File rubygem-rack-1_4.changes of Package rubygem-rack-1_4.33004
------------------------------------------------------------------- Tue Feb 27 16:43:12 UTC 2024 - pgajdos@suse.com - security update - added patches fix CVE-2024-25126 [bsc#1220239], Denial of Service Vulnerability in Rack Content-Type Parsing + rubygem-rack-1_4-CVE-2024-25126.patch fix CVE-2024-26141 [bsc#1220242], Denial of Service Vulnerability in Range request header parsing + rubygem-rack-1_4-CVE-2024-26141.patch fix CVE-2024-26146 [bsc#1220248], Denial of Service vulnerability in Rack headers parsing routine + rubygem-rack-1_4-CVE-2024-26146.patch ------------------------------------------------------------------- Wed Jul 8 14:17:50 UTC 2015 - jmassaguerpla@suse.com - fix CVE-2015-3225: rubygem-rack: Potential Denial of Service Vulnerability in Rack (bnc#934797) CVE-2015-3225.patch contains the fix ------------------------------------------------------------------- Tue Jul 15 16:20:46 UTC 2014 - mrueckert@suse.de - added gem2rpm.yml and regenerated the spec file with it ------------------------------------------------------------------- Thu Jun 26 11:47:27 UTC 2014 - mrueckert@suse.de - the shebang line in the test script is correct. skip this error. ------------------------------------------------------------------- Thu Jun 26 10:16:03 UTC 2014 - mrueckert@suse.de - move to SLE 12 packaging schema ------------------------------------------------------------------- Mon May 13 11:28:47 UTC 2013 - coolo@suse.com - sync gem2rpm template ------------------------------------------------------------------- Mon Feb 11 08:19:08 UTC 2013 - adrian@suse.com - updated to version 1.4.5 * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie * Fix CVE-2013-0262, symlink path traversal in Rack::File - from 1.4.4: * [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings * Fixed erroneous test case in the 1.3.x series ------------------------------------------------------------------- Tue Jan 8 20:26:44 UTC 2013 - coolo@suse.com - updated to version 1.4.3 * Add warnings when users do not provide a session secret * Fix parsing performance for unquoted filenames * Updated URI backports * Fix URI backport version matching, and silence constant warnings * Correct parameter parsing with empty values * Correct rackup '-I' flag, to allow multiple uses * Correct rackup pidfile handling * Report rackup line numbers correctly * Fix request loops caused by non-stale nonces with time limits * Fix reloader on Windows * Prevent infinite recursions from Response#to_ary * Various middleware better conforms to the body close specification * Updated language for the body close specification * Additional notes regarding ECMA escape compatibility issues * Fix the parsing of multiple ranges in range headers * Prevent errors from empty parameter keys * Added PATCH verb to Rack::Request * Various documentation updates * Fix session merge semantics (fixes rack-test) * Rack::Static :index can now handle multiple directories * All tests now utilize Rack::Lint (special thanks to Lars Gierth) * Rack::File cache_control parameter is now deprecated, and removed by 1.5 * Correct Rack::Directory script name escaping * Rack::Static supports header rules for sophisticated configurations * Multipart parsing now works without a Content-Length header * New logos courtesy of Zachary Scott! * Rack::BodyProxy now explicitly defines #each, useful for C extensions * Cookies that are not URI escaped no longer cause exceptions * Security: Prevent unbounded reads in large multipart boundaries ------------------------------------------------------------------- Tue Jul 31 13:13:42 UTC 2012 - jreidinger@suse.com - use new gem2rpm to provide new provisions ------------------------------------------------------------------- Mon Apr 2 12:41:39 UTC 2012 - saschpe@suse.de - Spec file cleanup: * Prepare for Factory submission ------------------------------------------------------------------- Fri Mar 30 13:10:03 UTC 2012 - adrian@suse.de - handle /usr/bin/rackup via update-alternatives ------------------------------------------------------------------- Thu Jan 26 16:06:57 UTC 2012 - mrueckert@suse.de - initial package of the 1.4 branch
