[DRE-commits] [ruby-rack-protection] 01/04: Imported Upstream version 1.5.2

Youhei SASAKI uwabami-guest at moszumanska.debian.org
Sun Mar 23 11:52:06 UTC 2014 

This is an automated email from the git hooks/post-receive script.

uwabami-guest pushed a commit to annotated tag debian/1.5.2-1
in repository ruby-rack-protection.

commit 202becea4e627dd5a01163c1218d60cd77edc160
Author: Youhei SASAKI <uwabami at gfd-dennou.org>
Date:   Sun Mar 23 20:45:28 2014 +0900

    Imported Upstream version 1.5.2
---
 checksums.yaml.gz                        | Bin 268 -> 268 bytes
 lib/rack/protection/session_hijacking.rb |   6 +++---
 lib/rack/protection/version.rb           |   2 +-
 metadata.yml                             |  15 +++++++++------
 rack-protection.gemspec                  |  10 +++++++---
 spec/escaped_params_spec.rb              |   1 -
 spec/session_hijacking_spec.rb           |   5 +++--
 7 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/checksums.yaml.gz b/checksums.yaml.gz
index 98d87aa..fff7f75 100644
Binary files a/checksums.yaml.gz and b/checksums.yaml.gz differ
diff --git a/lib/rack/protection/session_hijacking.rb b/lib/rack/protection/session_hijacking.rb
index b6738ff..4ab047a 100644
--- a/lib/rack/protection/session_hijacking.rb
+++ b/lib/rack/protection/session_hijacking.rb
@@ -9,12 +9,12 @@ module Rack
     #
     # Tracks request properties like the user agent in the session and empties
     # the session if those properties change. This essentially prevents attacks
-    # from Firesheep. Since all headers taken into consideration might be
-    # spoofed, too, this will not prevent all hijacking attempts.
+    # from Firesheep. Since all headers taken into consideration can be
+    # spoofed, too, this will not prevent determined hijacking attempts.
     class SessionHijacking < Base
       default_reaction :drop_session
       default_options :tracking_key => :tracking, :encrypt_tracking => true,
-        :track => %w[HTTP_USER_AGENT HTTP_ACCEPT_ENCODING HTTP_ACCEPT_LANGUAGE]
+        :track => %w[HTTP_USER_AGENT HTTP_ACCEPT_LANGUAGE]
 
       def accepts?(env)
         session = session env
diff --git a/lib/rack/protection/version.rb b/lib/rack/protection/version.rb
index 48f0d40..35c918a 100644
--- a/lib/rack/protection/version.rb
+++ b/lib/rack/protection/version.rb
@@ -4,7 +4,7 @@ module Rack
       VERSION
     end
 
-    SIGNATURE = [1, 5, 1]
+    SIGNATURE = [1, 5, 2]
     VERSION   = SIGNATURE.join('.')
 
     VERSION.extend Comparable
diff --git a/metadata.yml b/metadata.yml
index 7b09052..ecefb07 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,25 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: rack-protection
 version: !ruby/object:Gem::Version
-  version: 1.5.1
+  version: 1.5.2
 platform: ruby
 authors:
 - Konstantin Haase
 - Alex Rodionov
 - Patrick Ellis
-- Jeff Welling
 - ITO Nobuaki
 - Matteo Centenaro
+- Jeff Welling
 - David Kellum
 - Egor Homakov
 - Florian Gilcher
 - Fojas
 - Mael Clerambault
 - Martin Mauch
+- Renne Nissinen
 - SAKAI, Kazuaki
 - Stanislav Savulchik
 - Steve Agalloco
 - TOBY
+- Vipul A M
 - Akzhan Abdulin
 - brookemckim
 - Bjørge Næss
@@ -30,7 +32,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-21 00:00:00.000000000 Z
+date: 2014-01-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -80,17 +82,19 @@ email:
 - p0deje at gmail.com
 - patrick at soundcloud.com
 - jeff.welling at gmail.com
-- bugant at gmail.com
 - daydream.trippers at gmail.com
+- bugant at gmail.com
 - homakov at gmail.com
 - florian.gilcher at asquera.de
 - developer at fojasaur.us
 - mael at clerambault.fr
 - martin.mauch at gmail.com
+- rennex at iki.fi
 - kaz.july.7 at gmail.com
 - s.savulchik at gmail.com
 - steve.agalloco at gmail.com
 - toby.net.info.mail+git at gmail.com
+- vipulnsward at gmail.com
 - akzhan.abdulin at gmail.com
 - brooke at digitalocean.com
 - bjoerge at bengler.no
@@ -158,9 +162,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.7
+rubygems_version: 2.2.0
 signing_key: 
 specification_version: 4
 summary: You should use protection!
 test_files: []
-has_rdoc: 
diff --git a/rack-protection.gemspec b/rack-protection.gemspec
index 2c7450a..3055cd2 100644
--- a/rack-protection.gemspec
+++ b/rack-protection.gemspec
@@ -2,7 +2,7 @@
 Gem::Specification.new do |s|
   # general infos
   s.name        = "rack-protection"
-  s.version     = "1.5.1"
+  s.version     = "1.5.2"
   s.description = "You should use protection!"
   s.homepage    = "http://github.com/rkh/rack-protection"
   s.summary     = s.description
@@ -13,19 +13,21 @@ Gem::Specification.new do |s|
     "Konstantin Haase",
     "Alex Rodionov",
     "Patrick Ellis",
-    "Jeff Welling",
     "ITO Nobuaki",
     "Matteo Centenaro",
+    "Jeff Welling",
     "David Kellum",
     "Egor Homakov",
     "Florian Gilcher",
     "Fojas",
     "Mael Clerambault",
     "Martin Mauch",
+    "Renne Nissinen",
     "SAKAI, Kazuaki",
     "Stanislav Savulchik",
     "Steve Agalloco",
     "TOBY",
+    "Vipul A M",
     "Akzhan Abdulin",
     "brookemckim",
     "Bj\u00F8rge N\u00E6ss",
@@ -41,17 +43,19 @@ Gem::Specification.new do |s|
     "p0deje at gmail.com",
     "patrick at soundcloud.com",
     "jeff.welling at gmail.com",
-    "bugant at gmail.com",
     "daydream.trippers at gmail.com",
+    "bugant at gmail.com",
     "homakov at gmail.com",
     "florian.gilcher at asquera.de",
     "developer at fojasaur.us",
     "mael at clerambault.fr",
     "martin.mauch at gmail.com",
+    "rennex at iki.fi",
     "kaz.july.7 at gmail.com",
     "s.savulchik at gmail.com",
     "steve.agalloco at gmail.com",
     "toby.net.info.mail+git at gmail.com",
+    "vipulnsward at gmail.com",
     "akzhan.abdulin at gmail.com",
     "brooke at digitalocean.com",
     "bjoerge at bengler.no",
diff --git a/spec/escaped_params_spec.rb b/spec/escaped_params_spec.rb
index 0bd43dc..17afa80 100644
--- a/spec/escaped_params_spec.rb
+++ b/spec/escaped_params_spec.rb
@@ -33,7 +33,6 @@ describe Rack::Protection::EscapedParams do
 
     it 'leaves cache-breaker params untouched' do
       mock_app do |env|
-        request = Rack::Request.new(env)
         [200, {'Content-Type' => 'text/plain'}, ['hi']]
       end
 
diff --git a/spec/session_hijacking_spec.rb b/spec/session_hijacking_spec.rb
index 1692aa9..21cd13f 100644
--- a/spec/session_hijacking_spec.rb
+++ b/spec/session_hijacking_spec.rb
@@ -17,11 +17,12 @@ describe Rack::Protection::SessionHijacking do
     session.should be_empty
   end
 
-  it "denies requests with a changing Accept-Encoding header" do
+  it "accepts requests with a changing Accept-Encoding header" do
+    # this is tested because previously it led to clearing the session
     session = {:foo => :bar}
     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'a'
     get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_ENCODING' => 'b'
-    session.should be_empty
+    session.should_not be_empty
   end
 
   it "denies requests with a changing Accept-Language header" do

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-rack-protection.git

More information about the Pkg-ruby-extras-commits mailing list