Ubuntu
ruby-rack package

Change log for ruby-rack package in Ubuntu

146 of 46 results FirstPreviousNextLast
Published in mantic-updates
Published in mantic-security 
ruby-rack (2.2.4-3ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: DoS in Multipart MIME parsing code
    - debian/patches/CVE-2023-27530.patch: limit all multipart parts, not
      just files in README.rdoc, lib/rack/multipart/parser.rb,
      lib/rack/utils.rb, test/spec_multipart.rb, test/spec_request.rb.
    - CVE-2023-27530
  * SECURITY UPDATE: DoS via crafted content type headers
    - debian/patches/CVE-2024-25126.patch: avoid 2nd degree polynomial
      regexp in MediaType in lib/rack/media_type.rb.
    - CVE-2024-25126

 -- Marc Deslauriers <email address hidden>  Fri, 14 Jun 2024 13:20:04 -0400
Published in noble-updates
Published in noble-security 
ruby-rack (2.2.7-1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted content type headers
    - debian/patches/CVE-2024-25126.patch: avoid 2nd degree polynomial
      regexp in MediaType in lib/rack/media_type.rb.
    - CVE-2024-25126
  * SECURITY UPDATE: DoS via crafted Range headers
    - debian/patches/CVE-2024-26141.patch: return an empty array when
      ranges are too large in lib/rack/utils.rb, test/spec_utils.rb.
    - CVE-2024-26141
  * SECURITY UPDATE: Dos via crafted headers
    - debian/patches/CVE-2024-26146.patch: fix ReDoS in header parsing in
      lib/rack/utils.rb.
    - CVE-2024-26146

 -- Marc Deslauriers <email address hidden>  Fri, 14 Jun 2024 13:15:36 -0400
Published in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular) 
ruby-rack (2.2.7-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * CVE-2024-25126: ReDoS in Content Type header parsing
  * CVE-2024-26141: Reject Range headers which are too large
  * CVE-2024-26146: ReDoS in Accept header parsing
  * Closes: #1064516

 -- Adrian Bunk <email address hidden>  Thu, 02 May 2024 22:55:26 +0300

Available diffs

Superseded in mantic-updates
Superseded in mantic-security 
ruby-rack (2.2.4-3ubuntu0.1) mantic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-27539.patch: avoid ReDos
      in lib/rack/request.rb.
    - CVE-2023-27539
  * SECURITY UPDATE: Denial of service
    - debian/parches/CVE-2024-26141.patch: return an empty array
      when ranges are too large in lib/rack/utils.rb.
    - CVE-2024-26141
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-26146.patch: Fixing ReDoS in header parsing
      in lib/rack/utils.rb.
    - CVE-2024-26146

 -- Leonidas Da Silva Barbosa <email address hidden>  Tue, 05 Mar 2024 13:42:47 -0300
Superseded in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
ruby-rack (2.2.7-1) unstable; urgency=medium

  * Team Upload
  * New upstream version 2.2.7

 -- Pirate Praveen <email address hidden>  Mon, 10 Jul 2023 20:02:41 +0530

Available diffs

Deleted in mantic-proposed (Reason: Synced from experimental, ecosystem not yet ready and blo...) 
ruby-rack (3.0.8-1) experimental; urgency=medium

  * New upstream release.
  * Declare compliance with Debian Policy 4.6.2
  * d/p/skip-random-failure.patch: removed, it does not seem to be failing
    anymore.

 -- Lucas Kanashiro <email address hidden>  Mon, 26 Jun 2023 17:35:11 -0300
Superseded in mantic-proposed 
ruby-rack (3.0.0-1ubuntu1) mantic; urgency=medium

  * debian/patches/Remove-leading-dot-to-fix-compatibility-with-latest-
    cgi-gem.patch: compatibility with ruby CGI >= 0.3.5.
    Closes: #1030442, LP: #2023576.

 -- Steve Langasek <email address hidden>  Mon, 12 Jun 2023 11:33:36 -0700
Superseded in noble-release
Published in mantic-release
Published in lunar-release
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
ruby-rack (2.2.4-3) unstable; urgency=high

  * Team upload
  * Fix test failures (Closes:  #1030442)
  * Fix CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 (Closes:  #1029832)
  * Add Breaks for ruby-sinatra

 -- Sruthi Chandran <email address hidden>  Thu, 09 Feb 2023 11:47:17 +0100

Available diffs

Superseded in mantic-proposed 
ruby-rack (3.0.0-1) experimental; urgency=medium

  * New upstream release.
  * d/p/0002-Make-tests-pass-on-hosts-that-have-no-ipv4-connectiv.patch:
    delete patch applied by upstream.
  * Refresh patches.
  * d/ruby-rack.docs: install README.md instead of README.rdoc.
  * d/control: add myself to the Uploaders list.
  * Do not install rackup manpage anymore. Remove:
    - d/rackup.1
    - d/ruby-rack.manpages
  * d/control: recommend ruby-rack-session and ruby-rackup.
  * d/t/control: add ruby-rackup as a test dependency of smoke-test.
  * d/t/smoke-test: content-type key needs to be in lowercase.
  * Do not depend on thin to run tests during build and autopkgtest time.

 -- Lucas Kanashiro <email address hidden>  Wed, 09 Nov 2022 17:26:10 -0300
Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
ruby-rack (2.2.4-2) unstable; urgency=medium

  * Team Upload
  * eliminate lintian warning: ruby-interpreter-is-deprecated
  * eliminate lintian warning: update-debian-copyright

 -- HIGUCHI Daisuke (VDR dai) <email address hidden>  Tue, 09 Aug 2022 11:57:23 +0900
Superseded in kinetic-proposed 
ruby-rack (2.2.4-1) unstable; urgency=medium

  * Team Upload
  * New upstream version 2.2.4 (Fixes: CVE-2022-30122, CVE-2022-30123)
  * Bump Standards-Version to 4.6.1 (no changes needed)

 -- Pirate Praveen <email address hidden>  Fri, 01 Jul 2022 11:59:23 +0530

Available diffs

Superseded in kinetic-proposed 
ruby-rack (2.2.3-4) unstable; urgency=medium

  * Add ruby-webrick as an explicit dependency.
    - it's not embedded as of ruby3.0. (:

 -- Utkarsh Gupta <email address hidden>  Mon, 24 Jan 2022 18:45:39 +0530
Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
ruby-rack (2.1.4-5ubuntu1) jammy; urgency=medium

  * Add ruby-webrick as an explicit dependency.
    - it's not embedded as of ruby3.0. (:

 -- Utkarsh Gupta <email address hidden>  Mon, 24 Jan 2022 18:59:02 +0530
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
ruby-rack (2.1.4-5) unstable; urgency=medium

  * Team upload
  * Switch to gem-install layout for bundle --local compatibility

 -- Pirate Praveen <email address hidden>  Mon, 24 Jan 2022 00:48:23 +0530

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
ruby-rack (2.1.4-4) unstable; urgency=medium

  * Team upload

  [ Debian Janitor ]
  * Remove constraints unnecessary since buster

  [ Cédric Boutillier ]
  * Build-depend on ruby-webrick (Closes: #996353)
  * Bump debhelper compatibility level to 13
  * Bump Standards-Version to 4.6.0 (no changes needed)

 -- Cédric Boutillier <email address hidden>  Wed, 17 Nov 2021 11:49:13 +0100

Available diffs

Obsolete in groovy-updates
Obsolete in groovy-security 
ruby-rack (2.1.1-5ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184

 -- Eduardo Barretto <email address hidden>  Thu, 01 Apr 2021 16:20:01 +0200
Published in focal-updates
Published in focal-security 
ruby-rack (2.0.7-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
      Dir[glob] to prevent user-specified glob metacharacters.
    - CVE-2020-8161
  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184

 -- Eduardo Barretto <email address hidden>  Thu, 01 Apr 2021 16:04:45 +0200
Published in xenial-updates
Published in xenial-security 
ruby-rack (1.6.4-3ubuntu0.2) xenial-security; urgency=medium

  * Merge patches from Debian.
  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
      Dir[glob] to prevent user-specified glob metacharacters.
    - CVE-2020-8161
  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184

 -- Eduardo Barretto <email address hidden>  Thu, 01 Apr 2021 12:43:47 +0200
Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
ruby-rack (2.1.4-3) unstable; urgency=medium

  * Team upload.
  * Fix tests when run on ipv6-only hosts (Closes: #979432)

 -- Antonio Terceiro <email address hidden>  Sat, 27 Feb 2021 09:30:57 -0300

Available diffs

Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
ruby-rack (2.1.4-2) unstable; urgency=medium

  * Revert "Drop all patches"
    - Rack::Builder::parse_file#test_0006_strips
      leading unicode byte order mark when present still
      fails in i386 and stuff. Meh, I'll take a look later.

 -- Utkarsh Gupta <email address hidden>  Sun, 03 Jan 2021 17:49:29 +0530

Available diffs

Superseded in hirsute-proposed 
ruby-rack (2.1.1-6) unstable; urgency=medium

  [ Cédric Boutillier ]
  * [ci skip] Update team name
  * [ci skip] Add .gitattributes to keep unwanted files out
    of the source package

  [ Debian Janitor ]
  * Apply multi-arch hints. + ruby-rack: Add :all qualifier
    for ruby dependency.

  [ Utkarsh Gupta ]
  * When parsing cookies, only decode the values.
    Patch utils to fix cookie parsing. (Fixes: CVE-2020-8184)
    (Closes: #963477)

 -- Utkarsh Gupta <email address hidden>  Sat, 02 Jan 2021 17:42:02 +0530
Published in bionic-updates
Published in bionic-security 
ruby-rack (1.6.4-4ubuntu0.2) bionic-security; urgency=medium

  * Merge patches from Debian.
  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2020-8161.patch: Use Dir.entries instead of
      Dir[glob] to prevent user-specified glob metacharacters.
    - CVE-2020-8161
  * SECURITY UPDATE: Cookie forgery.
    - debian/patches/CVE-2020-8184.patch: When parsing cookies, only
      decode the values.
    - CVE-2020-8184

 -- Eduardo Barretto <email address hidden>  Wed, 30 Sep 2020 12:08:48 -0300
Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
ruby-rack (2.1.1-5) unstable; urgency=medium

  * Add patch to use Dir.entries instead of Dir[glob] to prevent
    user-specified glob metacharacters (Fixes: CVE-2020-8161)

 -- Utkarsh Gupta <email address hidden>  Thu, 21 May 2020 17:06:27 +0530

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
ruby-rack (2.1.1-4) unstable; urgency=medium

  * Remove ruby-minitest-global-expectations from Depends
  * Add ruby-minitest-global-expectations for tests

 -- Utkarsh Gupta <email address hidden>  Fri, 10 Apr 2020 18:37:00 +0530

Available diffs

Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
ruby-rack (2.0.7-2) unstable; urgency=medium

  * Team upload
  * Re-upload to unstable
  * Add salsa-ci.yml
  * Bump Standards-Version to 4.4.0
  * Bump debhelper-compat to 12

 -- Utkarsh Gupta <email address hidden>  Tue, 03 Sep 2019 00:22:18 +0530

Available diffs

Superseded in bionic-updates
Superseded in bionic-security 
ruby-rack (1.6.4-4ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Crafted requests can impact the data returned by the scheme
    method on Rack::Request leading to an XSS attack.
    - debian/patches/CVE-2018-16471.patch: whitelist http/https schemes.
    - CVE-2018-16471

 -- Eduardo Barretto <email address hidden>  Tue, 06 Aug 2019 11:20:40 -0300
Superseded in xenial-updates
Superseded in xenial-security 
ruby-rack (1.6.4-3ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Crafted requests can impact the data returned by the scheme
    method on Rack::Request leading to an XSS attack.
    - debian/patches/CVE-2018-16471.patch: whitelist http/https schemes.
    - CVE-2018-16471

 -- Eduardo Barretto <email address hidden>  Tue, 06 Aug 2019 11:38:00 -0300
Superseded in focal-release
Obsolete in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release) 
ruby-rack (2.0.6-3) unstable; urgency=medium

  * Team upload.
  * add Breaks: ruby-sinatra (<< 2), as ruby-sinatra 1.x does not work with
    ruby-rack 2.

 -- Antonio Terceiro <email address hidden>  Fri, 11 Jan 2019 10:11:26 -0300

Available diffs

Superseded in disco-proposed 
ruby-rack (2.0.6-2) unstable; urgency=medium

  * Team upload
  * Re-upload to unstable 

 -- Sruthi Chandran <email address hidden>  Thu, 03 Jan 2019 21:42:53 +0530

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release) 
ruby-rack (1.6.4-6) unstable; urgency=medium

  * CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious
    request could impact the HTTP/HTTPS scheme returned to the underlying
    application. (Closes: #913005)
  * Drop trailing whitespace in debian/changelog.
  * debian/control:
    - Add myself to Uploaders.
    - wrap-and-sort -sa.
  * Use HTTPS URI in debian/copyright.

 -- Chris Lamb <email address hidden>  Wed, 21 Nov 2018 10:44:19 +0100

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release) 
ruby-rack (1.6.4-5) unstable; urgency=medium

  * Team upload.
  * Update patch due gbp pq workflow
  * Add patch to support multipart filename with + in the name
  * Bump debhelper compatibility level to 11
  * Declare compliance with Debian Policy 4.2.1
  * Remove unnecessary Testsuite field
  * Update VCS urls to point to salsa
  * Use gemwatch.debian.net to track new upstream releases

 -- Lucas Kanashiro <email address hidden>  Thu, 13 Sep 2018 09:15:51 -0300

Available diffs

Superseded in disco-release
Obsolete in cosmic-release
Published in bionic-release
Obsolete in artful-release
Obsolete in zesty-release
Obsolete in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
ruby-rack (1.6.4-4) unstable; urgency=medium

  * Team upload.

  [ Cédric Boutillier ]
  * Use https:// in Vcs-* fields
  * Run wrap-and-sort on packaging files

  [ Christian Hofstaedtler ]
  * Remove uninstallable ruby-memcache-client from test dependencies
  * Bump Standards-Version to 3.9.8

 -- Christian Hofstaedtler <email address hidden>  Wed, 13 Jul 2016 01:59:31 +0200

Available diffs

Superseded in yakkety-release
Published in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
ruby-rack (1.6.4-3) unstable; urgency=medium

  * Team upload
  * Bump compat. version to 9
  * Update Debian packaging using dh-make-ruby
  * d/control:
      Update Vcs-* fields (switch to cgit and https everywhere)
      Bump Standards-Version to 3.9.7 (no changes)
      Move to ruby-dalli (memcache-client is deprecated)
        ROM for ruby-memcache-client
        https://github.com/rack/rack/issues/1025
      Remove librack-ruby* relations (those packages are long gone)

 -- Sebastien Badia <email address hidden>  Thu, 03 Mar 2016 16:24:53 -0300

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
ruby-rack (1.6.4-2) unstable; urgency=medium

  * Upload to unstable

 -- Antonio Terceiro <email address hidden>  Sat, 12 Dec 2015 16:08:31 -0200

Available diffs

Obsolete in vivid-updates
Obsolete in vivid-security 
ruby-rack (1.5.2-3+deb8u1build0.15.04.1) vivid-security; urgency=medium

  * fake sync from Debian
Superseded in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release) 
ruby-rack (1.5.2-4) unstable; urgency=medium

  * Add patch: Fix upstream Issue 631
    - uninitialized constant Rack::Response::BodyProxy
  * Create cherry-picked patch for Security Fix (Closes: #789311)
    - CVE-2015-3225: 1-4-deep_params.patch

 -- Youhei SASAKI <email address hidden>  Wed, 29 Jul 2015 17:32:29 +0900

Available diffs

Superseded in wily-release
Obsolete in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
ruby-rack (1.5.2-3) unstable; urgency=medium


  * add myself to Uploaders:
  * debian/ruby-tests.rake: run all tests instead of a subset of them
  * debian/tests/control: add a gem2deb-test-runner test

 -- Antonio Terceiro <email address hidden>  Fri, 17 Oct 2014 09:41:28 -0300

Available diffs

Superseded in vivid-release
Obsolete in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
ruby-rack (1.5.2-2) unstable; urgency=medium


  * Team upload.
  * Rebuild with recent gem2deb to make package visible to Rubygems on all
    Ruby interpreters
  * Drop transitional packages
  * Add autopkgtest smoke test

 -- Antonio Terceiro <email address hidden>  Thu, 24 Jul 2014 19:24:55 -0300
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
ruby-rack (1.5.2-1build1) utopic; urgency=medium

  * No-change rebuild to update the Ruby-Version attribute.
 -- Matthias Klose <email address hidden>   Wed, 30 Apr 2014 12:04:53 +0000
Superseded in utopic-release
Published in trusty-release
Obsolete in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
ruby-rack (1.5.2-1) unstable; urgency=low


  * Team upload.

  [ Cédric Boutillier ]
  * debian/control: remove obsolete DM-Upload-Allowed flag
  * use canonical URI in Vcs-* fields

  [ Christian Hofstaedtler ]
  * New upstream release.
  * Removed all patches, already applied upstream.

 -- Christian Hofstaedtler <email address hidden>  Mon, 03 Jun 2013 15:56:09 +0200

Available diffs

Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
ruby-rack (1.4.1-2.1) unstable; urgency=high


  [ KURASHIKI Satoru ]
  * Non-maintainer upload.
  * Create cherry-picked patches for Security Fix (Closes: #700173 #700226).
    - CVE-2013-0262: 0004-Prevent-symlink-path-traversals.patch
    - CVE-2013-0263: 0005-Use-secure_compare-for-hmac-comparison.patch

  [ Youhei SASAKI ]
  * Create cherry-picked patches for Security Fix (Closes: #698440).
    - CVE-2012-6109: 0001-Fix-parsing-performance-for-unquoted-filenames.patch
    - CVE-2013-0183: 0002-multipart-parser-avoid-unbounded-gets-method.patch
    - CVE-2013-0184: 0003-Reimplement-auth-scheme-fix.patch

 -- KURASHIKI Satoru <email address hidden>  Wed, 20 Feb 2013 20:56:31 +0900

Available diffs

Superseded in saucy-release
Obsolete in raring-release
Obsolete in quantal-release 
ruby-rack (1.4.1-2) unstable; urgency=low


  * Bump build dependency on gem2deb to >= 0.3.0~

 -- Antonio Terceiro <email address hidden>  Mon, 25 Jun 2012 15:07:51 -0300

Available diffs

Superseded in quantal-release 
ruby-rack (1.4.1-1) unstable; urgency=low


  * New Upstream version 1.4.1
  * Bump standard version: 3.9.3
  * Add Build-Depends: rake, bacon, ruby-memcache-client, thin
  * Add d/s/local-options: Update patch handling
  * Update ruby-tests.rb to ruby-tests.rake: running full test

 -- Youhei SASAKI <email address hidden>  Wed, 07 Mar 2012 01:00:16 +0900

Available diffs

Superseded in quantal-release 
ruby-rack (1.4.0-1) unstable; urgency=low


  * New upstream release (closes: #653963).

 -- Paul van Tilburg <email address hidden>  Tue, 03 Jan 2012 22:39:13 +0100

Available diffs

Superseded in quantal-release
Published in precise-release 
ruby-rack (1.3.5-1) unstable; urgency=low

  * New upstream release.
  * Fix my email address.
  * Fix priority of transitional packages.
  * TESTS ARE DISABLED: many dependencies required for tests are not
    packaged yet.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  03 Jan 2012 02:35:42 +0000

Available diffs

Superseded in precise-release 
ruby-rack (1.3.1-1) unstable; urgency=low

  * New upstream release: 1.3.1
  * Bump Standard version: 3.9.2
  * Add me to Uploaders
  * Add ruby-bacon to Build-Depends
  * Add manpage for rackup Closes: #606910
    - Thanks to Glido Fiorito <email address hidden>
146 of 46 results FirstPreviousNextLast