"
switch( (*p) ) {
case 32: goto tr31;
case 60: goto st0;
@@ -507,7 +520,7 @@
if ( ++p == pe )
goto _test_eof21;
case 21:
-#line 509 "ext/puma_http11/http11_parser.c"
+#line 522 "ext/puma_http11/http11_parser.c"
switch( (*p) ) {
case 32: goto tr33;
case 60: goto st0;
@@ -528,7 +541,7 @@
if ( ++p == pe )
goto _test_eof22;
case 22:
-#line 530 "ext/puma_http11/http11_parser.c"
+#line 543 "ext/puma_http11/http11_parser.c"
switch( (*p) ) {
case 43: goto st22;
case 58: goto st23;
@@ -553,7 +566,7 @@
if ( ++p == pe )
goto _test_eof23;
case 23:
-#line 555 "ext/puma_http11/http11_parser.c"
+#line 568 "ext/puma_http11/http11_parser.c"
switch( (*p) ) {
case 32: goto tr8;
case 34: goto st0;
@@ -573,7 +586,7 @@
if ( ++p == pe )
goto _test_eof24;
case 24:
-#line 575 "ext/puma_http11/http11_parser.c"
+#line 588 "ext/puma_http11/http11_parser.c"
switch( (*p) ) {
case 32: goto tr37;
case 34: goto st0;
@@ -596,7 +609,7 @@
if ( ++p == pe )
goto _test_eof25;
case 25:
-#line 598 "ext/puma_http11/http11_parser.c"
+#line 611 "ext/puma_http11/http11_parser.c"
switch( (*p) ) {
case 32: goto tr41;
case 34: goto st0;
@@ -616,7 +629,7 @@
if ( ++p == pe )
goto _test_eof26;
case 26:
-#line 618 "ext/puma_http11/http11_parser.c"
+#line 631 "ext/puma_http11/http11_parser.c"
switch( (*p) ) {
case 32: goto tr44;
case 34: goto st0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ext/puma_http11/http11_parser_common.rl
new/ext/puma_http11/http11_parser_common.rl
--- old/ext/puma_http11/http11_parser_common.rl 2021-05-11 16:53:19.000000000
+0200
+++ new/ext/puma_http11/http11_parser_common.rl 2021-10-13 01:12:41.000000000
+0200
@@ -43,7 +43,7 @@
field_name = ( token -- ":" )+ >start_field $snake_upcase_field %write_field;
- field_value = any* >start_value %write_value;
+ field_value = ( (any -- CTL) | "\t" )* >start_value %write_value;
message_header = field_name ":" " "* field_value :> CRLF;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ext/puma_http11/org/jruby/puma/Http11Parser.java
new/ext/puma_http11/org/jruby/puma/Http11Parser.java
--- old/ext/puma_http11/org/jruby/puma/Http11Parser.java 2021-05-11
16:53:19.000000000 +0200
+++ new/ext/puma_http11/org/jruby/puma/Http11Parser.java 2021-10-13
01:12:41.000000000 +0200
@@ -34,9 +34,9 @@
{
return new short [] {
0, 0, 8, 17, 27, 29, 30, 31, 32, 33, 34, 36,
- 39, 41, 44, 45, 61, 62, 78, 80, 81, 89, 97, 107,
- 115, 124, 132, 140, 149, 158, 167, 176, 185, 194, 203, 212,
- 221, 230, 239, 248, 257, 266, 275, 284, 293, 302, 303
+ 39, 41, 44, 45, 61, 62, 78, 85, 91, 99, 107, 117,
+ 125, 134, 142, 150, 159, 168, 177, 186, 195, 204, 213, 222,
+ 231, 240, 249, 258, 267, 276, 285, 294, 303, 312, 313
};
}
@@ -52,26 +52,27 @@
46, 48, 57, 48, 57, 13, 48, 57, 10, 13, 33, 124,
126, 35, 39, 42, 43, 45, 46, 48, 57, 65, 90, 94,
122, 10, 33, 58, 124, 126, 35, 39, 42, 43, 45, 46,
- 48, 57, 65, 90, 94, 122, 13, 32, 13, 32, 60, 62,
- 127, 0, 31, 34, 35, 32, 60, 62, 127, 0, 31, 34,
- 35, 43, 58, 45, 46, 48, 57, 65, 90, 97, 122, 32,
- 34, 35, 60, 62, 127, 0, 31, 32, 34, 35, 60, 62,
- 63, 127, 0, 31, 32, 34, 35, 60, 62, 127, 0, 31,
- 32, 34, 35, 60, 62, 127, 0, 31, 32, 36, 95, 45,
- 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48, 57,
- 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90, 32,
- 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95, 45,
- 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48, 57,
- 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90, 32,
- 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95, 45,
- 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48, 57,
- 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90, 32,
- 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95, 45,
- 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48, 57,
- 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90, 32,
- 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95, 45,
- 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48, 57,
- 65, 90, 32, 0
+ 48, 57, 65, 90, 94, 122, 13, 32, 127, 0, 8, 10,
+ 31, 13, 127, 0, 8, 10, 31, 32, 60, 62, 127, 0,
+ 31, 34, 35, 32, 60, 62, 127, 0, 31, 34, 35, 43,
+ 58, 45, 46, 48, 57, 65, 90, 97, 122, 32, 34, 35,
+ 60, 62, 127, 0, 31, 32, 34, 35, 60, 62, 63, 127,
+ 0, 31, 32, 34, 35, 60, 62, 127, 0, 31, 32, 34,
+ 35, 60, 62, 127, 0, 31, 32, 36, 95, 45, 46, 48,
+ 57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
+ 32, 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95,
+ 45, 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48,
+ 57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
+ 32, 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95,
+ 45, 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48,
+ 57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
+ 32, 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95,
+ 45, 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48,
+ 57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
+ 32, 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95,
+ 45, 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48,
+ 57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
+ 32, 0
};
}
@@ -82,7 +83,7 @@
{
return new byte [] {
0, 2, 3, 4, 2, 1, 1, 1, 1, 1, 0, 1,
- 0, 1, 1, 4, 1, 4, 2, 1, 4, 4, 2, 6,
+ 0, 1, 1, 4, 1, 4, 3, 2, 4, 4, 2, 6,
7, 6, 6, 3, 3, 3, 3, 3, 3, 3, 3, 3,
3, 3, 3, 3, 3, 3, 3, 3, 3, 1, 0
};
@@ -95,7 +96,7 @@
{
return new byte [] {
0, 3, 3, 3, 0, 0, 0, 0, 0, 0, 1, 1,
- 1, 1, 0, 6, 0, 6, 0, 0, 2, 2, 4, 1,
+ 1, 1, 0, 6, 0, 6, 2, 2, 2, 2, 4, 1,
1, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3,
3, 3, 3, 3, 3, 3, 3, 3, 3, 0, 0
};
@@ -108,9 +109,9 @@
{
return new short [] {
0, 0, 6, 13, 21, 24, 26, 28, 30, 32, 34, 36,
- 39, 41, 44, 46, 57, 59, 70, 73, 75, 82, 89, 96,
- 104, 113, 121, 129, 136, 143, 150, 157, 164, 171, 178, 185,
- 192, 199, 206, 213, 220, 227, 234, 241, 248, 255, 257
+ 39, 41, 44, 46, 57, 59, 70, 76, 81, 88, 95, 102,
+ 110, 119, 127, 135, 142, 149, 156, 163, 170, 177, 184, 191,
+ 198, 205, 212, 219, 226, 233, 240, 247, 254, 261, 263
};
}
@@ -126,22 +127,23 @@
16, 15, 1, 17, 1, 18, 17, 1, 19, 1, 20, 21,
21, 21, 21, 21, 21, 21, 21, 21, 1, 22, 1, 23,
24, 23, 23, 23, 23, 23, 23, 23, 23, 1, 26, 27,
- 25, 29, 28, 30, 1, 1, 1, 1, 1, 31, 32, 1,
- 1, 1, 1, 1, 33, 34, 35, 34, 34, 34, 34, 1,
- 8, 1, 9, 1, 1, 1, 1, 35, 36, 1, 38, 1,
- 1, 39, 1, 1, 37, 40, 1, 42, 1, 1, 1, 1,
- 41, 43, 1, 45, 1, 1, 1, 1, 44, 2, 46, 46,
- 46, 46, 46, 1, 2, 47, 47, 47, 47, 47, 1, 2,
- 48, 48, 48, 48, 48, 1, 2, 49, 49, 49, 49, 49,
- 1, 2, 50, 50, 50, 50, 50, 1, 2, 51, 51, 51,
- 51, 51, 1, 2, 52, 52, 52, 52, 52, 1, 2, 53,
- 53, 53, 53, 53, 1, 2, 54, 54, 54, 54, 54, 1,
- 2, 55, 55, 55, 55, 55, 1, 2, 56, 56, 56, 56,
- 56, 1, 2, 57, 57, 57, 57, 57, 1, 2, 58, 58,
- 58, 58, 58, 1, 2, 59, 59, 59, 59, 59, 1, 2,
- 60, 60, 60, 60, 60, 1, 2, 61, 61, 61, 61, 61,
- 1, 2, 62, 62, 62, 62, 62, 1, 2, 63, 63, 63,
- 63, 63, 1, 2, 1, 1, 0
+ 1, 1, 1, 25, 29, 1, 1, 1, 28, 30, 1, 1,
+ 1, 1, 1, 31, 32, 1, 1, 1, 1, 1, 33, 34,
+ 35, 34, 34, 34, 34, 1, 8, 1, 9, 1, 1, 1,
+ 1, 35, 36, 1, 38, 1, 1, 39, 1, 1, 37, 40,
+ 1, 42, 1, 1, 1, 1, 41, 43, 1, 45, 1, 1,
+ 1, 1, 44, 2, 46, 46, 46, 46, 46, 1, 2, 47,
+ 47, 47, 47, 47, 1, 2, 48, 48, 48, 48, 48, 1,
+ 2, 49, 49, 49, 49, 49, 1, 2, 50, 50, 50, 50,
+ 50, 1, 2, 51, 51, 51, 51, 51, 1, 2, 52, 52,
+ 52, 52, 52, 1, 2, 53, 53, 53, 53, 53, 1, 2,
+ 54, 54, 54, 54, 54, 1, 2, 55, 55, 55, 55, 55,
+ 1, 2, 56, 56, 56, 56, 56, 1, 2, 57, 57, 57,
+ 57, 57, 1, 2, 58, 58, 58, 58, 58, 1, 2, 59,
+ 59, 59, 59, 59, 1, 2, 60, 60, 60, 60, 60, 1,
+ 2, 61, 61, 61, 61, 61, 1, 2, 62, 62, 62, 62,
+ 62, 1, 2, 63, 63, 63, 63, 63, 1, 2, 1, 1,
+ 0
};
}
@@ -217,7 +219,7 @@
cs = puma_parser_start;
}
-// line 90 "ext/puma_http11/http11_parser.java.rl"
+// line 88 "ext/puma_http11/http11_parser.java.rl"
body_start = 0;
content_len = 0;
@@ -420,7 +422,7 @@
break; }
}
-// line 116 "ext/puma_http11/http11_parser.java.rl"
+// line 114 "ext/puma_http11/http11_parser.java.rl"
parser.cs = cs;
parser.nread += (p - off);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/puma/const.rb new/lib/puma/const.rb
--- old/lib/puma/const.rb 2021-05-11 16:53:19.000000000 +0200
+++ new/lib/puma/const.rb 2021-10-13 01:12:41.000000000 +0200
@@ -100,7 +100,7 @@
# too taxing on performance.
module Const
- PUMA_VERSION = VERSION = "4.3.8".freeze
+ PUMA_VERSION = VERSION = "4.3.10".freeze
CODE_NAME = "Mysterious Traveller".freeze
PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2021-05-11 16:53:19.000000000 +0200
+++ new/metadata 2021-10-13 01:12:41.000000000 +0200
@@ -1,24 +1,24 @@
--- !ruby/object:Gem::Specification
name: puma
version: !ruby/object:Gem::Version
- version: 4.3.8
+ version: 4.3.10
platform: ruby
authors:
- Evan Phoenix
autorequire:
bindir: bin
cert_chain: []
-date: 2021-05-11 00:00:00.000000000 Z
+date: 2021-10-12 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
- name: nio4r
requirement: !ruby/object:Gem::Requirement
requirements:
- - "~>"
- !ruby/object:Gem::Version
version: '2.0'
- type: :runtime
+ name: nio4r
prerelease: false
+ type: :runtime
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - "~>"
@@ -136,7 +136,7 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.1.6
signing_key:
specification_version: 4
summary: Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1
server for
