Hello community,
here is the log from the commit of package rubygem-rack-protection for
openSUSE:Factory checked in at 2018-02-19 13:03:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-protection (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack-protection.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-protection"
Mon Feb 19 13:03:40 2018 rev:3 rq:577914 version:2.0.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-rack-protection/rubygem-rack-protection.changes
2017-06-08 15:01:31.723508242 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-rack-protection.new/rubygem-rack-protection.changes
2018-02-19 13:04:18.082863967 +0100
@@ -1,0 +2,6 @@
+Sat Feb 17 05:31:13 UTC 2018 - [email protected]
+
+- updated to version 2.0.1
+ no changelog found
+
+-------------------------------------------------------------------
Old:
----
rack-protection-2.0.0.gem
New:
----
rack-protection-2.0.1.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack-protection.spec ++++++
--- /var/tmp/diff_new_pack.HcehXC/_old 2018-02-19 13:04:18.822837281 +0100
+++ /var/tmp/diff_new_pack.HcehXC/_new 2018-02-19 13:04:18.826837136 +0100
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-rack-protection
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-rack-protection
-Version: 2.0.0
+Version: 2.0.1
Release: 0
%define mod_name rack-protection
%define mod_full_name %{mod_name}-%{version}
@@ -32,8 +32,8 @@
BuildRequires: %{rubygem gem2rpm}
BuildRequires: %{ruby}
BuildRequires: ruby-macros >= 5
-Url: http://github.com/sinatra/sinatra/tree/master/rack-protection
-Source: http://rubygems.org/gems/%{mod_full_name}.gem
+Url: http://www.sinatrarb.com/protection/
+Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1: gem2rpm.yml
Summary: Protect against typical web attacks, works with all Rack apps,
License: MIT
++++++ rack-protection-2.0.0.gem -> rack-protection-2.0.1.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2017-05-07 02:06:07.000000000 +0200
+++ new/README.md 2018-02-16 16:43:47.000000000 +0100
@@ -1,7 +1,5 @@
# Rack::Protection
-[](http://travis-ci.org/sinatra/rack-protection)
-
This gem protects against typical web attacks.
Should work for all Rack apps, including Rails.
@@ -40,55 +38,55 @@
Prevented by:
-* `Rack::Protection::AuthenticityToken` (not included by `use
Rack::Protection`)
-* `Rack::Protection::FormToken` (not included by `use Rack::Protection`)
-* `Rack::Protection::JsonCsrf`
-* `Rack::Protection::RemoteReferrer` (not included by `use Rack::Protection`)
-* `Rack::Protection::RemoteToken`
-* `Rack::Protection::HttpOrigin`
+* [`Rack::Protection::AuthenticityToken`][authenticity-token] (not included by
`use Rack::Protection`)
+* [`Rack::Protection::FormToken`][form-token] (not included by `use
Rack::Protection`)
+* [`Rack::Protection::JsonCsrf`][json-csrf]
+* [`Rack::Protection::RemoteReferrer`][remote-referrer] (not included by `use
Rack::Protection`)
+* [`Rack::Protection::RemoteToken`][remote-token]
+* [`Rack::Protection::HttpOrigin`][http-origin]
## Cross Site Scripting
Prevented by:
-* `Rack::Protection::EscapedParams` (not included by `use Rack::Protection`)
-* `Rack::Protection::XSSHeader` (Internet Explorer and Chrome only)
-* `Rack::Protection::ContentSecurityPolicy`
+* [`Rack::Protection::EscapedParams`][escaped-params] (not included by `use
Rack::Protection`)
+* [`Rack::Protection::XSSHeader`][xss-header] (Internet Explorer and Chrome
only)
+* [`Rack::Protection::ContentSecurityPolicy`][content-security-policy]
## Clickjacking
Prevented by:
-* `Rack::Protection::FrameOptions`
+* [`Rack::Protection::FrameOptions`][frame-options]
## Directory Traversal
Prevented by:
-* `Rack::Protection::PathTraversal`
+* [`Rack::Protection::PathTraversal`][path-traversal]
## Session Hijacking
Prevented by:
-* `Rack::Protection::SessionHijacking`
+* [`Rack::Protection::SessionHijacking`][session-hijacking]
## Cookie Tossing
Prevented by:
-* `Rack::Protection::CookieTossing` (not included by `use Rack::Protection`)
+* [`Rack::Protection::CookieTossing`][cookie-tossing] (not included by `use
Rack::Protection`)
## IP Spoofing
Prevented by:
-* `Rack::Protection::IPSpoofing`
+* [`Rack::Protection::IPSpoofing`][ip-spoofing]
## Helps to protect against protocol downgrade attacks and cookie hijacking
Prevented by:
-* `Rack::Protection::StrictTransport` (not included by `use Rack::Protection`)
+* [`Rack::Protection::StrictTransport`][strict-transport] (not included by
`use Rack::Protection`)
# Installation
@@ -102,3 +100,19 @@
```
The instrumenter is passed a namespace (String) and environment (Hash). The
namespace is 'rack.protection' and the attack type can be obtained from the
environment key 'rack.protection.attack'.
+
+[authenticity-token]: http://www.sinatrarb.com/protection/authenticity_token
+[content-security-policy]:
http://www.sinatrarb.com/protection/content_security_policy
+[cookie-tossing]: http://www.sinatrarb.com/protection/cookie_tossing
+[escaped-params]: http://www.sinatrarb.com/protection/escaped_params
+[form-token]: http://www.sinatrarb.com/protection/form_token
+[frame-options]: http://www.sinatrarb.com/protection/frame_options
+[http-origin]: http://www.sinatrarb.com/protection/http_origin
+[ip-spoofing]: http://www.sinatrarb.com/protection/ip_spoofing
+[json-csrf]: http://www.sinatrarb.com/protection/json_csrf
+[path-traversal]: http://www.sinatrarb.com/protection/path_traversal
+[remote-referrer]: http://www.sinatrarb.com/protection/remote_referrer
+[remote-token]: http://www.sinatrarb.com/protection/remote_token
+[session-hijacking]: http://www.sinatrarb.com/protection/session_hijacking
+[strict-transport]: http://www.sinatrarb.com/protection/strict_transport
+[xss-header]: http://www.sinatrarb.com/protection/xss_header
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Rakefile new/Rakefile
--- old/Rakefile 2017-05-07 02:06:07.000000000 +0200
+++ new/Rakefile 2018-02-16 16:43:47.000000000 +0100
@@ -24,7 +24,15 @@
end
end
- task :all => [:readmes]
+ task :index do
+ doc = File.read("README.md")
+ file = "doc/rack-protection-readme.md"
+ Dir.mkdir "doc" unless File.directory? "doc"
+ puts "writing #{file}"
+ File.open(file, "w") { |f| f << doc }
+ end
+
+ task :all => [:readmes, :index]
end
desc "generate documentation"
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/protection/path_traversal.rb
new/lib/rack/protection/path_traversal.rb
--- old/lib/rack/protection/path_traversal.rb 2017-05-07 02:06:07.000000000
+0200
+++ new/lib/rack/protection/path_traversal.rb 2018-02-16 16:43:47.000000000
+0100
@@ -24,14 +24,17 @@
encoding = path.encoding
dot = '.'.encode(encoding)
slash = '/'.encode(encoding)
+ backslash = '\\'.encode(encoding)
else
# Ruby 1.8
dot = '.'
slash = '/'
+ backslash = '\\'
end
parts = []
- unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash)
+ unescaped = path.gsub(/%2e/i, dot).gsub(/%2f/i, slash).gsub(/%5c/i,
backslash)
+ unescaped = unescaped.gsub(backslash, slash)
unescaped.split(slash).each do |part|
next if part.empty? or part == dot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/protection/version.rb
new/lib/rack/protection/version.rb
--- old/lib/rack/protection/version.rb 2017-05-07 02:06:07.000000000 +0200
+++ new/lib/rack/protection/version.rb 2018-02-16 16:43:47.000000000 +0100
@@ -1,5 +1,5 @@
module Rack
module Protection
- VERSION = '2.0.0'
+ VERSION = '2.0.1'
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2017-05-07 02:06:07.000000000 +0200
+++ new/metadata 2018-02-16 16:43:47.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: rack-protection
version: !ruby/object:Gem::Version
- version: 2.0.0
+ version: 2.0.1
platform: ruby
authors:
- https://github.com/sinatra/sinatra/graphs/contributors
autorequire:
bindir: bin
cert_chain: []
-date: 2017-05-07 00:00:00.000000000 Z
+date: 2018-02-16 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: rack
@@ -44,14 +44,14 @@
requirements:
- - "~>"
- !ruby/object:Gem::Version
- version: 3.0.0
+ version: '3.6'
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - "~>"
- !ruby/object:Gem::Version
- version: 3.0.0
+ version: '3.6'
description: Protect against typical web attacks, works with all Rack apps,
including
Rails.
email: [email protected]
@@ -83,7 +83,7 @@
- lib/rack/protection/version.rb
- lib/rack/protection/xss_header.rb
- rack-protection.gemspec
-homepage: http://github.com/sinatra/sinatra/tree/master/rack-protection
+homepage: http://www.sinatrarb.com/protection/
licenses:
- MIT
metadata: {}
@@ -103,7 +103,7 @@
version: '0'
requirements: []
rubyforge_project:
-rubygems_version: 2.6.11
+rubygems_version: 2.6.8
signing_key:
specification_version: 4
summary: Protect against typical web attacks, works with all Rack apps,
including
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rack-protection.gemspec new/rack-protection.gemspec
--- old/rack-protection.gemspec 2017-05-07 02:06:07.000000000 +0200
+++ new/rack-protection.gemspec 2018-02-16 16:43:47.000000000 +0100
@@ -5,7 +5,7 @@
s.name = "rack-protection"
s.version = version
s.description = "Protect against typical web attacks, works with all Rack
apps, including Rails."
- s.homepage =
"http://github.com/sinatra/sinatra/tree/master/rack-protection";
+ s.homepage = "http://www.sinatrarb.com/protection/";
s.summary = s.description
s.license = 'MIT'
s.authors = ["https://github.com/sinatra/sinatra/graphs/contributors";]
@@ -21,5 +21,5 @@
# dependencies
s.add_dependency "rack"
s.add_development_dependency "rack-test"
- s.add_development_dependency "rspec", "~> 3.0.0"
+ s.add_development_dependency "rspec", "~> 3.6"
end
