Hello community,
here is the log from the commit of package rubygem-rack-1_6 for
openSUSE:Factory checked in at 2018-12-04 20:57:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack-1_6 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack-1_6.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack-1_6"
Tue Dec 4 20:57:05 2018 rev:6 rq:653707 version:1.6.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack-1_6/rubygem-rack-1_6.changes
2018-07-18 22:52:08.223319601 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-rack-1_6.new.19453/rubygem-rack-1_6.changes
2018-12-04 20:57:07.036667188 +0100
@@ -1,0 +2,6 @@
+Thu Nov 22 05:29:29 UTC 2018 - Stephan Kulow <[email protected]>
+
+- updated to version 1.6.11
+ see installed HISTORY.md
+
+-------------------------------------------------------------------
Old:
----
rack-1.6.10.gem
New:
----
rack-1.6.11.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack-1_6.spec ++++++
--- /var/tmp/diff_new_pack.uNzJ4W/_old 2018-12-04 20:57:07.484666694 +0100
+++ /var/tmp/diff_new_pack.uNzJ4W/_new 2018-12-04 20:57:07.484666694 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -24,7 +24,7 @@
#
Name: rubygem-rack-1_6
-Version: 1.6.10
+Version: 1.6.11
Release: 0
%define mod_name rack
%define mod_full_name %{mod_name}-%{version}
++++++ rack-1.6.10.gem -> rack-1.6.11.gem ++++++
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/request.rb new/lib/rack/request.rb
--- old/lib/rack/request.rb 2018-04-23 19:51:23.000000000 +0200
+++ new/lib/rack/request.rb 2018-11-05 20:58:43.000000000 +0100
@@ -13,6 +13,8 @@
# The environment of the request.
attr_reader :env
+ SCHEME_WHITELIST = %w(https http).freeze
+
def initialize(env)
@env = env
end
@@ -68,10 +70,8 @@
'https'
elsif @env['HTTP_X_FORWARDED_SSL'] == 'on'
'https'
- elsif @env['HTTP_X_FORWARDED_SCHEME']
- @env['HTTP_X_FORWARDED_SCHEME']
- elsif @env['HTTP_X_FORWARDED_PROTO']
- @env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
+ elsif forwarded_scheme
+ forwarded_scheme
else
@env["rack.url_scheme"]
end
@@ -394,5 +394,18 @@
s
end
end
+
+ def forwarded_scheme
+ scheme_headers = [
+ @env['HTTP_X_FORWARDED_SCHEME'],
+ @env['HTTP_X_FORWARDED_PROTO'].to_s.split(',')[0]
+ ]
+
+ scheme_headers.each do |header|
+ return header if SCHEME_WHITELIST.include?(header)
+ end
+
+ nil
+ end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack/showexceptions.rb
new/lib/rack/showexceptions.rb
--- old/lib/rack/showexceptions.rb 2018-04-23 19:51:23.000000000 +0200
+++ new/lib/rack/showexceptions.rb 2018-11-05 20:58:43.000000000 +0100
@@ -47,7 +47,7 @@
end
def prefers_plaintext?(env)
- !accepts_html(env)
+ !accepts_html?(env)
end
def accepts_html?(env)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/rack.rb new/lib/rack.rb
--- old/lib/rack.rb 2018-04-23 19:51:23.000000000 +0200
+++ new/lib/rack.rb 2018-11-05 20:58:43.000000000 +0100
@@ -20,7 +20,7 @@
# Return the Rack release as a dotted string.
def self.release
- "1.6.10"
+ "1.6.11"
end
PATH_INFO = 'PATH_INFO'.freeze
REQUEST_METHOD = 'REQUEST_METHOD'.freeze
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2018-04-23 19:51:23.000000000 +0200
+++ new/metadata 2018-11-05 20:58:43.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: rack
version: !ruby/object:Gem::Version
- version: 1.6.10
+ version: 1.6.11
platform: ruby
authors:
- Christian Neukirchen
autorequire:
bindir: bin
cert_chain: []
-date: 2018-04-23 00:00:00.000000000 Z
+date: 2018-11-05 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: bacon
@@ -256,57 +256,57 @@
version: '0'
requirements: []
rubyforge_project: rack
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
signing_key:
specification_version: 4
summary: a modular Ruby webserver interface
test_files:
-- test/spec_auth_basic.rb
-- test/spec_auth_digest.rb
-- test/spec_body_proxy.rb
-- test/spec_builder.rb
-- test/spec_cascade.rb
-- test/spec_cgi.rb
-- test/spec_chunked.rb
-- test/spec_commonlogger.rb
-- test/spec_conditionalget.rb
-- test/spec_config.rb
-- test/spec_content_length.rb
-- test/spec_content_type.rb
+- test/spec_multipart.rb
- test/spec_deflater.rb
-- test/spec_directory.rb
+- test/spec_static.rb
+- test/spec_session_cookie.rb
+- test/spec_commonlogger.rb
+- test/spec_session_pool.rb
+- test/spec_methodoverride.rb
- test/spec_etag.rb
-- test/spec_fastcgi.rb
-- test/spec_file.rb
+- test/spec_version.rb
- test/spec_handler.rb
-- test/spec_head.rb
-- test/spec_lint.rb
-- test/spec_lobster.rb
-- test/spec_lock.rb
-- test/spec_logger.rb
-- test/spec_methodoverride.rb
+- test/spec_thin.rb
+- test/spec_showexceptions.rb
+- test/spec_session_abstract_id.rb
- test/spec_mime.rb
-- test/spec_mock.rb
-- test/spec_mongrel.rb
-- test/spec_multipart.rb
-- test/spec_nulllogger.rb
- test/spec_recursive.rb
+- test/spec_cgi.rb
+- test/spec_content_type.rb
- test/spec_request.rb
-- test/spec_response.rb
-- test/spec_rewindable_input.rb
+- test/spec_showstatus.rb
+- test/spec_chunked.rb
- test/spec_runtime.rb
+- test/spec_fastcgi.rb
+- test/spec_builder.rb
+- test/spec_config.rb
+- test/spec_mongrel.rb
+- test/spec_utils.rb
- test/spec_sendfile.rb
-- test/spec_server.rb
-- test/spec_session_abstract_id.rb
-- test/spec_session_cookie.rb
-- test/spec_session_memcache.rb
-- test/spec_session_pool.rb
-- test/spec_showexceptions.rb
-- test/spec_showstatus.rb
-- test/spec_static.rb
+- test/spec_lobster.rb
+- test/spec_lint.rb
- test/spec_tempfile_reaper.rb
-- test/spec_thin.rb
-- test/spec_urlmap.rb
-- test/spec_utils.rb
-- test/spec_version.rb
+- test/spec_mock.rb
+- test/spec_conditionalget.rb
+- test/spec_server.rb
+- test/spec_directory.rb
- test/spec_webrick.rb
+- test/spec_response.rb
+- test/spec_file.rb
+- test/spec_body_proxy.rb
+- test/spec_logger.rb
+- test/spec_auth_digest.rb
+- test/spec_urlmap.rb
+- test/spec_nulllogger.rb
+- test/spec_cascade.rb
+- test/spec_auth_basic.rb
+- test/spec_head.rb
+- test/spec_lock.rb
+- test/spec_rewindable_input.rb
+- test/spec_session_memcache.rb
+- test/spec_content_length.rb
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rack.gemspec new/rack.gemspec
--- old/rack.gemspec 2018-04-23 19:51:23.000000000 +0200
+++ new/rack.gemspec 2018-11-05 20:58:43.000000000 +0100
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = "rack"
- s.version = "1.6.10"
+ s.version = "1.6.11"
s.platform = Gem::Platform::RUBY
s.summary = "a modular Ruby webserver interface"
s.license = "MIT"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/test/spec_request.rb new/test/spec_request.rb
--- old/test/spec_request.rb 2018-04-23 19:51:23.000000000 +0200
+++ new/test/spec_request.rb 2018-11-05 20:58:43.000000000 +0100
@@ -425,6 +425,11 @@
request.should.be.ssl?
end
+ should "prevent scheme abuse" do
+ request = Rack::Request.new(Rack::MockRequest.env_for("/",
'HTTP_X_FORWARDED_SCHEME' => 'a."><script>alert(1)</script>'))
+ request.scheme.should.not.equal 'a."><script>alert(1)</script>'
+ end
+
should "parse cookies" do
req = Rack::Request.new \
Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=bar;quux=h&m")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/test/spec_showexceptions.rb
new/test/spec_showexceptions.rb
--- old/test/spec_showexceptions.rb 2018-04-23 19:51:23.000000000 +0200
+++ new/test/spec_showexceptions.rb 2018-11-05 20:58:43.000000000 +0100
@@ -82,4 +82,17 @@
res.should =~ /ShowExceptions/
res.should =~ /unknown location/
end
+
+ it "knows to prefer plaintext for non-html" do
+ # We don't need an app for this
+ exc = Rack::ShowExceptions.new(nil)
+
+ [
+ [{ "HTTP_ACCEPT" => "text/plain" }, true],
+ [{ "HTTP_ACCEPT" => "text/foo" }, true],
+ [{ "HTTP_ACCEPT" => "text/html" }, false]
+ ].each do |env, expected|
+ assert_equal(expected, exc.prefers_plaintext?(env))
+ end
+ end
end
