Hello community,
here is the log from the commit of package rubygem-rack for openSUSE:Factory checked in at 2015-05-10 10:46:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-rack (Old)
and /work/SRC/openSUSE:Factory/.rubygem-rack.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-rack"
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-rack/rubygem-rack.changes 2015-02-10 20:22:13.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.rubygem-rack.new/rubygem-rack.changes 2015-05-10 10:46:01.000000000 +0200
@@ -1,0 +2,6 @@
+Thu May 7 04:29:35 UTC 2015 - coolo@suse.com
+
+- updated to version 1.6.1
+ no changelog found
+
+-------------------------------------------------------------------
Old:
----
rack-1.6.0.gem
New:
----
rack-1.6.1.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-rack.spec ++++++
--- /var/tmp/diff_new_pack.wYQXuc/_old 2015-05-10 10:46:01.000000000 +0200
+++ /var/tmp/diff_new_pack.wYQXuc/_new 2015-05-10 10:46:01.000000000 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-rack
-Version: 1.6.0
+Version: 1.6.1
Release: 0
%define mod_name rack
%define mod_full_name %{mod_name}-%{version}
@@ -60,7 +60,7 @@
%install
%gem_install \
--symlink-binaries \
- --doc-files="COPYING README.rdoc" \
+ --doc-files="COPYING HISTORY.md README.rdoc" \
-f
# MANUAL
%fdupes %{buildroot}%{_libdir}/ruby/gems/*/gems/%{mod_name}-%{version}/
++++++ rack-1.6.0.gem -> rack-1.6.1.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/COPYING new/COPYING
--- old/COPYING 2014-12-18 23:39:06.000000000 +0100
+++ new/COPYING 2015-05-06 20:37:07.000000000 +0200
@@ -1,4 +1,4 @@
-Copyright (c) 2007, 2008, 2009, 2010, 2011, 2012 Christian Neukirchen
+Copyright (c) 2007-2015 Christian Neukirchen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/HISTORY.md new/HISTORY.md
--- old/HISTORY.md 1970-01-01 01:00:00.000000000 +0100
+++ new/HISTORY.md 2015-05-06 20:37:07.000000000 +0200
@@ -0,0 +1,348 @@
+### December 18th, Thirty sixth public release 1.6.0
+ - TODO
+
+### February 7th, Thirty fifth public release 1.5.2
+ - Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
+ - Fix CVE-2013-0262, symlink path traversal in Rack::File
+ - Add various methods to Session for enhanced Rails compatibility
+ - Request#trusted_proxy? now only matches whole stirngs
+ - Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
+ - URLMap host matching in environments that don't set the Host header fixed
+ - Fix a race condition that could result in overwritten pidfiles
+ - Various documentation additions
+
+### February 7th, Thirty fifth public release 1.4.5
+ - Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
+ - Fix CVE-2013-0262, symlink path traversal in Rack::File
+
+### February 7th, Thirty fifth public release 1.1.6, 1.2.8, 1.3.10
+ - Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
+
+### January 28th, 2013: Thirty fourth public release 1.5.1
+ - Rack::Lint check_hijack now conforms to other parts of SPEC
+ - Added hash-like methods to Abstract::ID::SessionHash for compatibility
+ - Various documentation corrections
+
+### January 21st, 2013: Thirty third public release 1.5.0
+ - Introduced hijack SPEC, for before-response and after-response hijacking
+ - SessionHash is no longer a Hash subclass
+ - Rack::File cache_control parameter is removed, in place of headers options
+ - Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
+ - Rack::Utils cookie functions now format expires in RFC 2822 format
+ - Rack::File now has a default mime type
+ - rackup -b 'run Rack::File.new(".")', option provides command line configs
+ - Rack::Deflater will no longer double encode bodies
+ - Rack::Mime#match? provides convenience for Accept header matching
+ - Rack::Utils#q_values provides splitting for Accept headers
+ - Rack::Utils#best_q_match provides a helper for Accept headers
+ - Rack::Handler.pick provides convenience for finding available servers
+ - Puma added to the list of default servers (preferred over Webrick)
+ - Various middleware now correctly close body when replacing it
+ - Rack::Request#params is no longer persistent with only GET params
+ - Rack::Request#update_param and #delete_param provide persistent operations
+ - Rack::Request#trusted_proxy? now returns true for local unix sockets
+ - Rack::Response no longer forces Content-Types
+ - Rack::Sendfile provides local mapping configuration options
+ - Rack::Utils#rfc2109 provides old netscape style time output
+ - Updated HTTP status codes
+ - Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
+
+### January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
+ - [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
+ - Fixed erroneous test case in the 1.3.x series
+
+### January 7th, 2013: Thirty first public release 1.4.3
+ - Security: Prevent unbounded reads in large multipart boundaries
+
+### January 7th, 2013: Thirtieth public release 1.3.8
+ - Security: Prevent unbounded reads in large multipart boundaries
+
+### January 6th, 2013: Twenty ninth public release 1.4.2
+ - Add warnings when users do not provide a session secret
+ - Fix parsing performance for unquoted filenames
+ - Updated URI backports
+ - Fix URI backport version matching, and silence constant warnings
+ - Correct parameter parsing with empty values
+ - Correct rackup '-I' flag, to allow multiple uses
+ - Correct rackup pidfile handling
+ - Report rackup line numbers correctly
+ - Fix request loops caused by non-stale nonces with time limits
+ - Fix reloader on Windows
+ - Prevent infinite recursions from Response#to_ary
+ - Various middleware better conforms to the body close specification
+ - Updated language for the body close specification
+ - Additional notes regarding ECMA escape compatibility issues
+ - Fix the parsing of multiple ranges in range headers
+ - Prevent errors from empty parameter keys
+ - Added PATCH verb to Rack::Request
+ - Various documentation updates
+ - Fix session merge semantics (fixes rack-test)
+ - Rack::Static :index can now handle multiple directories
+ - All tests now utilize Rack::Lint (special thanks to Lars Gierth)
+ - Rack::File cache_control parameter is now deprecated, and removed by 1.5
+ - Correct Rack::Directory script name escaping
+ - Rack::Static supports header rules for sophisticated configurations
+ - Multipart parsing now works without a Content-Length header
+ - New logos courtesy of Zachary Scott!
+ - Rack::BodyProxy now explicitly defines #each, useful for C extensions
+ - Cookies that are not URI escaped no longer cause exceptions
+
+### January 6th, 2013: Twenty eighth public release 1.3.7
+ - Add warnings when users do not provide a session secret
+ - Fix parsing performance for unquoted filenames
+ - Updated URI backports
+ - Fix URI backport version matching, and silence constant warnings
+ - Correct parameter parsing with empty values
+ - Correct rackup '-I' flag, to allow multiple uses
+ - Correct rackup pidfile handling
+ - Report rackup line numbers correctly
+ - Fix request loops caused by non-stale nonces with time limits
+ - Fix reloader on Windows
+ - Prevent infinite recursions from Response#to_ary
+ - Various middleware better conforms to the body close specification
+ - Updated language for the body close specification
+ - Additional notes regarding ECMA escape compatibility issues
+ - Fix the parsing of multiple ranges in range headers
+
+### January 6th, 2013: Twenty seventh public release 1.2.6
+ - Add warnings when users do not provide a session secret
+ - Fix parsing performance for unquoted filenames
+
+### January 6th, 2013: Twenty sixth public release 1.1.4
+ - Add warnings when users do not provide a session secret
+
+### January 22nd, 2012: Twenty fifth public release 1.4.1
+ - Alter the keyspace limit calculations to reduce issues with nested params
+ - Add a workaround for multipart parsing where files contain unescaped "%"
+ - Added Rack::Response::Helpers#method_not_allowed? (code 405)
+ - Rack::File now returns 404 for illegal directory traversals
+ - Rack::File now returns 405 for illegal methods (non HEAD/GET)
+ - Rack::Cascade now catches 405 by default, as well as 404
+ - Cookies missing '--' no longer cause an exception to be raised
+ - Various style changes and documentation spelling errors
+ - Rack::BodyProxy always ensures to execute its block
+ - Additional test coverage around cookies and secrets
+ - Rack::Session::Cookie can now be supplied either secret or old_secret
+ - Tests are no longer dependent on set order
+ - Rack::Static no longer defaults to serving index files
+ - Rack.release was fixed
+
+### December 28th, 2011: Twenty fourth public release 1.4.0
+ - Ruby 1.8.6 support has officially been dropped. Not all tests pass.
+ - Raise sane error messages for broken config.ru
+ - Allow combining run and map in a config.ru
+ - Rack::ContentType will not set Content-Type for responses without a body
+ - Status code 205 does not send a response body
+ - Rack::Response::Helpers will not rely on instance variables
+ - Rack::Utils.build_query no longer outputs '=' for nil query values
+ - Various mime types added
+ - Rack::MockRequest now supports HEAD
+ - Rack::Directory now supports files that contain RFC3986 reserved chars
+ - Rack::File now only supports GET and HEAD requests
+ - Rack::Server#start now passes the block to Rack::Handler::<h>#run
+ - Rack::Static now supports an index option
+ - Added the Teapot status code
+ - rackup now defaults to Thin instead of Mongrel (if installed)
+ - Support added for HTTP_X_FORWARDED_SCHEME
+ - Numerous bug fixes, including many fixes for new and alternate rubies
+
+### December 28th, 2011: Twenty first public release: 1.1.3.
+ - Security fix. http://www.ocert.org/advisories/ocert-2011-003.html
+ Further information here: http://jruby.org/2011/12/27/jruby-1-6-5-1
+
+### October 17, 2011: Twentieth public release 1.3.5
+ - Fix annoying warnings caused by the backport in 1.3.4
+
+### October 1, 2011: Nineteenth public release 1.3.4
+ - Backport security fix from 1.9.3, also fixes some roundtrip issues in URI
+ - Small documentation update
+ - Fix an issue where BodyProxy could cause an infinite recursion
+ - Add some supporting files for travis-ci
+
+### September 16, 2011: Eighteenth public release 1.2.4
+ - Fix a bug with MRI regex engine to prevent XSS by malformed unicode
+
+### September 16, 2011: Seventeenth public release 1.3.3
+ - Fix bug with broken query parameters in Rack::ShowExceptions
+ - Rack::Request#cookies no longer swallows exceptions on broken input
+ - Prevents XSS attacks enabled by bug in Ruby 1.8's regexp engine
+ - Rack::ConditionalGet handles broken If-Modified-Since helpers
+
+### July 16, 2011: Sixteenth public release 1.3.2
+ - Fix for Rails and rack-test, Rack::Utils#escape calls to_s
+
+### July 13, 2011: Fifteenth public release 1.3.1
+ - Fix 1.9.1 support
+ - Fix JRuby support
+ - Properly handle $KCODE in Rack::Utils.escape
+ - Make method_missing/respond_to behavior consistent for Rack::Lock,
+ Rack::Auth::Digest::Request and Rack::Multipart::UploadedFile
+ - Reenable passing rack.session to session middleware
+ - Rack::CommonLogger handles streaming responses correctly
+ - Rack::MockResponse calls close on the body object
+ - Fix a DOS vector from MRI stdlib backport
+
+### May 22nd, 2011: Fourteenth public release 1.2.3
+ - Pulled in relevant bug fixes from 1.3
+ - Fixed 1.8.6 support
+
+### May 22nd, 2011: Thirteenth public release 1.3.0
+ - Various performance optimizations
+ - Various multipart fixes
+ - Various multipart refactors
+ - Infinite loop fix for multipart
+ - Test coverage for Rack::Server returns
+ - Allow files with '..', but not path components that are '..'
+ - rackup accepts handler-specific options on the command line
+ - Request#params no longer merges POST into GET (but returns the same)
+ - Use URI.encode_www_form_component instead. Use core methods for escaping.
+ - Allow multi-line comments in the config file
+ - Bug L#94 reported by Nikolai Lugovoi, query parameter unescaping.
+ - Rack::Response now deletes Content-Length when appropriate
+ - Rack::Deflater now supports streaming
+ - Improved Rack::Handler loading and searching
+ - Support for the PATCH verb
+ - env['rack.session.options'] now contains session options
+ - Cookies respect renew
+ - Session middleware uses SecureRandom.hex
+
+### March 13th, 2011: Twelfth public release 1.2.2/1.1.2.
+ - Security fix in Rack::Auth::Digest::MD5: when authenticator
+ returned nil, permission was granted on empty password.
+
+### June 15th, 2010: Eleventh public release 1.2.1.
+ - Make CGI handler rewindable
+ - Rename spec/ to test/ to not conflict with SPEC on lesser
+ operating systems
+
+### June 13th, 2010: Tenth public release 1.2.0.
+ - Removed Camping adapter: Camping 2.0 supports Rack as-is
+ - Removed parsing of quoted values
+ - Add Request.trace? and Request.options?
+ - Add mime-type for .webm and .htc
+ - Fix HTTP_X_FORWARDED_FOR
+ - Various multipart fixes
+ - Switch test suite to bacon
+
+### January 3rd, 2010: Ninth public release 1.1.0.
+ - Moved Auth::OpenID to rack-contrib.
+ - SPEC change that relaxes Lint slightly to allow subclasses of the
+ required types
+ - SPEC change to document rack.input binary mode in greator detail
+ - SPEC define optional rack.logger specification
+ - File servers support X-Cascade header
+ - Imported Config middleware
+ - Imported ETag middleware
+ - Imported Runtime middleware
+ - Imported Sendfile middleware
+ - New Logger and NullLogger middlewares
+ - Added mime type for .ogv and .manifest.
+ - Don't squeeze PATH_INFO slashes
+ - Use Content-Type to determine POST params parsing
+ - Update Rack::Utils::HTTP_STATUS_CODES hash
+ - Add status code lookup utility
+ - Response should call #to_i on the status
+ - Add Request#user_agent
+ - Request#host knows about forwared host
+ - Return an empty string for Request#host if HTTP_HOST and
+ SERVER_NAME are both missing
+ - Allow MockRequest to accept hash params
+ - Optimizations to HeaderHash
+ - Refactored rackup into Rack::Server
+ - Added Utils.build_nested_query to complement Utils.parse_nested_query
+ - Added Utils::Multipart.build_multipart to complement
+ Utils::Multipart.parse_multipart
+ - Extracted set and delete cookie helpers into Utils so they can be
+ used outside Response
+ - Extract parse_query and parse_multipart in Request so subclasses
+ can change their behavior
+ - Enforce binary encoding in RewindableInput
+ - Set correct external_encoding for handlers that don't use RewindableInput
+
+### October 18th, 2009: Eighth public release 1.0.1.
+ - Bump remainder of rack.versions.
+ - Support the pure Ruby FCGI implementation.
+ - Fix for form names containing "=": split first then unescape components
+ - Fixes the handling of the filename parameter with semicolons in names.
+ - Add anchor to nested params parsing regexp to prevent stack overflows
+ - Use more compatible gzip write api instead of "<<".
+ - Make sure that Reloader doesn't break when executed via ruby -e
+ - Make sure WEBrick respects the :Host option
+ - Many Ruby 1.9 fixes.
+
+### April 25th, 2009: Seventh public release 1.0.0.
+ - SPEC change: Rack::VERSION has been pushed to [1,0].
+ - SPEC change: header values must be Strings now, split on "\n".
+ - SPEC change: Content-Length can be missing, in this case chunked transfer
+ encoding is used.
+ - SPEC change: rack.input must be rewindable and support reading into
+ a buffer, wrap with Rack::RewindableInput if it isn't.
+ - SPEC change: rack.session is now specified.
+ - SPEC change: Bodies can now additionally respond to #to_path with
+ a filename to be served.
+ - NOTE: String bodies break in 1.9, use an Array consisting of a
+ single String instead.
+ - New middleware Rack::Lock.
+ - New middleware Rack::ContentType.
+ - Rack::Reloader has been rewritten.
+ - Major update to Rack::Auth::OpenID.
+ - Support for nested parameter parsing in Rack::Response.
+ - Support for redirects in Rack::Response.
+ - HttpOnly cookie support in Rack::Response.
+ - The Rakefile has been rewritten.
+ - Many bugfixes and small improvements.
+
+### January 9th, 2009: Sixth public release 0.9.1.
+ - Fix directory traversal exploits in Rack::File and Rack::Directory.
+
+### January 6th, 2009: Fifth public release 0.9.
+ - Rack is now managed by the Rack Core Team.
+ - Rack::Lint is stricter and follows the HTTP RFCs more closely.
+ - Added ConditionalGet middleware.
+ - Added ContentLength middleware.
+ - Added Deflater middleware.
+ - Added Head middleware.
+ - Added MethodOverride middleware.
+ - Rack::Mime now provides popular MIME-types and their extension.
+ - Mongrel Header now streams.
+ - Added Thin handler.
+ - Official support for swiftiplied Mongrel.
+ - Secure cookies.
+ - Made HeaderHash case-preserving.
+ - Many bugfixes and small improvements.
+
+### August 21st, 2008: Fourth public release 0.4.
+ - New middleware, Rack::Deflater, by Christoffer Sawicki.
+ - OpenID authentication now needs ruby-openid 2.
+ - New Memcache sessions, by blink.
+ - Explicit EventedMongrel handler, by Joshua Peek
+ - Rack::Reloader is not loaded in rackup development mode.
+ - rackup can daemonize with -D.
+ - Many bugfixes, especially for pool sessions, URLMap, thread safety
+ and tempfile handling.
+ - Improved tests.
+ - Rack moved to Git.
+
+### February 26th, 2008: Third public release 0.3.
+ - LiteSpeed handler, by Adrian Madrid.
+ - SCGI handler, by Jeremy Evans.
+ - Pool sessions, by blink.
+ - OpenID authentication, by blink.
+ - :Port and :File options for opening FastCGI sockets, by blink.
+ - Last-Modified HTTP header for Rack::File, by blink.
+ - Rack::Builder#use now accepts blocks, by Corey Jewett.
+ (See example/protectedlobster.ru)
+ - HTTP status 201 can contain a Content-Type and a body now.
+ - Many bugfixes, especially related to Cookie handling.
+
+### May 16th, 2007: Second public release 0.2.
+ - HTTP Basic authentication.
+ - Cookie Sessions.
+ - Static file handler.
+ - Improved Rack::Request.
+ - Improved Rack::Response.
+ - Added Rack::ShowStatus, for better default error messages.
+ - Bug fixes in the Camping adapter.
+ - Removed Rails adapter, was too alpha.
+
+### March 3rd, 2007: First public release 0.1.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.rdoc new/README.rdoc
--- old/README.rdoc 2014-12-18 23:39:06.000000000 +0100
+++ new/README.rdoc 2015-05-06 20:37:07.000000000 +0200
@@ -94,7 +94,7 @@
collects fresh Rack middleware. rack-contrib includes a variety of
add-on components for Rack and it is easy to contribute new modules.
-* http://github.com/rack/rack-contrib
+* https://github.com/rack/rack-contrib
== rackup
@@ -183,13 +183,11 @@
== Configuration
-Several parameters can be modified on `Rack::Utils` to configure Rack behaviour.
+Several parameters can be modified on Rack::Utils to configure Rack behaviour.
e.g:
-```ruby
-Rack::Utils.key_space_limit = 128
-```
+ Rack::Utils.key_space_limit = 128
=== key_space_limit
@@ -203,364 +201,20 @@
The maximum number of parts a request can contain.
Accepting too many part can lead to the server running out of file handles.
-The default is `128`, which mean that a single request can't upload more than 128 files at once.
+The default is 128, which means that a single request can't upload more than 128 files at once.
-Set to `0` for not limit.
+Set to 0 for no limit.
-Can also be set via the `RACK_MULTIPART_PART_LIMIT` environment variable.
+Can also be set via the RACK_MULTIPART_PART_LIMIT environment variable.
== History
-* March 3rd, 2007: First public release 0.1.
-
-* May 16th, 2007: Second public release 0.2.
- * HTTP Basic authentication.
- * Cookie Sessions.
- * Static file handler.
- * Improved Rack::Request.
- * Improved Rack::Response.
- * Added Rack::ShowStatus, for better default error messages.
- * Bug fixes in the Camping adapter.
- * Removed Rails adapter, was too alpha.
-
-* February 26th, 2008: Third public release 0.3.
- * LiteSpeed handler, by Adrian Madrid.
- * SCGI handler, by Jeremy Evans.
- * Pool sessions, by blink.
- * OpenID authentication, by blink.
- * :Port and :File options for opening FastCGI sockets, by blink.
- * Last-Modified HTTP header for Rack::File, by blink.
- * Rack::Builder#use now accepts blocks, by Corey Jewett.
- (See example/protectedlobster.ru)
- * HTTP status 201 can contain a Content-Type and a body now.
- * Many bugfixes, especially related to Cookie handling.
-
-* August 21st, 2008: Fourth public release 0.4.
- * New middleware, Rack::Deflater, by Christoffer Sawicki.
- * OpenID authentication now needs ruby-openid 2.
- * New Memcache sessions, by blink.
- * Explicit EventedMongrel handler, by Joshua Peek
- * Rack::Reloader is not loaded in rackup development mode.
- * rackup can daemonize with -D.
- * Many bugfixes, especially for pool sessions, URLMap, thread safety
- and tempfile handling.
- * Improved tests.
- * Rack moved to Git.
-
-* January 6th, 2009: Fifth public release 0.9.
- * Rack is now managed by the Rack Core Team.
- * Rack::Lint is stricter and follows the HTTP RFCs more closely.
- * Added ConditionalGet middleware.
- * Added ContentLength middleware.
- * Added Deflater middleware.
- * Added Head middleware.
- * Added MethodOverride middleware.
- * Rack::Mime now provides popular MIME-types and their extension.
- * Mongrel Header now streams.
- * Added Thin handler.
- * Official support for swiftiplied Mongrel.
- * Secure cookies.
- * Made HeaderHash case-preserving.
- * Many bugfixes and small improvements.
-
-* January 9th, 2009: Sixth public release 0.9.1.
- * Fix directory traversal exploits in Rack::File and Rack::Directory.
-
-* April 25th, 2009: Seventh public release 1.0.0.
- * SPEC change: Rack::VERSION has been pushed to [1,0].
- * SPEC change: header values must be Strings now, split on "\n".
- * SPEC change: Content-Length can be missing, in this case chunked transfer
- encoding is used.
- * SPEC change: rack.input must be rewindable and support reading into
- a buffer, wrap with Rack::RewindableInput if it isn't.
- * SPEC change: rack.session is now specified.
- * SPEC change: Bodies can now additionally respond to #to_path with
- a filename to be served.
- * NOTE: String bodies break in 1.9, use an Array consisting of a
- single String instead.
- * New middleware Rack::Lock.
- * New middleware Rack::ContentType.
- * Rack::Reloader has been rewritten.
- * Major update to Rack::Auth::OpenID.
- * Support for nested parameter parsing in Rack::Response.
- * Support for redirects in Rack::Response.
- * HttpOnly cookie support in Rack::Response.
- * The Rakefile has been rewritten.
- * Many bugfixes and small improvements.
-
-* October 18th, 2009: Eighth public release 1.0.1.
- * Bump remainder of rack.versions.
- * Support the pure Ruby FCGI implementation.
- * Fix for form names containing "=": split first then unescape components
- * Fixes the handling of the filename parameter with semicolons in names.
- * Add anchor to nested params parsing regexp to prevent stack overflows
- * Use more compatible gzip write api instead of "<<".
- * Make sure that Reloader doesn't break when executed via ruby -e
- * Make sure WEBrick respects the :Host option
- * Many Ruby 1.9 fixes.
-
-* January 3rd, 2010: Ninth public release 1.1.0.
- * Moved Auth::OpenID to rack-contrib.
- * SPEC change that relaxes Lint slightly to allow subclasses of the
- required types
- * SPEC change to document rack.input binary mode in greator detail
- * SPEC define optional rack.logger specification
- * File servers support X-Cascade header
- * Imported Config middleware
- * Imported ETag middleware
- * Imported Runtime middleware
- * Imported Sendfile middleware
- * New Logger and NullLogger middlewares
- * Added mime type for .ogv and .manifest.
- * Don't squeeze PATH_INFO slashes
- * Use Content-Type to determine POST params parsing
- * Update Rack::Utils::HTTP_STATUS_CODES hash
- * Add status code lookup utility
- * Response should call #to_i on the status
- * Add Request#user_agent
- * Request#host knows about forwared host
- * Return an empty string for Request#host if HTTP_HOST and
- SERVER_NAME are both missing
- * Allow MockRequest to accept hash params
- * Optimizations to HeaderHash
- * Refactored rackup into Rack::Server
- * Added Utils.build_nested_query to complement Utils.parse_nested_query
- * Added Utils::Multipart.build_multipart to complement
- Utils::Multipart.parse_multipart
- * Extracted set and delete cookie helpers into Utils so they can be
- used outside Response
- * Extract parse_query and parse_multipart in Request so subclasses
- can change their behavior
- * Enforce binary encoding in RewindableInput
- * Set correct external_encoding for handlers that don't use RewindableInput
-
-* June 13th, 2010: Tenth public release 1.2.0.
- * Removed Camping adapter: Camping 2.0 supports Rack as-is
- * Removed parsing of quoted values
- * Add Request.trace? and Request.options?
- * Add mime-type for .webm and .htc
- * Fix HTTP_X_FORWARDED_FOR
- * Various multipart fixes
- * Switch test suite to bacon
-
-* June 15th, 2010: Eleventh public release 1.2.1.
- * Make CGI handler rewindable
- * Rename spec/ to test/ to not conflict with SPEC on lesser
- operating systems
-
-* March 13th, 2011: Twelfth public release 1.2.2/1.1.2.
- * Security fix in Rack::Auth::Digest::MD5: when authenticator
- returned nil, permission was granted on empty password.
-
-* May 22nd, 2011: Thirteenth public release 1.3.0
- * Various performance optimizations
- * Various multipart fixes
- * Various multipart refactors
- * Infinite loop fix for multipart
- * Test coverage for Rack::Server returns
- * Allow files with '..', but not path components that are '..'
- * rackup accepts handler-specific options on the command line
- * Request#params no longer merges POST into GET (but returns the same)
- * Use URI.encode_www_form_component instead. Use core methods for escaping.
- * Allow multi-line comments in the config file
- * Bug L#94 reported by Nikolai Lugovoi, query parameter unescaping.
- * Rack::Response now deletes Content-Length when appropriate
- * Rack::Deflater now supports streaming
- * Improved Rack::Handler loading and searching
- * Support for the PATCH verb
- * env['rack.session.options'] now contains session options
- * Cookies respect renew
- * Session middleware uses SecureRandom.hex
-
-* May 22nd, 2011: Fourteenth public release 1.2.3
- * Pulled in relevant bug fixes from 1.3
- * Fixed 1.8.6 support
-
-* July 13, 2011: Fifteenth public release 1.3.1
- * Fix 1.9.1 support
- * Fix JRuby support
- * Properly handle $KCODE in Rack::Utils.escape
- * Make method_missing/respond_to behavior consistent for Rack::Lock,
- Rack::Auth::Digest::Request and Rack::Multipart::UploadedFile
- * Reenable passing rack.session to session middleware
- * Rack::CommonLogger handles streaming responses correctly
- * Rack::MockResponse calls close on the body object
- * Fix a DOS vector from MRI stdlib backport
-
-* July 16, 2011: Sixteenth public release 1.3.2
- * Fix for Rails and rack-test, Rack::Utils#escape calls to_s
-
-* September 16, 2011: Seventeenth public release 1.3.3
- * Fix bug with broken query parameters in Rack::ShowExceptions
- * Rack::Request#cookies no longer swallows exceptions on broken input
- * Prevents XSS attacks enabled by bug in Ruby 1.8's regexp engine
- * Rack::ConditionalGet handles broken If-Modified-Since helpers
-
-* September 16, 2011: Eighteenth public release 1.2.4
- * Fix a bug with MRI regex engine to prevent XSS by malformed unicode
-
-* October 1, 2011: Nineteenth public release 1.3.4
- * Backport security fix from 1.9.3, also fixes some roundtrip issues in URI
- * Small documentation update
- * Fix an issue where BodyProxy could cause an infinite recursion
- * Add some supporting files for travis-ci
-
-* October 17, 2011: Twentieth public release 1.3.5
- * Fix annoying warnings caused by the backport in 1.3.4
-
-* December 28th, 2011: Twenty first public release: 1.1.3.
- * Security fix. http://www.ocert.org/advisories/ocert-2011-003.html
- Further information here: http://jruby.org/2011/12/27/jruby-1-6-5-1
-
-* December 28th, 2011: Twenty fourth public release 1.4.0
- * Ruby 1.8.6 support has officially been dropped. Not all tests pass.
- * Raise sane error messages for broken config.ru
- * Allow combining run and map in a config.ru
- * Rack::ContentType will not set Content-Type for responses without a body
- * Status code 205 does not send a response body
- * Rack::Response::Helpers will not rely on instance variables
- * Rack::Utils.build_query no longer outputs '=' for nil query values
- * Various mime types added
- * Rack::MockRequest now supports HEAD
- * Rack::Directory now supports files that contain RFC3986 reserved chars
- * Rack::File now only supports GET and HEAD requests
- * Rack::Server#start now passes the block to Rack::Handler::<h>#run
- * Rack::Static now supports an index option
- * Added the Teapot status code
- * rackup now defaults to Thin instead of Mongrel (if installed)
- * Support added for HTTP_X_FORWARDED_SCHEME
- * Numerous bug fixes, including many fixes for new and alternate rubies
-
-* January 22nd, 2012: Twenty fifth public release 1.4.1
- * Alter the keyspace limit calculations to reduce issues with nested params
- * Add a workaround for multipart parsing where files contain unescaped "%"
- * Added Rack::Response::Helpers#method_not_allowed? (code 405)
- * Rack::File now returns 404 for illegal directory traversals
- * Rack::File now returns 405 for illegal methods (non HEAD/GET)
- * Rack::Cascade now catches 405 by default, as well as 404
- * Cookies missing '--' no longer cause an exception to be raised
- * Various style changes and documentation spelling errors
- * Rack::BodyProxy always ensures to execute its block
- * Additional test coverage around cookies and secrets
- * Rack::Session::Cookie can now be supplied either secret or old_secret
- * Tests are no longer dependent on set order
- * Rack::Static no longer defaults to serving index files
- * Rack.release was fixed
-
-* January 6th, 2013: Twenty sixth public release 1.1.4
- * Add warnings when users do not provide a session secret
-
-* January 6th, 2013: Twenty seventh public release 1.2.6
- * Add warnings when users do not provide a session secret
- * Fix parsing performance for unquoted filenames
-
-* January 6th, 2013: Twenty eighth public release 1.3.7
- * Add warnings when users do not provide a session secret
- * Fix parsing performance for unquoted filenames
- * Updated URI backports
- * Fix URI backport version matching, and silence constant warnings
- * Correct parameter parsing with empty values
- * Correct rackup '-I' flag, to allow multiple uses
- * Correct rackup pidfile handling
- * Report rackup line numbers correctly
- * Fix request loops caused by non-stale nonces with time limits
- * Fix reloader on Windows
- * Prevent infinite recursions from Response#to_ary
- * Various middleware better conforms to the body close specification
- * Updated language for the body close specification
- * Additional notes regarding ECMA escape compatibility issues
- * Fix the parsing of multiple ranges in range headers
-
-* January 6th, 2013: Twenty ninth public release 1.4.2
- * Add warnings when users do not provide a session secret
- * Fix parsing performance for unquoted filenames
- * Updated URI backports
- * Fix URI backport version matching, and silence constant warnings
- * Correct parameter parsing with empty values
- * Correct rackup '-I' flag, to allow multiple uses
- * Correct rackup pidfile handling
- * Report rackup line numbers correctly
- * Fix request loops caused by non-stale nonces with time limits
- * Fix reloader on Windows
- * Prevent infinite recursions from Response#to_ary
- * Various middleware better conforms to the body close specification
- * Updated language for the body close specification
- * Additional notes regarding ECMA escape compatibility issues
- * Fix the parsing of multiple ranges in range headers
- * Prevent errors from empty parameter keys
- * Added PATCH verb to Rack::Request
- * Various documentation updates
- * Fix session merge semantics (fixes rack-test)
- * Rack::Static :index can now handle multiple directories
- * All tests now utilize Rack::Lint (special thanks to Lars Gierth)
- * Rack::File cache_control parameter is now deprecated, and removed by 1.5
- * Correct Rack::Directory script name escaping
- * Rack::Static supports header rules for sophisticated configurations
- * Multipart parsing now works without a Content-Length header
- * New logos courtesy of Zachary Scott!
- * Rack::BodyProxy now explicitly defines #each, useful for C extensions
- * Cookies that are not URI escaped no longer cause exceptions
-
-* January 7th, 2013: Thirtieth public release 1.3.8
- * Security: Prevent unbounded reads in large multipart boundaries
-
-* January 7th, 2013: Thirty first public release 1.4.3
- * Security: Prevent unbounded reads in large multipart boundaries
-
-* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
- * [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
- * Fixed erroneous test case in the 1.3.x series
-
-* January 21st, 2013: Thirty third public release 1.5.0
- * Introduced hijack SPEC, for before-response and after-response hijacking
- * SessionHash is no longer a Hash subclass
- * Rack::File cache_control parameter is removed, in place of headers options
- * Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
- * Rack::Utils cookie functions now format expires in RFC 2822 format
- * Rack::File now has a default mime type
- * rackup -b 'run Rack::File.new(".")', option provides command line configs
- * Rack::Deflater will no longer double encode bodies
- * Rack::Mime#match? provides convenience for Accept header matching
- * Rack::Utils#q_values provides splitting for Accept headers
- * Rack::Utils#best_q_match provides a helper for Accept headers
- * Rack::Handler.pick provides convenience for finding available servers
- * Puma added to the list of default servers (preferred over Webrick)
- * Various middleware now correctly close body when replacing it
- * Rack::Request#params is no longer persistent with only GET params
- * Rack::Request#update_param and #delete_param provide persistent operations
- * Rack::Request#trusted_proxy? now returns true for local unix sockets
- * Rack::Response no longer forces Content-Types
- * Rack::Sendfile provides local mapping configuration options
- * Rack::Utils#rfc2109 provides old netscape style time output
- * Updated HTTP status codes
- * Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
-
-* January 28th, 2013: Thirty fourth public release 1.5.1
- * Rack::Lint check_hijack now conforms to other parts of SPEC
- * Added hash-like methods to Abstract::ID::SessionHash for compatibility
- * Various documentation corrections
-
-* February 7th, Thirty fifth public release 1.1.6, 1.2.8, 1.3.10
- * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
-
-* February 7th, Thirty fifth public release 1.4.5
- * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
- * Fix CVE-2013-0262, symlink path traversal in Rack::File
-
-* February 7th, Thirty fifth public release 1.5.2
- * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
- * Fix CVE-2013-0262, symlink path traversal in Rack::File
- * Add various methods to Session for enhanced Rails compatibility
- * Request#trusted_proxy? now only matches whole stirngs
- * Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
- * URLMap host matching in environments that don't set the Host header fixed
- * Fix a race condition that could result in overwritten pidfiles
- * Various documentation additions
+See https://github.com/rack/HISTORY.md.
== Contact
Please post bugs, suggestions and patches to
-the bug tracker at http://github.com/rack/rack/issues.
+the bug tracker at https://github.com/rack/rack/issues.
Please post security related bugs and suggestions to the core team at
https://groups.google.com/group/rack-core or rack-core@googlegroups.com. This
@@ -569,10 +223,10 @@
disclosure. Your assistance in this matter is greatly appreciated.
Mailing list archives are available at
-http://groups.google.com/group/rack-devel.
+https://groups.google.com/group/rack-devel.
Git repository (send Git patches to the mailing list):
-* http://github.com/rack/rack
+* https://github.com/rack/rack
* http://git.vuxu.org/cgi-bin/gitweb.cgi?p=rack-github.git
You are also welcome to join the #rack channel on irc.freenode.net.
@@ -649,9 +303,9 @@
== Links
Rack:: http://rack.github.io/
-Official Rack repositories:: http://github.com/rack
-Rack Bug Tracking:: http://github.com/rack/rack/issues
-rack-devel mailing list:: http://groups.google.com/group/rack-devel
+Official Rack repositories:: https://github.com/rack
+Rack Bug Tracking:: https://github.com/rack/rack/issues
+rack-devel mailing list:: https://groups.google.com/group/rack-devel
Rack's Rubyforge project:: http://rubyforge.org/projects/rack
Christian Neukirchen:: http://chneukirchen.org/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Rakefile new/Rakefile
--- old/Rakefile 2014-12-18 23:39:06.000000000 +0100
+++ new/Rakefile 2015-05-06 20:37:07.000000000 +0200
@@ -90,7 +90,7 @@
end
desc "Run all the tests we run on CI"
-task :ci => :test
+task :ci => :fulltest
desc "Run all the tests"
task :fulltest => %w[SPEC chmod] do
Files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/lint.rb new/lib/rack/lint.rb
--- old/lib/rack/lint.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/lib/rack/lint.rb 2015-05-06 20:37:07.000000000 +0200
@@ -639,7 +639,7 @@
assert("header must not contain Status") { key.downcase != "status" }
## The header must conform to RFC7230 token specification, i.e. cannot
## contain non-printable ASCII, DQUOTE or "(),/:;<=>?@[\]{}".
- assert("invalid header name: #{key}") { key !~ /[\(\),\/:;<=>\?@\[\\\]{}[[:cntrl:]]]/ }
+ assert("invalid header name: #{key}") { key !~ /[\(\),\/:;<=>\?@\[\\\]{}[:cntrl:]]/ }
## The values of the header must be Strings,
assert("a header value must be a String, but the value of " +
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/runtime.rb new/lib/rack/runtime.rb
--- old/lib/rack/runtime.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/lib/rack/runtime.rb 2015-05-06 20:37:07.000000000 +0200
@@ -14,9 +14,9 @@
FORMAT_STRING = "%0.6f"
def call(env)
- start_time = Time.now
+ start_time = clock_time
status, headers, body = @app.call(env)
- request_time = Time.now - start_time
+ request_time = clock_time - start_time
if !headers.has_key?(@header_name)
headers[@header_name] = FORMAT_STRING % request_time
@@ -24,5 +24,17 @@
[status, headers, body]
end
+
+ private
+
+ if defined?(Process::CLOCK_MONOTONIC)
+ def clock_time
+ Process.clock_gettime(Process::CLOCK_MONOTONIC)
+ end
+ else
+ def clock_time
+ Time.now.to_f
+ end
+ end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/server.rb new/lib/rack/server.rb
--- old/lib/rack/server.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/lib/rack/server.rb 2015-05-06 20:37:07.000000000 +0200
@@ -50,7 +50,7 @@
options[:server] = s
}
- opts.on("-o", "--host HOST", "listen on HOST (default: 0.0.0.0)") { |host|
+ opts.on("-o", "--host HOST", "listen on HOST (default: localhost)") { |host|
options[:Host] = host
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/utils/okjson.rb new/lib/rack/utils/okjson.rb
--- old/lib/rack/utils/okjson.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/lib/rack/utils/okjson.rb 2015-05-06 20:37:07.000000000 +0200
@@ -21,16 +21,14 @@
# THE SOFTWARE.
# See https://github.com/kr/okjson for updates.
-# Imported from the above repo @ d4e8643ad92e14b37d11326855499c7e4108ed17
-# Namespace modified for vendoring under Rack::Utils
require 'stringio'
# Some parts adapted from
-# http://golang.org/src/pkg/json/decode.go and
-# http://golang.org/src/pkg/utf8/utf8.go
+# https://golang.org/src/encoding/json/decode.go and
+# https://golang.org/src/unicode/utf8/utf8.go
module Rack::Utils::OkJson
- Upstream = 'LTD7LBKLZWFF7OZK'
+ Upstream = '43'
extend self
@@ -52,12 +50,49 @@
end
+ # Encodes x into a json text. It may contain only
+ # Array, Hash, String, Numeric, true, false, nil.
+ # (Note, this list excludes Symbol.)
+ # X itself must be an Array or a Hash.
+ # No other value can be encoded, and an error will
+ # be raised if x contains any other value, such as
+ # Nan, Infinity, Symbol, and Proc, or if a Hash key
+ # is not a String.
+ # Strings contained in x must be valid UTF-8.
+ def encode(x)
+ case x
+ when Hash then objenc(x)
+ when Array then arrenc(x)
+ else
+ raise Error, 'root value must be an Array or a Hash'
+ end
+ end
+
+
+ def valenc(x)
+ case x
+ when Hash then objenc(x)
+ when Array then arrenc(x)
+ when String then strenc(x)
+ when Numeric then numenc(x)
+ when true then "true"
+ when false then "false"
+ when nil then "null"
+ else
+ raise Error, "cannot encode #{x.class}: #{x.inspect}"
+ end
+ end
+
+
+private
+
+
# Parses a "json text" in the sense of RFC 4627.
# Returns the parsed value and any trailing tokens.
# Note: this is almost the same as valparse,
# except that it does not accept atomic values.
def textparse(ts)
- if ts.length < 0
+ if ts.length <= 0
raise Error, 'empty'
end
@@ -74,7 +109,7 @@
# Parses a "value" in the sense of RFC 4627.
# Returns the parsed value and any trailing tokens.
def valparse(ts)
- if ts.length < 0
+ if ts.length <= 0
raise Error, 'empty'
end
@@ -203,21 +238,19 @@
# it is the lexeme.
def tok(s)
case s[0]
- when ?{ then ['{', s[0,1], s[0,1]]
- when ?} then ['}', s[0,1], s[0,1]]
- when ?: then [':', s[0,1], s[0,1]]
- when ?, then [',', s[0,1], s[0,1]]
- when ?[ then ['[', s[0,1], s[0,1]]
- when ?] then [']', s[0,1], s[0,1]]
- when ?n then nulltok(s)
- when ?t then truetok(s)
- when ?f then falsetok(s)
- when ?" then strtok(s)
- when Spc then [:space, s[0,1], s[0,1]]
- when ?\t then [:space, s[0,1], s[0,1]]
- when ?\n then [:space, s[0,1], s[0,1]]
- when ?\r then [:space, s[0,1], s[0,1]]
- else numtok(s)
+ when ?{ then ['{', s[0,1], s[0,1]]
+ when ?} then ['}', s[0,1], s[0,1]]
+ when ?: then [':', s[0,1], s[0,1]]
+ when ?, then [',', s[0,1], s[0,1]]
+ when ?[ then ['[', s[0,1], s[0,1]]
+ when ?] then [']', s[0,1], s[0,1]]
+ when ?n then nulltok(s)
+ when ?t then truetok(s)
+ when ?f then falsetok(s)
+ when ?" then strtok(s)
+ when Spc, ?\t, ?\n, ?\r then [:space, s[0,1], s[0,1]]
+ else
+ numtok(s)
end
end
@@ -230,12 +263,12 @@
def numtok(s)
m = /-?([1-9][0-9]+|[0-9])([.][0-9]+)?([eE][+-]?[0-9]+)?/.match(s)
if m && m.begin(0) == 0
- if m[3] && !m[2]
- [:val, m[0], Integer(m[1])*(10**Integer(m[3][1..-1]))]
+ if !m[2] && !m[3]
+ [:val, m[0], Integer(m[0])]
elsif m[2]
[:val, m[0], Float(m[0])]
else
- [:val, m[0], Integer(m[0])]
+ [:val, m[0], Integer(m[1])*(10**m[3][1..-1].to_i(10))]
end
else
[]
@@ -267,17 +300,14 @@
def unquote(q)
q = q[1...-1]
a = q.dup # allocate a big enough string
- rubydoesenc = false
# In ruby >= 1.9, a[w] is a codepoint, not a byte.
- if a.class.method_defined?(:force_encoding)
+ if rubydoesenc?
a.force_encoding('UTF-8')
- rubydoesenc = true
end
r, w = 0, 0
while r < q.length
c = q[r]
- case true
- when c == ?\\
+ if c == ?\\
r += 1
if r >= q.length
raise Error, "string literal ends with a \"\\\": \"#{q}\""
@@ -310,7 +340,7 @@
end
end
end
- if rubydoesenc
+ if rubydoesenc?
a[w] = '' << uchar
w += 1
else
@@ -319,7 +349,7 @@
else
raise Error, "invalid escape char #{q[r]} in \"#{q}\""
end
- when c == ?", c < Spc
+ elsif c == ?" || c < Spc
raise Error, "invalid character in string literal \"#{q}\""
else
# Copy anything else byte-for-byte.
@@ -340,15 +370,14 @@
# bytes in string a at position i.
# Returns the number of bytes written.
def ucharenc(a, i, u)
- case true
- when u <= Uchar1max
+ if u <= Uchar1max
a[i] = (u & 0xff).chr
1
- when u <= Uchar2max
+ elsif u <= Uchar2max
a[i+0] = (Utag2 | ((u>>6)&0xff)).chr
a[i+1] = (Utagx | (u&Umaskx)).chr
2
- when u <= Uchar3max
+ elsif u <= Uchar3max
a[i+0] = (Utag3 | ((u>>12)&0xff)).chr
a[i+1] = (Utagx | ((u>>6)&Umaskx)).chr
a[i+2] = (Utagx | (u&Umaskx)).chr
@@ -385,50 +414,15 @@
def nibble(c)
- case true
- when ?0 <= c && c <= ?9 then c.ord - ?0.ord
- when ?a <= c && c <= ?z then c.ord - ?a.ord + 10
- when ?A <= c && c <= ?Z then c.ord - ?A.ord + 10
+ if ?0 <= c && c <= ?9 then c.ord - ?0.ord
+ elsif ?a <= c && c <= ?z then c.ord - ?a.ord + 10
+ elsif ?A <= c && c <= ?Z then c.ord - ?A.ord + 10
else
raise Error, "invalid hex code #{c}"
end
end
- # Encodes x into a json text. It may contain only
- # Array, Hash, String, Numeric, true, false, nil.
- # (Note, this list excludes Symbol.)
- # X itself must be an Array or a Hash.
- # No other value can be encoded, and an error will
- # be raised if x contains any other value, such as
- # Nan, Infinity, Symbol, and Proc, or if a Hash key
- # is not a String.
- # Strings contained in x must be valid UTF-8.
- def encode(x)
- case x
- when Hash then objenc(x)
- when Array then arrenc(x)
- else
- raise Error, 'root value must be an Array or a Hash'
- end
- end
-
-
- def valenc(x)
- case x
- when Hash then objenc(x)
- when Array then arrenc(x)
- when String then strenc(x)
- when Numeric then numenc(x)
- when true then "true"
- when false then "false"
- when nil then "null"
- else
- raise Error, "cannot encode #{x.class}: #{x.inspect}"
- end
- end
-
-
def objenc(x)
'{' + x.map{|k,v| keyenc(k) + ':' + valenc(v)}.join(',') + '}'
end
@@ -453,9 +447,6 @@
t.putc(?")
r = 0
- # In ruby >= 1.9, s[r] is a codepoint, not a byte.
- rubydoesenc = s.class.method_defined?(:encoding)
-
while r < s.length
case s[r]
when ?" then t.print('\\"')
@@ -467,15 +458,20 @@
when ?\t then t.print('\\t')
else
c = s[r]
- case true
- when rubydoesenc
+ # In ruby >= 1.9, s[r] is a codepoint, not a byte.
+ if rubydoesenc?
begin
- c.ord # will raise an error if c is invalid UTF-8
+ # c.ord will raise an error if c is invalid UTF-8
+ if c.ord < Spc.ord
+ c = "\\u%04x" % [c.ord]
+ end
t.write(c)
rescue
t.write(Ustrerr)
end
- when Spc <= c && c <= ?~
+ elsif c < Spc
+ t.write("\\u%04x" % c)
+ elsif Spc <= c && c <= ?~
t.putc(c)
else
n = ucharcopy(t, s, r) # ensure valid UTF-8 output
@@ -567,6 +563,11 @@
end
+ def rubydoesenc?
+ ::String.method_defined?(:force_encoding)
+ end
+
+
class Utf8Error < ::StandardError
end
@@ -575,15 +576,15 @@
end
- Utagx = 0x80 # 1000 0000
- Utag2 = 0xc0 # 1100 0000
- Utag3 = 0xe0 # 1110 0000
- Utag4 = 0xf0 # 1111 0000
- Utag5 = 0xF8 # 1111 1000
- Umaskx = 0x3f # 0011 1111
- Umask2 = 0x1f # 0001 1111
- Umask3 = 0x0f # 0000 1111
- Umask4 = 0x07 # 0000 0111
+ Utagx = 0b1000_0000
+ Utag2 = 0b1100_0000
+ Utag3 = 0b1110_0000
+ Utag4 = 0b1111_0000
+ Utag5 = 0b1111_1000
+ Umaskx = 0b0011_1111
+ Umask2 = 0b0001_1111
+ Umask3 = 0b0000_1111
+ Umask4 = 0b0000_0111
Uchar1max = (1<<7) - 1
Uchar2max = (1<<11) - 1
Uchar3max = (1<<16) - 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack/utils.rb new/lib/rack/utils.rb
--- old/lib/rack/utils.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/lib/rack/utils.rb 2015-05-06 20:37:07.000000000 +0200
@@ -71,7 +71,8 @@
# The maximum number of parts a request can contain. Accepting too many part
# can lead to the server running out of file handles.
# Set to `0` for no limit.
- self.multipart_part_limit = (ENV['RACK_MULTIPART_LIMIT'] || 128).to_i
+ # FIXME: RACK_MULTIPART_LIMIT was introduced by mistake and it will be removed in 1.7.0
+ self.multipart_part_limit = (ENV['RACK_MULTIPART_PART_LIMIT'] || ENV['RACK_MULTIPART_LIMIT'] || 128).to_i
# Stolen from Mongrel, with some small modifications:
# Parses a query string by breaking it up at the '&'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/rack.rb new/lib/rack.rb
--- old/lib/rack.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/lib/rack.rb 2015-05-06 20:37:07.000000000 +0200
@@ -20,7 +20,7 @@
# Return the Rack release as a dotted string.
def self.release
- "1.5"
+ "1.6.1"
end
PATH_INFO = 'PATH_INFO'.freeze
REQUEST_METHOD = 'REQUEST_METHOD'.freeze
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2014-12-18 23:39:06.000000000 +0100
+++ new/metadata 2015-05-06 20:37:07.000000000 +0200
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: rack
version: !ruby/object:Gem::Version
- version: 1.6.0
+ version: 1.6.1
platform: ruby
authors:
- Christian Neukirchen
autorequire:
bindir: bin
cert_chain: []
-date: 2014-12-18 00:00:00.000000000 Z
+date: 2015-05-06 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: bacon
@@ -53,8 +53,10 @@
extra_rdoc_files:
- README.rdoc
- KNOWN-ISSUES
+- HISTORY.md
files:
- COPYING
+- HISTORY.md
- KNOWN-ISSUES
- README.rdoc
- Rakefile
@@ -225,6 +227,7 @@
- test/spec_thin.rb
- test/spec_urlmap.rb
- test/spec_utils.rb
+- test/spec_version.rb
- test/spec_webrick.rb
- test/static/another/index.html
- test/static/index.html
@@ -251,7 +254,7 @@
version: '0'
requirements: []
rubyforge_project: rack
-rubygems_version: 2.4.5
+rubygems_version: 2.4.6
signing_key:
specification_version: 4
summary: a modular Ruby webserver interface
@@ -303,4 +306,6 @@
- test/spec_thin.rb
- test/spec_urlmap.rb
- test/spec_utils.rb
+- test/spec_version.rb
- test/spec_webrick.rb
+has_rdoc:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rack.gemspec new/rack.gemspec
--- old/rack.gemspec 2014-12-18 23:39:06.000000000 +0100
+++ new/rack.gemspec 2015-05-06 20:37:07.000000000 +0200
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = "rack"
- s.version = "1.6.0"
+ s.version = "1.6.1"
s.platform = Gem::Platform::RUBY
s.summary = "a modular Ruby webserver interface"
s.license = "MIT"
@@ -20,7 +20,7 @@
s.bindir = 'bin'
s.executables << 'rackup'
s.require_path = 'lib'
- s.extra_rdoc_files = ['README.rdoc', 'KNOWN-ISSUES']
+ s.extra_rdoc_files = ['README.rdoc', 'KNOWN-ISSUES', 'HISTORY.md']
s.test_files = Dir['test/spec_*.rb']
s.author = 'Christian Neukirchen'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/spec_cgi.rb new/test/spec_cgi.rb
--- old/test/spec_cgi.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/test/spec_cgi.rb 2015-05-06 20:37:07.000000000 +0200
@@ -43,7 +43,7 @@
should "have rack headers" do
GET("/test")
- response["rack.version"].should.equal([1,2])
+ response["rack.version"].should.equal([1,3])
response["rack.multithread"].should.be.false
response["rack.multiprocess"].should.be.true
response["rack.run_once"].should.be.true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/spec_fastcgi.rb new/test/spec_fastcgi.rb
--- old/test/spec_fastcgi.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/test/spec_fastcgi.rb 2015-05-06 20:37:07.000000000 +0200
@@ -48,7 +48,7 @@
should "have rack headers" do
GET("/test.fcgi")
- response["rack.version"].should.equal [1,2]
+ response["rack.version"].should.equal [1,3]
response["rack.multithread"].should.be.false
response["rack.multiprocess"].should.be.true
response["rack.run_once"].should.be.false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/spec_mongrel.rb new/test/spec_mongrel.rb
--- old/test/spec_mongrel.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/test/spec_mongrel.rb 2015-05-06 20:37:07.000000000 +0200
@@ -36,7 +36,7 @@
should "have rack headers" do
GET("/test")
- response["rack.version"].should.equal [1,2]
+ response["rack.version"].should.equal [1,3]
response["rack.multithread"].should.be.true
response["rack.multiprocess"].should.be.false
response["rack.run_once"].should.be.false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/spec_version.rb new/test/spec_version.rb
--- old/test/spec_version.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/test/spec_version.rb 2015-05-06 20:37:07.000000000 +0200
@@ -0,0 +1,17 @@
+# -*- encoding: utf-8 -*-
+require 'rack'
+
+describe Rack do
+ describe 'version' do
+ it 'defaults to a hard-coded api version' do
+ Rack.version.should.equal("1.3")
+ end
+ end
+ describe 'release' do
+ it 'matches version in .gemspec' do
+ gemspec_path = File.join(File.dirname(File.expand_path(__FILE__)), '../rack.gemspec')
+ gemspec = Gem::Specification.load(gemspec_path)
+ Rack.release.split('.').take(2).should.equal gemspec.version.to_s.split('.').take(2)
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/spec_webrick.rb new/test/spec_webrick.rb
--- old/test/spec_webrick.rb 2014-12-18 23:39:06.000000000 +0100
+++ new/test/spec_webrick.rb 2015-05-06 20:37:07.000000000 +0200
@@ -33,7 +33,7 @@
should "have rack headers" do
GET("/test")
- response["rack.version"].should.equal [1,2]
+ response["rack.version"].should.equal [1,3]
response["rack.multithread"].should.be.true
response["rack.multiprocess"].should.be.false
response["rack.run_once"].should.be.false