[DRE-commits] [ruby-rack] 02/02: Update debian/changelog

Youhei SASAKI uwabami-guest at moszumanska.debian.org
Wed Jul 29 08:41:12 UTC 2015 

This is an automated email from the git hooks/post-receive script.

uwabami-guest pushed a commit to branch master-1.4.1-wheezy
in repository ruby-rack.

commit d17269dd4404d855f53d20d5d4885d3581bf1c80
Author: Youhei SASAKI <uwabami at gfd-dennou.org>
Date:   Wed Jul 29 16:38:11 2015 +0900

    Update debian/changelog
    
    Signed-off-by: Youhei SASAKI <uwabami at gfd-dennou.org>
---
 debian/changelog                     |  7 +++++++
 debian/patches/1-4-deep_params.patch | 15 +++++++++------
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 102e76e..c941e00 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ruby-rack (1.4.1-3) unstable; urgency=medium
+
+  * Create cherry-picked patch for Security Fix (Closes: #789311).
+    - CVE-2015-3225: 1-4-deep_params.patch
+
+ -- Youhei SASAKI <uwabami at gfd-dennou.org>  Wed, 29 Jul 2015 16:37:25 +0900
+
 ruby-rack (1.4.1-2.1) unstable; urgency=high
 
   [ KURASHIKI Satoru ]
diff --git a/debian/patches/1-4-deep_params.patch b/debian/patches/1-4-deep_params.patch
index 77c9e82..c6f68af 100644
--- a/debian/patches/1-4-deep_params.patch
+++ b/debian/patches/1-4-deep_params.patch
@@ -1,7 +1,6 @@
-From fa15479e232663b2b5b048155b8e74228ab75d7e Mon Sep 17 00:00:00 2001
 From: Aaron Patterson <aaron.patterson () gmail com>
 Date: Tue, 20 Jan 2015 14:30:13 -0800
-Subject: [PATCH] raise an exception if the parameters are too deep
+Subject: raise an exception if the parameters are too deep
 
 CVE-2015-3225
 
@@ -13,9 +12,11 @@ Conflicts:
  test/spec_utils.rb | 12 ++++++++++++
  2 files changed, 23 insertions(+), 4 deletions(-)
 
+diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
+index 6576dd2..4656f4a 100644
 --- a/lib/rack/utils.rb
 +++ b/lib/rack/utils.rb
-@@ -49,12 +49,17 @@
+@@ -49,12 +49,17 @@ module Rack
  
      class << self
        attr_accessor :key_space_limit
@@ -33,7 +34,7 @@ Conflicts:
      # Stolen from Mongrel, with some small modifications:
      # Parses a query string by breaking it up at the '&'
      # and ';' characters.  You can also use this to parse
-@@ -94,7 +99,9 @@
+@@ -94,7 +99,9 @@ module Rack
      end
      module_function :parse_nested_query
  
@@ -44,7 +45,7 @@ Conflicts:
        name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
        k = $1 || ''
        after = $' || ''
-@@ -112,14 +119,14 @@
+@@ -112,14 +119,14 @@ module Rack
          params[k] ||= []
          raise TypeError, "expected Array (got #{params[k].class.name}) for param `#{k}'" unless params[k].is_a?(Array)
          if params_hash_type?(params[k].last) && !params[k].last.key?(child_key)
@@ -62,9 +63,11 @@ Conflicts:
        end
  
        return params
+diff --git a/test/spec_utils.rb b/test/spec_utils.rb
+index 69e3fbb..ac1e003 100644
 --- a/test/spec_utils.rb
 +++ b/test/spec_utils.rb
-@@ -114,6 +114,18 @@
+@@ -114,6 +114,18 @@ describe Rack::Utils do
      Rack::Utils.parse_query("foo%3Dbaz=bar").should.equal "foo=baz" => "bar"
    end
  

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-rack.git

More information about the Pkg-ruby-extras-commits mailing list