Hello community,

here is the log from the commit of package rubygem-rack-protection for 
openSUSE:Factory checked in at 2018-02-19 13:03:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-protection (Old)
 and      /work/SRC/openSUSE:Factory/.rubygem-rack-protection.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rubygem-rack-protection"

Mon Feb 19 13:03:40 2018 rev:3 rq:577914 version:2.0.1

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/rubygem-rack-protection/rubygem-rack-protection.changes
  2017-06-08 15:01:31.723508242 +0200
+++ 
/work/SRC/openSUSE:Factory/.rubygem-rack-protection.new/rubygem-rack-protection.changes
     2018-02-19 13:04:18.082863967 +0100
@@ -1,0 +2,6 @@
+Sat Feb 17 05:31:13 UTC 2018 - factory-a...@kulow.org
+
+- updated to version 2.0.1
+  no changelog found
+
+-------------------------------------------------------------------

Old:
----
  rack-protection-2.0.0.gem

New:
----
  rack-protection-2.0.1.gem

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rubygem-rack-protection.spec ++++++
--- /var/tmp/diff_new_pack.HcehXC/_old  2018-02-19 13:04:18.822837281 +0100
+++ /var/tmp/diff_new_pack.HcehXC/_new  2018-02-19 13:04:18.826837136 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package rubygem-rack-protection
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
 #
 
 Name:           rubygem-rack-protection
-Version:        2.0.0
+Version:        2.0.1
 Release:        0
 %define mod_name rack-protection
 %define mod_full_name %{mod_name}-%{version}
@@ -32,8 +32,8 @@
 BuildRequires:  %{rubygem gem2rpm}
 BuildRequires:  %{ruby}
 BuildRequires:  ruby-macros >= 5
-Url:            http://github.com/sinatra/sinatra/tree/master/rack-protection
-Source:         http://rubygems.org/gems/%{mod_full_name}.gem
+Url:            http://www.sinatrarb.com/protection/
+Source:         https://rubygems.org/gems/%{mod_full_name}.gem
 Source1:        gem2rpm.yml
 Summary:        Protect against typical web attacks, works with all Rack apps,
 License:        MIT

++++++ rack-protection-2.0.0.gem -> rack-protection-2.0.1.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md       2017-05-07 02:06:07.000000000 +0200
+++ new/README.md       2018-02-16 16:43:47.000000000 +0100
@@ -1,7 +1,5 @@
 # Rack::Protection
 
-[![Build 
Status](https://secure.travis-ci.org/sinatra/rack-protection.png)](http://travis-ci.org/sinatra/rack-protection)
-
 This gem protects against typical web attacks.
 Should work for all Rack apps, including Rails.
 
@@ -40,55 +38,55 @@
 
 Prevented by:
 
-* `Rack::Protection::AuthenticityToken` (not included by `use 
Rack::Protection`)
-* `Rack::Protection::FormToken` (not included by `use Rack::Protection`)
-* `Rack::Protection::JsonCsrf`
-* `Rack::Protection::RemoteReferrer` (not included by `use Rack::Protection`)
-* `Rack::Protection::RemoteToken`
-* `Rack::Protection::HttpOrigin`
+* [`Rack::Protection::AuthenticityToken`][authenticity-token] (not included by 
`use Rack::Protection`)
+* [`Rack::Protection::FormToken`][form-token] (not included by `use 
Rack::Protection`)
+* [`Rack::Protection::JsonCsrf`][json-csrf]
+* [`Rack::Protection::RemoteReferrer`][remote-referrer] (not included by `use 
Rack::Protection`)
+* [`Rack::Protection::RemoteToken`][remote-token]
+* [`Rack::Protection::HttpOrigin`][http-origin]
 
 ## Cross Site Scripting
 
 Prevented by:
 
-* `Rack::Protection::EscapedParams` (not included by `use Rack::Protection`)
-* `Rack::Protection::XSSHeader` (Internet Explorer and Chrome only)
-* `Rack::Protection::ContentSecurityPolicy`
+* [`Rack::Protection::EscapedParams`][escaped-params] (not included by `use 
Rack::Protection`)
+* [`Rack::Protection::XSSHeader`][xss-header] (Internet Explorer and Chrome 
only)
+* [`Rack::Protection::ContentSecurityPolicy`][content-security-policy]
 
 ## Clickjacking
 
 Prevented by:
 
-* `Rack::Protection::FrameOptions`
+* [`Rack::Protection::FrameOptions`][frame-options]
 
 ## Directory Traversal
 
 Prevented by:
 
-* `Rack::Protection::PathTraversal`
+* [`Rack::Protection::PathTraversal`][path-traversal]
 
 ## Session Hijacking
 
 Prevented by:
 
-* `Rack::Protection::SessionHijacking`
+* [`Rack::Protection::SessionHijacking`][session-hijacking]
 
 ## Cookie Tossing
 
 Prevented by:
-* `Rack::Protection::CookieTossing` (not included by `use Rack::Protection`)
+* [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use 
Rack::Protection`)
 
 ## IP Spoofing
 
 Prevented by:
 
-* `Rack::Protection::IPSpoofing`
+* [`Rack::Protection::IPSpoofing`][ip-spoofing]
 
 ## Helps to protect against protocol downgrade attacks and cookie hijacking
 
 Prevented by:
 
-* `Rack::Protection::StrictTransport` (not included by `use Rack::Protection`)
+* [`Rack::Protection::StrictTransport`][strict-transport] (not included by 
`use Rack::Protection`)
 
 # Installation
 
@@ -102,3 +100,19 @@
 ```
 
 The instrumenter is passed a namespace (String) and environment (Hash). The 
namespace is 'rack.protection' and the attack type can be obtained from the 
environment key 'rack.protection.attack'.
+
+[authenticity-token]: http://www.sinatrarb.com/protection/authenticity_token
+[content-security-policy]: 
http://www.sinatrarb.com/protection/content_security_policy
+[cookie-tossing]: http://www.sinatrarb.com/protection/cookie_tossing
+[escaped-params]: http://www.sinatrarb.com/protection/escaped_params
+[form-token]: http://www.sinatrarb.com/protection/form_token
+[frame-options]: http://www.sinatrarb.com/protection/frame_options
+[http-origin]: http://www.sinatrarb.com/protection/http_origin
+[ip-spoofing]: http://www.sinatrarb.com/protection/ip_spoofing
+[json-csrf]: http://www.sinatrarb.com/protection/json_csrf
+[path-traversal]: http://www.sinatrarb.com/protection/path_traversal
+[remote-referrer]: http://www.sinatrarb.com/protection/remote_referrer
+[remote-token]: http://www.sinatrarb.com/protection/remote_token
+[session-hijacking]: http://www.sinatrarb.com/protection/session_hijacking
+[strict-transport]: http://www.sinatrarb.com/protection/strict_transport
+[xss-header]: http://www.sinatrarb.com/protection/xss_header
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/Rakefile new/Rakefile
--- old/Rakefile        2017-05-07 02:06:07.000000000 +0200
+++ new/Rakefile        2018-02-16 16:43:47.000000000 +0100
@@ -24,7 +24,15 @@
     end
   end
 
-  task :all => [:readmes]
+  task :index do
+    doc = File.read("README.md")
+    file = "doc/rack-protection-readme.md"
+    Dir.mkdir "doc" unless File.directory? "doc"
+    puts "writing #{file}"
+    File.open(file, "w") { |f| f << doc }
+  end
+
+  task :all => [:readmes, :index]
 end
 
 desc "generate documentation"
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/rack/protection/path_traversal.rb 
new/lib/rack/protection/path_traversal.rb
--- old/lib/rack/protection/path_traversal.rb   2017-05-07 02:06:07.000000000 
+0200
+++ new/lib/rack/protection/path_traversal.rb   2018-02-16 16:43:47.000000000 
+0100
@@ -24,14 +24,17 @@
           encoding = path.encoding
           dot   = '.'.encode(encoding)
           slash = '/'.encode(encoding)
+          backslash = '\\'.encode(encoding)
         else
           # Ruby 1.8
           dot   = '.'
           slash = '/'
+          backslash = '\\'
         end
 
         parts     = []
-        unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash)
+        unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash).gsub(/%5c/i, 
backslash)
+        unescaped = unescaped.gsub(backslash, slash)
 
         unescaped.split(slash).each do |part|
           next if part.empty? or part == dot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/lib/rack/protection/version.rb 
new/lib/rack/protection/version.rb
--- old/lib/rack/protection/version.rb  2017-05-07 02:06:07.000000000 +0200
+++ new/lib/rack/protection/version.rb  2018-02-16 16:43:47.000000000 +0100
@@ -1,5 +1,5 @@
 module Rack
   module Protection
-    VERSION = '2.0.0'
+    VERSION = '2.0.1'
   end
 end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata        2017-05-07 02:06:07.000000000 +0200
+++ new/metadata        2018-02-16 16:43:47.000000000 +0100
@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - https://github.com/sinatra/sinatra/graphs/contributors
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-07 00:00:00.000000000 Z
+date: 2018-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -44,14 +44,14 @@
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '3.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '3.6'
 description: Protect against typical web attacks, works with all Rack apps, 
including
   Rails.
 email: sinatr...@googlegroups.com
@@ -83,7 +83,7 @@
 - lib/rack/protection/version.rb
 - lib/rack/protection/xss_header.rb
 - rack-protection.gemspec
-homepage: http://github.com/sinatra/sinatra/tree/master/rack-protection
+homepage: http://www.sinatrarb.com/protection/
 licenses:
 - MIT
 metadata: {}
@@ -103,7 +103,7 @@
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: Protect against typical web attacks, works with all Rack apps, 
including
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/rack-protection.gemspec new/rack-protection.gemspec
--- old/rack-protection.gemspec 2017-05-07 02:06:07.000000000 +0200
+++ new/rack-protection.gemspec 2018-02-16 16:43:47.000000000 +0100
@@ -5,7 +5,7 @@
   s.name        = "rack-protection"
   s.version     = version
   s.description = "Protect against typical web attacks, works with all Rack 
apps, including Rails."
-  s.homepage    = 
"http://github.com/sinatra/sinatra/tree/master/rack-protection";
+  s.homepage    = "http://www.sinatrarb.com/protection/";
   s.summary     = s.description
   s.license     = 'MIT'
   s.authors     = ["https://github.com/sinatra/sinatra/graphs/contributors";]
@@ -21,5 +21,5 @@
   # dependencies
   s.add_dependency "rack"
   s.add_development_dependency "rack-test"
-  s.add_development_dependency "rspec", "~> 3.0.0"
+  s.add_development_dependency "rspec", "~> 3.6"
 end


Reply via email to