Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-rack-2.2 for
openSUSE:Factory checked in at 2023-08-01 15:38:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-2.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack-2.2.new.32662 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-2.2"
Tue Aug 1 15:38:22 2023 rev:6 rq:1101642 version:2.2.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack-2.2/rubygem-rack-2.2.changes
2023-06-03 00:07:41.522154856 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-rack-2.2.new.32662/rubygem-rack-2.2.changes
2023-08-01 15:38:26.677788635 +0200
@@ -1,0 +2,7 @@
+Tue Aug 1 08:03:18 UTC 2023 - Jacob Michalskie <jacob.michals...@suse.com>
+
+- update to version 2.2.8
+ * Limit file extension length of multipart tempfiles
(https://github.com/rack/rack/pull/2069)
+ * Fix inefficient assert pattern in Rack::Lint
(https://github.com/rack/rack/pull/2101)
+
+-------------------------------------------------------------------
Old:
----
rack-2.2.7.gem
New:
----
rack-2.2.8.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack-2.2.spec ++++++
--- /var/tmp/diff_new_pack.TflrfY/_old 2023-08-01 15:38:27.581794233 +0200
+++ /var/tmp/diff_new_pack.TflrfY/_new 2023-08-01 15:38:27.585794258 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-rack-2.2
-Version: 2.2.7
+Version: 2.2.8
Release: 0
%define mod_name rack
%define mod_full_name %{mod_name}-%{version}
++++++ rack-2.2.7.gem -> rack-2.2.8.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2023-04-25 01:22:06.000000000 +0200
+++ new/CHANGELOG.md 2023-07-31 04:43:28.000000000 +0200
@@ -2,6 +2,11 @@
All notable changes to this project will be documented in this file. For info
on how to format all future additions to this file please reference [Keep A
Changelog](https://keepachangelog.com/en/1.0.0/).
+## [2.2.7] - 2023-03-13
+
+- Correct the year number in the changelog
([#2015](https://github.com/rack/rack/pull/2015),
[@kimulab](https://github.com/kimulab))
+- Support underscore in host names for Rack 2.2 (Fixes
[#2070](https://github.com/rack/rack/issues/2070))
([#2015](https://github.com/rack/rack/pull/2071),
[@jeremyevans](https://github.com/jeremyevans))
+
## [2.2.6.4] - 2023-03-13
- [CVE-2023-27539] Avoid ReDoS in header parsing
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SPEC.rdoc new/SPEC.rdoc
--- old/SPEC.rdoc 2023-04-25 01:22:06.000000000 +0200
+++ new/SPEC.rdoc 2023-07-31 04:43:28.000000000 +0200
@@ -42,17 +42,18 @@
<tt>QUERY_STRING</tt>:: The portion of the request URL that
follows the <tt>?</tt>, if any. May be
empty, but is always required!
-<tt>SERVER_NAME</tt>, <tt>SERVER_PORT</tt>::
- When combined with <tt>SCRIPT_NAME</tt> and
+<tt>SERVER_NAME</tt>:: When combined with <tt>SCRIPT_NAME</tt> and
<tt>PATH_INFO</tt>, these variables can be
used to complete the URL. Note, however,
that <tt>HTTP_HOST</tt>, if present,
should be used in preference to
<tt>SERVER_NAME</tt> for reconstructing
the request URL.
- <tt>SERVER_NAME</tt> and <tt>SERVER_PORT</tt>
- can never be empty strings, and so
- are always required.
+ <tt>SERVER_NAME</tt> can never be an empty
+ string, and so is always required.
+<tt>SERVER_PORT</tt>:: An optional +Integer+ which is the port the
+ server is running on. Should be specified if
+ the server is running on a non-standard port.
<tt>HTTP_</tt> Variables:: Variables corresponding to the
client-supplied HTTP request
headers (i.e., variables whose
@@ -122,6 +123,9 @@
is reserved for use with the Rack core distribution and other
accepted specifications and must not be used otherwise.
+The <tt>SERVER_PORT</tt> must be an Integer if set.
+The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
+The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
The environment must not contain the keys
<tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
(use the versions without <tt>HTTP_</tt>).
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/lint.rb new/lib/rack/lint.rb
--- old/lib/rack/lint.rb 2023-04-25 01:22:06.000000000 +0200
+++ new/lib/rack/lint.rb 2023-07-31 04:43:28.000000000 +0200
@@ -40,7 +40,7 @@
def _call(env)
## It takes exactly one argument, the *environment*
- assert("No env given") { env }
+ raise LintError, "No env given" unless env
check_env env
env[RACK_INPUT] = InputWrapper.new(env[RACK_INPUT])
@@ -48,12 +48,8 @@
## and returns an Array of exactly three values:
ary = @app.call(env)
- assert("response is not an Array, but #{ary.class}") {
- ary.kind_of? Array
- }
- assert("response array has #{ary.size} elements instead of 3") {
- ary.size == 3
- }
+ raise LintError, "response is not an Array, but #{ary.class}" unless
ary.kind_of? Array
+ raise LintError, "response array has #{ary.size} elements instead of 3"
unless ary.size == 3
status, headers, @body = ary
## The *status*,
@@ -78,12 +74,8 @@
## The environment must be an unfrozen instance of Hash that includes
## CGI-like headers. The application is free to modify the
## environment.
- assert("env #{env.inspect} is not a Hash, but #{env.class}") {
- env.kind_of? Hash
- }
- assert("env should not be frozen, but is") {
- !env.frozen?
- }
+ raise LintError, "env #{env.inspect} is not a Hash, but #{env.class}"
unless env.kind_of? Hash
+ raise LintError, "env should not be frozen, but is" if env.frozen?
##
## The environment is required to include these variables
@@ -195,73 +187,73 @@
## The store must implement:
if session = env[RACK_SESSION]
## store(key, value) (aliased as []=);
- assert("session #{session.inspect} must respond to store and []=") {
- session.respond_to?(:store) && session.respond_to?(:[]=)
- }
+ unless session.respond_to?(:store) && session.respond_to?(:[]=)
+ raise LintError, "session #{session.inspect} must respond to store
and []="
+ end
## fetch(key, default = nil) (aliased as []);
- assert("session #{session.inspect} must respond to fetch and []") {
- session.respond_to?(:fetch) && session.respond_to?(:[])
- }
+ unless session.respond_to?(:fetch) && session.respond_to?(:[])
+ raise LintError, "session #{session.inspect} must respond to fetch
and []"
+ end
## delete(key);
- assert("session #{session.inspect} must respond to delete") {
- session.respond_to?(:delete)
- }
+ unless session.respond_to?(:delete)
+ raise LintError, "session #{session.inspect} must respond to delete"
+ end
## clear;
- assert("session #{session.inspect} must respond to clear") {
- session.respond_to?(:clear)
- }
+ unless session.respond_to?(:clear)
+ raise LintError, "session #{session.inspect} must respond to clear"
+ end
## to_hash (returning unfrozen Hash instance);
- assert("session #{session.inspect} must respond to to_hash and return
unfrozen Hash instance") {
- session.respond_to?(:to_hash) && session.to_hash.kind_of?(Hash) &&
!session.to_hash.frozen?
- }
+ unless session.respond_to?(:to_hash) && session.to_hash.kind_of?(Hash)
&& !session.to_hash.frozen?
+ raise LintError, "session #{session.inspect} must respond to to_hash
and return unfrozen Hash instance"
+ end
end
## <tt>rack.logger</tt>:: A common object interface for logging messages.
## The object must implement:
if logger = env[RACK_LOGGER]
## info(message, &block)
- assert("logger #{logger.inspect} must respond to info") {
- logger.respond_to?(:info)
- }
+ unless logger.respond_to?(:info)
+ raise LintError, "logger #{logger.inspect} must respond to info"
+ end
## debug(message, &block)
- assert("logger #{logger.inspect} must respond to debug") {
- logger.respond_to?(:debug)
- }
+ unless logger.respond_to?(:debug)
+ raise LintError, "logger #{logger.inspect} must respond to debug"
+ end
## warn(message, &block)
- assert("logger #{logger.inspect} must respond to warn") {
- logger.respond_to?(:warn)
- }
+ unless logger.respond_to?(:warn)
+ raise LintError, "logger #{logger.inspect} must respond to warn"
+ end
## error(message, &block)
- assert("logger #{logger.inspect} must respond to error") {
- logger.respond_to?(:error)
- }
+ unless logger.respond_to?(:error)
+ raise LintError, "logger #{logger.inspect} must respond to error"
+ end
## fatal(message, &block)
- assert("logger #{logger.inspect} must respond to fatal") {
- logger.respond_to?(:fatal)
- }
+ unless logger.respond_to?(:fatal)
+ raise LintError, "logger #{logger.inspect} must respond to fatal"
+ end
end
## <tt>rack.multipart.buffer_size</tt>:: An Integer hint to the
multipart parser as to what chunk size to use for reads and writes.
if bufsize = env[RACK_MULTIPART_BUFFER_SIZE]
- assert("rack.multipart.buffer_size must be an Integer > 0 if
specified") {
- bufsize.is_a?(Integer) && bufsize > 0
- }
+ unless bufsize.is_a?(Integer) && bufsize > 0
+ raise LintError, "rack.multipart.buffer_size must be an Integer > 0
if specified"
+ end
end
## <tt>rack.multipart.tempfile_factory</tt>:: An object responding to
#call with two arguments, the filename and content_type given for the multipart
form field, and returning an IO-like object that responds to #<< and optionally
#rewind. This factory will be used to instantiate the tempfile for each
multipart form file upload field, rather than the default class of Tempfile.
if tempfile_factory = env[RACK_MULTIPART_TEMPFILE_FACTORY]
- assert("rack.multipart.tempfile_factory must respond to #call") {
tempfile_factory.respond_to?(:call) }
+ raise LintError, "rack.multipart.tempfile_factory must respond to
#call" unless tempfile_factory.respond_to?(:call)
env[RACK_MULTIPART_TEMPFILE_FACTORY] = lambda do |filename,
content_type|
io = tempfile_factory.call(filename, content_type)
- assert("rack.multipart.tempfile_factory return value must respond to
#<<") { io.respond_to?(:<<) }
+ raise LintError, "rack.multipart.tempfile_factory return value must
respond to #<<" unless io.respond_to?(:<<)
io
end
end
@@ -276,32 +268,32 @@
%w[REQUEST_METHOD SERVER_NAME QUERY_STRING
rack.version rack.input rack.errors
rack.multithread rack.multiprocess rack.run_once].each { |header|
- assert("env missing required key #{header}") { env.include? header }
+ raise LintError, "env missing required key #{header}" unless
env.include? header
}
## The <tt>SERVER_PORT</tt> must be an Integer if set.
- assert("env[SERVER_PORT] is not an Integer") do
- server_port = env["SERVER_PORT"]
- server_port.nil? || (Integer(server_port) rescue false)
+ server_port = env["SERVER_PORT"]
+ unless server_port.nil? || (Integer(server_port) rescue false)
+ raise LintError, "env[SERVER_PORT] is not an Integer"
end
## The <tt>SERVER_NAME</tt> must be a valid authority as defined by
RFC7540.
- assert("#{env[SERVER_NAME]} must be a valid authority") do
- URI.parse("http://#{env[SERVER_NAME]}/";) rescue false
+ unless (URI.parse("http://#{env[SERVER_NAME]}/";) rescue false)
+ raise LintError, "#{env[SERVER_NAME]} must be a valid authority"
end
## The <tt>HTTP_HOST</tt> must be a valid authority as defined by
RFC7540.
- assert("#{env[HTTP_HOST]} must be a valid authority") do
- URI.parse("http://#{env[HTTP_HOST]}/";) rescue false
+ unless (URI.parse("http://#{env[HTTP_HOST]}/";) rescue false)
+ raise LintError, "#{env[HTTP_HOST]} must be a valid authority"
end
## The environment must not contain the keys
## <tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
## (use the versions without <tt>HTTP_</tt>).
%w[HTTP_CONTENT_TYPE HTTP_CONTENT_LENGTH].each { |header|
- assert("env contains #{header}, must use #{header[5, -1]}") {
- not env.include? header
- }
+ if env.include? header
+ raise LintError, "env contains #{header}, must use #{header[5, -1]}"
+ end
}
## The CGI keys (named without a period) must have String values.
@@ -309,25 +301,25 @@
## they should use ASCII-8BIT encoding.
env.each { |key, value|
next if key.include? "." # Skip extensions
- assert("env variable #{key} has non-string value #{value.inspect}") {
- value.kind_of? String
- }
+ unless value.kind_of? String
+ raise LintError, "env variable #{key} has non-string value
#{value.inspect}"
+ end
next if value.encoding == Encoding::ASCII_8BIT
- assert("env variable #{key} has value containing non-ASCII characters
and has non-ASCII-8BIT encoding #{value.inspect} encoding: #{value.encoding}") {
- value.b !~ /[\x80-\xff]/n
- }
+ unless value.b !~ /[\x80-\xff]/n
+ raise LintError, "env variable #{key} has value containing non-ASCII
characters and has non-ASCII-8BIT encoding #{value.inspect} encoding:
#{value.encoding}"
+ end
}
## There are the following restrictions:
## * <tt>rack.version</tt> must be an array of Integers.
- assert("rack.version must be an Array, was #{env[RACK_VERSION].class}") {
- env[RACK_VERSION].kind_of? Array
- }
+ unless env[RACK_VERSION].kind_of? Array
+ raise LintError, "rack.version must be an Array, was
#{env[RACK_VERSION].class}"
+ end
## * <tt>rack.url_scheme</tt> must either be +http+ or +https+.
- assert("rack.url_scheme unknown: #{env[RACK_URL_SCHEME].inspect}") {
- %w[http https].include?(env[RACK_URL_SCHEME])
- }
+ unless %w[http https].include?(env[RACK_URL_SCHEME])
+ raise LintError, "rack.url_scheme unknown:
#{env[RACK_URL_SCHEME].inspect}"
+ end
## * There must be a valid input stream in <tt>rack.input</tt>.
check_input env[RACK_INPUT]
@@ -337,37 +329,33 @@
check_hijack env
## * The <tt>REQUEST_METHOD</tt> must be a valid token.
- assert("REQUEST_METHOD unknown: #{env[REQUEST_METHOD].dump}") {
- env[REQUEST_METHOD] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
- }
+ unless env[REQUEST_METHOD] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
+ raise LintError, "REQUEST_METHOD unknown: #{env[REQUEST_METHOD].dump}"
+ end
## * The <tt>SCRIPT_NAME</tt>, if non-empty, must start with <tt>/</tt>
- assert("SCRIPT_NAME must start with /") {
- !env.include?(SCRIPT_NAME) ||
- env[SCRIPT_NAME] == "" ||
- env[SCRIPT_NAME] =~ /\A\//
- }
+ if env.include?(SCRIPT_NAME) && env[SCRIPT_NAME] != "" &&
env[SCRIPT_NAME] !~ /\A\//
+ raise LintError, "SCRIPT_NAME must start with /"
+ end
## * The <tt>PATH_INFO</tt>, if non-empty, must start with <tt>/</tt>
- assert("PATH_INFO must start with /") {
- !env.include?(PATH_INFO) ||
- env[PATH_INFO] == "" ||
- env[PATH_INFO] =~ /\A\//
- }
+ if env.include?(PATH_INFO) && env[PATH_INFO] != "" && env[PATH_INFO] !~
/\A\//
+ raise LintError, "PATH_INFO must start with /"
+ end
## * The <tt>CONTENT_LENGTH</tt>, if given, must consist of digits only.
- assert("Invalid CONTENT_LENGTH: #{env["CONTENT_LENGTH"]}") {
- !env.include?("CONTENT_LENGTH") || env["CONTENT_LENGTH"] =~ /\A\d+\z/
- }
+ if env.include?("CONTENT_LENGTH") && env["CONTENT_LENGTH"] !~ /\A\d+\z/
+ raise LintError, "Invalid CONTENT_LENGTH: #{env["CONTENT_LENGTH"]}"
+ end
## * One of <tt>SCRIPT_NAME</tt> or <tt>PATH_INFO</tt> must be
## set. <tt>PATH_INFO</tt> should be <tt>/</tt> if
## <tt>SCRIPT_NAME</tt> is empty.
- assert("One of SCRIPT_NAME or PATH_INFO must be set (make PATH_INFO '/'
if SCRIPT_NAME is empty)") {
- env[SCRIPT_NAME] || env[PATH_INFO]
- }
+ unless env[SCRIPT_NAME] || env[PATH_INFO]
+ raise LintError, "One of SCRIPT_NAME or PATH_INFO must be set (make
PATH_INFO '/' if SCRIPT_NAME is empty)"
+ end
## <tt>SCRIPT_NAME</tt> never should be <tt>/</tt>, but instead be
empty.
- assert("SCRIPT_NAME cannot be '/', make it '' and PATH_INFO '/'") {
- env[SCRIPT_NAME] != "/"
- }
+ unless env[SCRIPT_NAME] != "/"
+ raise LintError, "SCRIPT_NAME cannot be '/', make it '' and PATH_INFO
'/'"
+ end
end
## === The Input Stream
@@ -377,18 +365,18 @@
def check_input(input)
## When applicable, its external encoding must be "ASCII-8BIT" and it
## must be opened in binary mode, for Ruby 1.9 compatibility.
- assert("rack.input #{input} does not have ASCII-8BIT as its external
encoding") {
- input.external_encoding == Encoding::ASCII_8BIT
- } if input.respond_to?(:external_encoding)
- assert("rack.input #{input} is not opened in binary mode") {
- input.binmode?
- } if input.respond_to?(:binmode?)
+ if input.respond_to?(:external_encoding) && input.external_encoding !=
Encoding::ASCII_8BIT
+ raise LintError, "rack.input #{input} does not have ASCII-8BIT as its
external encoding"
+ end
+ if input.respond_to?(:binmode?) && !input.binmode?
+ raise LintError, "rack.input #{input} is not opened in binary mode"
+ end
## The input stream must respond to +gets+, +each+, +read+ and +rewind+.
[:gets, :each, :read, :rewind].each { |method|
- assert("rack.input #{input} does not respond to ##{method}") {
- input.respond_to? method
- }
+ unless input.respond_to? method
+ raise LintError, "rack.input #{input} does not respond to ##{method}"
+ end
}
end
@@ -402,11 +390,11 @@
## * +gets+ must be called without arguments and return a string,
## or +nil+ on EOF.
def gets(*args)
- assert("rack.input#gets called with arguments") { args.size == 0 }
+ raise LintError, "rack.input#gets called with arguments" unless
args.size == 0
v = @input.gets
- assert("rack.input#gets didn't return a String") {
- v.nil? or v.kind_of? String
- }
+ unless v.nil? or v.kind_of? String
+ raise LintError, "rack.input#gets didn't return a String"
+ end
v
end
@@ -428,32 +416,32 @@
## If +buffer+ is given, then the read data will be placed
## into +buffer+ instead of a newly created String object.
def read(*args)
- assert("rack.input#read called with too many arguments") {
- args.size <= 2
- }
+ unless args.size <= 2
+ raise LintError, "rack.input#read called with too many arguments"
+ end
if args.size >= 1
- assert("rack.input#read called with non-integer and non-nil length")
{
- args.first.kind_of?(Integer) || args.first.nil?
- }
- assert("rack.input#read called with a negative length") {
- args.first.nil? || args.first >= 0
- }
+ unless args.first.kind_of?(Integer) || args.first.nil?
+ raise LintError, "rack.input#read called with non-integer and
non-nil length"
+ end
+ unless args.first.nil? || args.first >= 0
+ raise LintError, "rack.input#read called with a negative length"
+ end
end
if args.size >= 2
- assert("rack.input#read called with non-String buffer") {
- args[1].kind_of?(String)
- }
+ unless args[1].kind_of?(String)
+ raise LintError, "rack.input#read called with non-String buffer"
+ end
end
v = @input.read(*args)
- assert("rack.input#read didn't return nil or a String") {
- v.nil? or v.kind_of? String
- }
+ unless v.nil? or v.kind_of? String
+ raise LintError, "rack.input#read didn't return nil or a String"
+ end
if args[0].nil?
- assert("rack.input#read(nil) returned nil on EOF") {
- !v.nil?
- }
+ unless !v.nil?
+ raise LintError, "rack.input#read(nil) returned nil on EOF"
+ end
end
v
@@ -461,11 +449,11 @@
## * +each+ must be called without arguments and only yield Strings.
def each(*args)
- assert("rack.input#each called with arguments") { args.size == 0 }
+ raise LintError, "rack.input#each called with arguments" unless
args.size == 0
@input.each { |line|
- assert("rack.input#each didn't yield a String") {
- line.kind_of? String
- }
+ unless line.kind_of? String
+ raise LintError, "rack.input#each didn't yield a String"
+ end
yield line
}
end
@@ -476,20 +464,18 @@
## developers must buffer the input data into some rewindable object
## if the underlying input stream is not rewindable.
def rewind(*args)
- assert("rack.input#rewind called with arguments") { args.size == 0 }
- assert("rack.input#rewind raised Errno::ESPIPE") {
- begin
- @input.rewind
- true
- rescue Errno::ESPIPE
- false
- end
- }
+ raise LintError, "rack.input#rewind called with arguments" unless
args.size == 0
+ begin
+ @input.rewind
+ true
+ rescue Errno::ESPIPE
+ raise LintError, "rack.input#rewind raised Errno::ESPIPE"
+ end
end
## * +close+ must never be called on the input stream.
def close(*args)
- assert("rack.input#close must not be called") { false }
+ raise LintError, "rack.input#close must not be called"
end
end
@@ -497,9 +483,9 @@
def check_error(error)
## The error stream must respond to +puts+, +write+ and +flush+.
[:puts, :write, :flush].each { |method|
- assert("rack.error #{error} does not respond to ##{method}") {
- error.respond_to? method
- }
+ unless error.respond_to? method
+ raise LintError, "rack.error #{error} does not respond to ##{method}"
+ end
}
end
@@ -517,7 +503,7 @@
## * +write+ must be called with a single argument that is a String.
def write(str)
- assert("rack.errors#write not called with a String") { str.kind_of?
String }
+ raise LintError, "rack.errors#write not called with a String" unless
str.kind_of? String
@error.write str
end
@@ -529,7 +515,7 @@
## * +close+ must never be called on the error stream.
def close(*args)
- assert("rack.errors#close must not be called") { false }
+ raise LintError, "rack.errors#close must not be called"
end
end
@@ -547,7 +533,7 @@
def initialize(io)
@io = io
REQUIRED_METHODS.each do |meth|
- assert("rack.hijack_io must respond to #{meth}") { io.respond_to?
meth }
+ raise LintError, "rack.hijack_io must respond to #{meth}" unless
io.respond_to? meth
end
end
end
@@ -563,7 +549,7 @@
if env[RACK_IS_HIJACK]
## If rack.hijack? is true then rack.hijack must respond to #call.
original_hijack = env[RACK_HIJACK]
- assert("rack.hijack must respond to call") {
original_hijack.respond_to?(:call) }
+ raise LintError, "rack.hijack must respond to call" unless
original_hijack.respond_to?(:call)
env[RACK_HIJACK] = proc do
## rack.hijack must return the io that will also be assigned (or is
## already present, in rack.hijack_io.
@@ -596,10 +582,10 @@
else
##
## If rack.hijack? is false, then rack.hijack should not be set.
- assert("rack.hijack? is false, but rack.hijack is present") {
env[RACK_HIJACK].nil? }
+ raise LintError, "rack.hijack? is false, but rack.hijack is present"
unless env[RACK_HIJACK].nil?
##
## If rack.hijack? is false, then rack.hijack_io should not be set.
- assert("rack.hijack? is false, but rack.hijack_io is present") {
env[RACK_HIJACK_IO].nil? }
+ raise LintError, "rack.hijack? is false, but rack.hijack_io is
present" unless env[RACK_HIJACK_IO].nil?
end
end
@@ -630,9 +616,9 @@
## the <tt>rack.hijack</tt> response API is in use.
if env[RACK_IS_HIJACK] && headers[RACK_HIJACK]
- assert('rack.hijack header must respond to #call') {
- headers[RACK_HIJACK].respond_to? :call
- }
+ unless headers[RACK_HIJACK].respond_to? :call
+ raise LintError, 'rack.hijack header must respond to #call'
+ end
original_hijack = headers[RACK_HIJACK]
proc do |io|
original_hijack.call HijackWrapper.new(io)
@@ -641,9 +627,9 @@
##
## The special response header <tt>rack.hijack</tt> must only be set
## if the request env has <tt>rack.hijack?</tt> <tt>true</tt>.
- assert('rack.hijack header must not be present if server does not
support hijacking') {
- headers[RACK_HIJACK].nil?
- }
+ unless headers[RACK_HIJACK].nil?
+ raise LintError, 'rack.hijack header must not be present if server
does not support hijacking'
+ end
nil
end
@@ -661,42 +647,45 @@
def check_status(status)
## This is an HTTP status. When parsed as integer (+to_i+), it must be
## greater than or equal to 100.
- assert("Status must be >=100 seen as integer") { status.to_i >= 100 }
+ unless status.to_i >= 100
+ raise LintError, "Status must be >=100 seen as integer"
+ end
end
## === The Headers
def check_headers(header)
## The header must respond to +each+, and yield values of key and value.
- assert("headers object should respond to #each, but doesn't (got
#{header.class} as headers)") {
- header.respond_to? :each
- }
+ unless header.respond_to? :each
+ raise LintError, "headers object should respond to #each, but doesn't
(got #{header.class} as headers)"
+ end
header.each { |key, value|
## The header keys must be Strings.
- assert("header key must be a string, was #{key.class}") {
- key.kind_of? String
- }
+ unless key.kind_of? String
+ raise LintError, "header key must be a string, was #{key.class}"
+ end
## Special headers starting "rack." are for communicating with the
## server, and must not be sent back to the client.
next if key =~ /^rack\..+$/
## The header must not contain a +Status+ key.
- assert("header must not contain Status") { key.downcase != "status" }
+ raise LintError, "header must not contain Status" if key.downcase ==
"status"
## The header must conform to RFC7230 token specification, i.e. cannot
## contain non-printable ASCII, DQUOTE or "(),/:;<=>?@[\]{}".
- assert("invalid header name: #{key}") { key !~
/[\(\),\/:;<=>\?@\[\\\]{}[:cntrl:]]/ }
+ raise LintError, "invalid header name: #{key}" if key =~
/[\(\),\/:;<=>\?@\[\\\]{}[:cntrl:]]/
## The values of the header must be Strings,
- assert("a header value must be a String, but the value of " +
- "'#{key}' is a #{value.class}") { value.kind_of? String }
+ unless value.kind_of? String
+ raise LintError, "a header value must be a String, but the value of
'#{key}' is a #{value.class}"
+ end
## consisting of lines (for multiple header values, e.g. multiple
## <tt>Set-Cookie</tt> values) separated by "\\n".
value.split("\n").each { |item|
## The lines must not contain characters below 037.
- assert("invalid header value #{key}: #{item.inspect}") {
- item !~ /[\000-\037]/
- }
+ if item =~ /[\000-\037]/
+ raise LintError, "invalid header value #{key}: #{item.inspect}"
+ end
}
}
end
@@ -707,9 +696,9 @@
## There must not be a <tt>Content-Type</tt>, when the +Status+ is 1xx,
## 204 or 304.
if key.downcase == "content-type"
- assert("Content-Type header found in #{status} response, not
allowed") {
- not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
- }
+ if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
+ raise LintError, "Content-Type header found in #{status} response,
not allowed"
+ end
return
end
}
@@ -721,9 +710,9 @@
if key.downcase == 'content-length'
## There must not be a <tt>Content-Length</tt> header when the
## +Status+ is 1xx, 204 or 304.
- assert("Content-Length header found in #{status} response, not
allowed") {
- not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
- }
+ if Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
+ raise LintError, "Content-Length header found in #{status}
response, not allowed"
+ end
@content_length = value
end
}
@@ -731,13 +720,13 @@
def verify_content_length(bytes)
if @head_request
- assert("Response body was given for HEAD request, but should be
empty") {
- bytes == 0
- }
+ unless bytes == 0
+ raise LintError, "Response body was given for HEAD request, but
should be empty"
+ end
elsif @content_length
- assert("Content-Length header was #{@content_length}, but should be
#{bytes}") {
- @content_length == bytes.to_s
- }
+ unless @content_length == bytes.to_s
+ raise LintError, "Content-Length header was #{@content_length}, but
should be #{bytes}"
+ end
end
end
@@ -747,15 +736,15 @@
bytes = 0
## The Body must respond to +each+
- assert("Response body must respond to each") do
- @body.respond_to?(:each)
+ unless @body.respond_to?(:each)
+ raise LintError, "Response body must respond to each"
end
@body.each { |part|
## and must only yield String values.
- assert("Body yielded non-string value #{part.inspect}") {
- part.kind_of? String
- }
+ unless part.kind_of? String
+ raise LintError, "Body yielded non-string value #{part.inspect}"
+ end
bytes += part.bytesize
yield part
}
@@ -768,7 +757,7 @@
## If the Body responds to +close+, it will be called after iteration. If
## the body is replaced by a middleware after action, the original body
## must be closed first, if it responds to close.
- # XXX howto: assert("Body has not been closed") { @closed }
+ # XXX howto: raise LintError, "Body has not been closed" unless @closed
##
@@ -779,9 +768,9 @@
## transport the response.
if @body.respond_to?(:to_path)
- assert("The file identified by body.to_path does not exist") {
- ::File.exist? @body.to_path
- }
+ unless ::File.exist? @body.to_path
+ raise LintError, "The file identified by body.to_path does not exist"
+ end
end
##
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/multipart/parser.rb
new/lib/rack/multipart/parser.rb
--- old/lib/rack/multipart/parser.rb 2023-04-25 01:22:06.000000000 +0200
+++ new/lib/rack/multipart/parser.rb 2023-07-31 04:43:28.000000000 +0200
@@ -13,7 +13,9 @@
BUFSIZE = 1_048_576
TEXT_PLAIN = "text/plain"
TEMPFILE_FACTORY = lambda { |filename, content_type|
- Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0",
'%00'))])
+ extension = ::File.extname(filename.gsub("\0", '%00'))[0, 129]
+
+ Tempfile.new(["RackMultipart", extension])
}
BOUNDARY_REGEX = /\A([^\n]*(?:\n|\Z))/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/session/cookie.rb
new/lib/rack/session/cookie.rb
--- old/lib/rack/session/cookie.rb 2023-04-25 01:22:06.000000000 +0200
+++ new/lib/rack/session/cookie.rb 2023-07-31 04:43:28.000000000 +0200
@@ -5,6 +5,7 @@
require_relative 'abstract/id'
require 'json'
require 'base64'
+require 'delegate'
module Rack
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/version.rb new/lib/rack/version.rb
--- old/lib/rack/version.rb 2023-04-25 01:22:06.000000000 +0200
+++ new/lib/rack/version.rb 2023-07-31 04:43:28.000000000 +0200
@@ -20,7 +20,7 @@
VERSION.join(".")
end
- RELEASE = "2.2.7"
+ RELEASE = "2.2.8"
# Return the Rack release as a dotted string.
def self.release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2023-04-25 01:22:06.000000000 +0200
+++ new/metadata 2023-07-31 04:43:28.000000000 +0200
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: rack
version: !ruby/object:Gem::Version
- version: 2.2.7
+ version: 2.2.8
platform: ruby
authors:
- Leah Neukirchen
autorequire:
bindir: bin
cert_chain: []
-date: 2023-04-24 00:00:00.000000000 Z
+date: 2023-07-31 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: minitest
