[DRE-maint] Bug#655896: Rails depends on the wrong version of librack-ruby, which leads to a loss of data in redmine.
Satoru KURASHIKI
lurdan at gmail.com
Sat Apr 13 21:58:59 UTC 2013
hi,
> So, reassigning to rack, I guess this simple small fix can go
> via stable updates.
>
> O.
>
> 2012/1/15 Jérémy Lal <jerry at edagames.com>:
> > Hi,
> > https://github.com/chneukirchen/rack/commit/6fa19e3a268c
> >
> > is a simple patch that fixes the issue, and is probably
> > the cause of the 1.1.1 release...
I've prepared this small patch for librack-ruby-1.1.0-4.
It's assumed to be applied after fixing pending security bugs. (#698440,
#700226)
debdiff as follows:
--
diff -u librack-ruby-1.1.0/debian/changelog
librack-ruby-1.1.0/debian/changelog
--- librack-ruby-1.1.0/debian/changelog
+++ librack-ruby-1.1.0/debian/changelog
@@ -1,3 +1,10 @@
+librack-ruby (1.1.0-4.1+squeeze2) stable; urgency=medium
+
+ * Non Maintainer Upload.
+ * Remove parsing of quoted values. (Closes: 655896)
+
+ -- KURASHIKI Satoru <lurdan at gmail.com> Sat, 13 Apr 2013 20:35:25 +0000
+
librack-ruby (1.1.0-4.1+squeeze1) stable-security; urgency=high
* Non Maintainer Upload.
only in patch2:
unchanged:
---
librack-ruby-1.1.0.orig/debian/patches/0003-Remove-parsing-of-quoted-values.patch
+++
librack-ruby-1.1.0/debian/patches/0003-Remove-parsing-of-quoted-values.patch
@@ -0,0 +1,42 @@
+--- a/lib/rack/utils.rb 2013-04-13 20:25:45.005940347 +0000
++++ b/lib/rack/utils.rb 2013-04-13 20:26:21.696277220 +0000
+@@ -38,9 +38,6 @@
+
+ (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p|
+ k, v = p.split('=', 2).map { |x| unescape(x) }
+- if v =~ /^("|')(.*)\1$/
+- v = $2.gsub('\\'+$1, $1)
+- end
+ if cur = params[k]
+ if cur.class == Array
+ params[k] << v
+@@ -69,9 +66,6 @@
+ module_function :parse_nested_query
+
+ def normalize_params(params, name, v = nil)
+- if v and v =~ /^("|')(.*)\1$/
+- v = $2.gsub('\\'+$1, $1)
+- end
+ name =~ %r(\A[\[\]]*([^\[\]]+)\]*)
+ k = $1 || ''
+ after = $' || ''
+--- a/test/spec_rack_utils.rb 2013-04-13 20:27:41.540708117 +0000
++++ b/test/spec_rack_utils.rb 2013-04-13 20:28:39.332709491 +0000
+@@ -33,7 +33,7 @@
+ Rack::Utils.parse_query("foo=bar").
+ should.equal "foo" => "bar"
+ Rack::Utils.parse_query("foo=\"bar\"").
+- should.equal "foo" => "bar"
++ should.equal "foo" => "\"bar\""
+ Rack::Utils.parse_query("foo=bar&foo=quux").
+ should.equal "foo" => ["bar", "quux"]
+ Rack::Utils.parse_query("foo=1&bar=2").
+@@ -51,7 +51,7 @@
+ Rack::Utils.parse_nested_query("foo=bar").
+ should.equal "foo" => "bar"
+ Rack::Utils.parse_nested_query("foo=\"bar\"").
+- should.equal "foo" => "bar"
++ should.equal "foo" => "\"bar\""
+
+ Rack::Utils.parse_nested_query("foo=bar&foo=quux").
+ should.equal "foo" => "quux"
regards,
--
KURASHIKI Satoru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20130414/1775f46a/attachment.html>
More information about the Pkg-ruby-extras-maintainers
mailing list