Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rubygem-rack for openSUSE:Factory checked in at 2022-07-08 14:03:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-rack (Old) and /work/SRC/openSUSE:Factory/.rubygem-rack.new.1523 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack" Fri Jul 8 14:03:21 2022 rev:21 rq:987856 version:2.2.4 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-rack/rubygem-rack.changes 2022-06-01 17:35:50.170824044 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-rack.new.1523/rubygem-rack.changes 2022-07-08 14:03:28.526556168 +0200 @@ -1,0 +2,8 @@ +Fri Jul 8 08:41:33 UTC 2022 - Manuel Schnitzer <mschnit...@suse.com> + +- updated to version 2.2.4 + + * Better support for lower case headers in `Rack::ETag` middleware. ([#1919](https://github.com/rack/rack/pull/1919), [@ioquatix](https://github.com/ioquatix)) + * Use custom exception on params too deep error. ([#1838](https://github.com/rack/rack/pull/1838), [@simi](https://github.com/simi)) + +------------------------------------------------------------------- Old: ---- rack-2.2.3.1.gem New: ---- rack-2.2.4.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-rack.spec ++++++ --- /var/tmp/diff_new_pack.adVMWw/_old 2022-07-08 14:03:28.862556568 +0200 +++ /var/tmp/diff_new_pack.adVMWw/_new 2022-07-08 14:03:28.866556573 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-rack -Version: 2.2.3.1 +Version: 2.2.4 Release: 0 %define mod_name rack %define mod_full_name %{mod_name}-%{version} ++++++ rack-2.2.3.1.gem -> rack-2.2.4.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2022-05-27 17:30:06.000000000 +0200 +++ new/CHANGELOG.md 2022-07-01 00:19:47.000000000 +0200 @@ -2,13 +2,22 @@ All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/). +## [2.2.4] - 2022-06-30 + +- Better support for lower case headers in `Rack::ETag` middleware. ([#1919](https://github.com/rack/rack/pull/1919), [@ioquatix](https://github.com/ioquatix)) +- Use custom exception on params too deep error. ([#1838](https://github.com/rack/rack/pull/1838), [@simi](https://github.com/simi)) + ## [2.2.3.1] - 2022-05-27 +### Security + - [CVE-2022-30123] Fix shell escaping issue in Common Logger - [CVE-2022-30122] Restrict parsing of broken MIME attachments ## [2.2.3] - 2020-02-11 +### Security + - [CVE-2020-8184] Only decode cookie values ## [2.2.2] - 2020-02-11 Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/etag.rb new/lib/rack/etag.rb --- old/lib/rack/etag.rb 2022-05-27 17:30:06.000000000 +0200 +++ new/lib/rack/etag.rb 2022-07-01 00:19:47.000000000 +0200 @@ -26,6 +26,8 @@ def call(env) status, headers, body = @app.call(env) + headers = Utils::HeaderHash[headers] + if etag_status?(status) && etag_body?(body) && !skip_caching?(headers) original_body = body digest, new_body = digest_body(body) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/lint.rb new/lib/rack/lint.rb --- old/lib/rack/lint.rb 2022-05-27 17:30:06.000000000 +0200 +++ new/lib/rack/lint.rb 2022-07-01 00:19:47.000000000 +0200 @@ -48,10 +48,10 @@ ## and returns an Array of exactly three values: ary = @app.call(env) - assert("response #{ary.inspect} is not an Array , but #{ary.class}") { + assert("response is not an Array, but #{ary.class}") { ary.kind_of? Array } - assert("response array #{ary.inspect} has #{ary.size} elements instead of 3") { + assert("response array has #{ary.size} elements instead of 3") { ary.size == 3 } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/query_parser.rb new/lib/rack/query_parser.rb --- old/lib/rack/query_parser.rb 2022-05-27 17:30:06.000000000 +0200 +++ new/lib/rack/query_parser.rb 2022-07-01 00:19:47.000000000 +0200 @@ -16,6 +16,10 @@ # sequence. class InvalidParameterError < ArgumentError; end + # ParamsTooDeepError is the error that is raised when params are recursively + # nested over the specified limit. + class ParamsTooDeepError < RangeError; end + def self.make_default(key_space_limit, param_depth_limit) new Params, key_space_limit, param_depth_limit end @@ -81,7 +85,7 @@ # the structural types represented by two different parameter names are in # conflict, a ParameterTypeError is raised. def normalize_params(params, name, v, depth) - raise RangeError if depth <= 0 + raise ParamsTooDeepError if depth <= 0 name =~ %r(\A[\[\]]*([^\[\]]+)\]*) k = $1 || '' @@ -168,7 +172,7 @@ def []=(key, value) @size += key.size if key && !@params.key?(key) - raise RangeError, 'exceeded available parameter key space' if @size > @limit + raise ParamsTooDeepError, 'exceeded available parameter key space' if @size > @limit @params[key] = value end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/utils.rb new/lib/rack/utils.rb --- old/lib/rack/utils.rb 2022-05-27 17:30:06.000000000 +0200 +++ new/lib/rack/utils.rb 2022-07-01 00:19:47.000000000 +0200 @@ -22,6 +22,9 @@ COMMON_SEP = QueryParser::COMMON_SEP KeySpaceConstrainedParams = QueryParser::Params + RFC2822_DAY_NAME = [ 'Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat' ] + RFC2822_MONTH_NAME = [ 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ] + class << self attr_accessor :default_query_parser end @@ -327,8 +330,8 @@ # weekday and month. # def rfc2109(time) - wday = Time::RFC2822_DAY_NAME[time.wday] - mon = Time::RFC2822_MONTH_NAME[time.mon - 1] + wday = RFC2822_DAY_NAME[time.wday] + mon = RFC2822_MONTH_NAME[time.mon - 1] time.strftime("#{wday}, %d-#{mon}-%Y %H:%M:%S GMT") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/version.rb new/lib/rack/version.rb --- old/lib/rack/version.rb 2022-05-27 17:30:06.000000000 +0200 +++ new/lib/rack/version.rb 2022-07-01 00:19:47.000000000 +0200 @@ -20,7 +20,7 @@ VERSION.join(".") end - RELEASE = "2.2.3.1" + RELEASE = "2.2.4" # Return the Rack release as a dotted string. def self.release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2022-05-27 17:30:06.000000000 +0200 +++ new/metadata 2022-07-01 00:19:47.000000000 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: rack version: !ruby/object:Gem::Version - version: 2.2.3.1 + version: 2.2.4 platform: ruby authors: - Leah Neukirchen autorequire: bindir: bin cert_chain: [] -date: 2022-05-27 00:00:00.000000000 Z +date: 2022-06-30 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: minitest