File rubygem-rack.changes of Package rubygem-rack.27575
-------------------------------------------------------------------
Fri Jan 27 08:52:49 UTC 2023 - pgajdos@suse.com
- security update
- added patches
fix CVE-2022-44570 [bsc#1207597], denial of service in Content-Disposition parsing
+ rubygem-rack-CVE-2022-44570.patch
fix CVE-2022-44571 [bsc#1207599], denial of service in Content-Disposition parsing
+ rubygem-rack-CVE-2022-44571.patch
fix CVE-2022-44572 [bsc#1207596], denial of service in Content-Disposition parsing
+ rubygem-rack-CVE-2022-44572.patch
-------------------------------------------------------------------
Thu Sep 15 15:04:48 UTC 2022 - pgajdos@suse.com
- security update
- added patches
fix CVE-2020-8184 [bsc#1173351], percent-encoded cookies can be used to overwrite existing prefixed cookie names
+ rubygem-rack-CVE-2020-8184.patch
fix CVE-2020-8161 [bsc#1172037], directory traversal in Rack:Directory
+ rubygem-rack-CVE-2020-8161.patch
-------------------------------------------------------------------
Tue Jun 21 13:38:24 UTC 2022 - pgajdos@suse.com
- security update
- added patches
fix CVE-2022-30122 [bsc#1200748], crafted multipart POST request may cause a DoS
+ rubygem-rack-CVE-2022-30122.patch
fix CVE-2022-30123 [bsc#1200750], crafted requests can cause shell escape sequences
+ rubygem-rack-CVE-2022-30123.patch
-------------------------------------------------------------------
Thu Dec 19 08:55:14 UTC 2019 - David Kang <dkang@suse.com>
- updated to version 2.0.8
* CVE-2019-16782: Possible information leak / session hijack vulnerability
-------------------------------------------------------------------
Sat Apr 6 17:52:23 UTC 2019 - manuel <mschnitzer@suse.com>
- updated to version 2.0.7
no changelog found
-------------------------------------------------------------------
Tue Nov 6 23:24:32 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
- update to 2.0.6:
* CVE-2018-16471: cross-site scripting (XSS) flaw via the scheme
method on Rack::Request (bsc#1114828)
-------------------------------------------------------------------
Mon Apr 23 18:18:04 UTC 2018 - factory-auto@kulow.org
- updated to version 2.0.5
see installed HISTORY.md
-------------------------------------------------------------------
Mon Apr 16 15:47:33 UTC 2018 - mschnitzer@suse.com
- Only build against ruby versions 2.3.x, 2.4.x, and 2.5.x
- Fix package build by removing the executable bit for 'test.gz' file in gem
-------------------------------------------------------------------
Thu Feb 8 06:21:32 UTC 2018 - coolo@suse.com
- updated to version 2.0.4
see installed HISTORY.md
-------------------------------------------------------------------
Tue Oct 31 14:09:19 UTC 2017 - mrueckert@suse.de
- only build for 2.3+ from now
-------------------------------------------------------------------
Wed Jun 7 16:24:31 UTC 2017 - mrueckert@suse.de
- re-add the rb_build_versions and rb_default_ruby_abi as otherwise
building on older distros fails.
- add ruby 2.4
-------------------------------------------------------------------
Thu Jun 1 18:55:47 UTC 2017 - opensuse_buildservice@ojkastl.de
- removed manual definition of rb_build_versions and rb_default_ruby_abi from gem2rpm.yml; recreated spec
-------------------------------------------------------------------
Tue May 23 10:12:04 UTC 2017 - coolo@suse.com
- updated to version 2.0.3
see installed HISTORY.md
-------------------------------------------------------------------
Wed Jul 6 01:17:36 UTC 2016 - mrueckert@suse.de
- make build again by only building for 2.2 and newer
-------------------------------------------------------------------
Fri Jul 1 04:34:13 UTC 2016 - coolo@suse.com
- updated to version 2.0.1
see installed HISTORY.md
-------------------------------------------------------------------
Fri Jun 19 04:32:19 UTC 2015 - coolo@suse.com
- updated to version 1.6.4
see installed HISTORY.md
Fri Jun 19 07:14:50 2015 Matthew Draper <matthew@trebex.net>
* Work around a Rails incompatibility in our private API
-------------------------------------------------------------------
Wed Jun 17 04:37:32 UTC 2015 - coolo@suse.com
- updated to version 1.6.2
see installed HISTORY.md
Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
* Prevent extremely deep parameters from being parsed. CVE-2015-3225
-------------------------------------------------------------------
Thu May 7 04:29:35 UTC 2015 - coolo@suse.com
- updated to version 1.6.1
no changelog found
-------------------------------------------------------------------
Fri Feb 6 18:18:15 UTC 2015 - coolo@suse.com
- updated to version 1.6.0
-------------------------------------------------------------------
Sat Nov 1 23:17:03 UTC 2014 - tboerger@suse.com
- Fixed all rpmlintrc errors to prevent failing builds with
multiple ruby versions
-------------------------------------------------------------------
Mon Sep 29 20:13:50 UTC 2014 - mrueckert@suse.de
- added rpmlintrc to ignore the rackup shebang line in a test case
- updated to new packaging scheme and add gem2rpm.yml
-------------------------------------------------------------------
Tue May 28 05:28:04 UTC 2013 - coolo@suse.com
- new template version
-------------------------------------------------------------------
Tue Feb 12 13:45:09 UTC 2013 - coolo@suse.com
- updated to version 1.5.2
* February 7th, Thirty fifth public release 1.5.2
* Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
* Fix CVE-2013-0262, symlink path traversal in Rack::File
* Add various methods to Session for enhanced Rails compatibility
* Request#trusted_proxy? now only matches whole stirngs
* Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
* URLMap host matching in environments that don't set the Host header fixed
* Fix a race condition that could result in overwritten pidfiles
* Various documentation additions
-------------------------------------------------------------------
Sun Feb 3 17:14:19 UTC 2013 - coolo@suse.com
- updated to version 1.5.1
-------------------------------------------------------------------
Thu Jan 24 06:34:01 UTC 2013 - coolo@suse.com
- update to version 1.5.0, remove suffix
* Introduced hijack SPEC, for before-response and after-response hijacking
* SessionHash is no longer a Hash subclass
* Rack::File cache_control parameter is removed, in place of headers options
* Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
* Rack::Utils cookie functions now format expires in RFC 2822 format
* Rack::File now has a default mime type
* rackup -b 'run Rack::File.new(".")', option provides command line configs
* Rack::Deflater will no longer double encode bodies
* Rack::Mime#match? provides convenience for Accept header matching
* Rack::Utils#q_values provides splitting for Accept headers
* Rack::Utils#best_q_match provides a helper for Accept headers
* Rack::Handler.pick provides convenience for finding available servers
* Puma added to the list of default servers (preferred over Webrick)
* Various middleware now correctly close body when replacing it
* Rack::Request#params is no longer persistent with only GET params
* Rack::Request#update_param and #delete_param provide persistent operations
* Rack::Request#trusted_proxy? now returns true for local unix sockets
* Rack::Response no longer forces Content-Types
* Rack::Sendfile provides local mapping configuration options
* Rack::Utils#rfc2109 provides old netscape style time output
* Updated HTTP status codes
* Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
-------------------------------------------------------------------
Tue Jan 8 20:26:44 UTC 2013 - coolo@suse.com
- updated to version 1.4.3
* Add warnings when users do not provide a session secret
* Fix parsing performance for unquoted filenames
* Updated URI backports
* Fix URI backport version matching, and silence constant warnings
* Correct parameter parsing with empty values
* Correct rackup '-I' flag, to allow multiple uses
* Correct rackup pidfile handling
* Report rackup line numbers correctly
* Fix request loops caused by non-stale nonces with time limits
* Fix reloader on Windows
* Prevent infinite recursions from Response#to_ary
* Various middleware better conforms to the body close specification
* Updated language for the body close specification
* Additional notes regarding ECMA escape compatibility issues
* Fix the parsing of multiple ranges in range headers
* Prevent errors from empty parameter keys
* Added PATCH verb to Rack::Request
* Various documentation updates
* Fix session merge semantics (fixes rack-test)
* Rack::Static :index can now handle multiple directories
* All tests now utilize Rack::Lint (special thanks to Lars Gierth)
* Rack::File cache_control parameter is now deprecated, and removed by 1.5
* Correct Rack::Directory script name escaping
* Rack::Static supports header rules for sophisticated configurations
* Multipart parsing now works without a Content-Length header
* New logos courtesy of Zachary Scott!
* Rack::BodyProxy now explicitly defines #each, useful for C extensions
* Cookies that are not URI escaped no longer cause exceptions
* Security: Prevent unbounded reads in large multipart boundaries
-------------------------------------------------------------------
Tue Jul 31 13:13:42 UTC 2012 - jreidinger@suse.com
- use new gem2rpm to provide new provisions
-------------------------------------------------------------------
Mon Apr 2 12:41:39 UTC 2012 - saschpe@suse.de
- Spec file cleanup:
* Prepare for Factory submission
-------------------------------------------------------------------
Fri Mar 30 13:10:03 UTC 2012 - adrian@suse.de
- handle /usr/bin/rackup via update-alternatives
-------------------------------------------------------------------
Thu Jan 26 16:06:57 UTC 2012 - mrueckert@suse.de
- initial package of the 1.4 branch
