rack 1.2.1 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- data/README +4 -0
- data/lib/rack/auth/digest/md5.rb +2 -1
- data/rack.gemspec +1 -1
- data/test/spec_auth_digest.rb +6 -0
- metadata +21 -4
data/README
CHANGED
|
@@ -313,6 +313,10 @@ run on port 11211) and memcache-client installed.
|
|
|
313
313
|
* Rename spec/ to test/ to not conflict with SPEC on lesser
|
|
314
314
|
operating systems
|
|
315
315
|
|
|
316
|
+
* March 13th, 2011: Twelfth public release 1.2.2/1.1.1.
|
|
317
|
+
* Security fix in Rack::Auth::Digest::MD5: when authenticator
|
|
318
|
+
returned nil, permission was granted on empty password.
|
|
319
|
+
|
|
316
320
|
== Contact
|
|
317
321
|
|
|
318
322
|
Please post bugs, suggestions and patches to
|
data/lib/rack/auth/digest/md5.rb
CHANGED
data/rack.gemspec
CHANGED
data/test/spec_auth_digest.rb
CHANGED
|
@@ -148,6 +148,12 @@ describe Rack::Auth::Digest::MD5 do
|
|
|
148
148
|
end
|
|
149
149
|
end
|
|
150
150
|
|
|
151
|
+
should 'rechallenge if incorrect user and blank password given' do
|
|
152
|
+
request_with_digest_auth 'GET', '/', 'Bob', '' do |response|
|
|
153
|
+
assert_digest_auth_challenge response
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
|
|
151
157
|
should 'rechallenge with stale parameter if nonce is stale' do
|
|
152
158
|
begin
|
|
153
159
|
Rack::Auth::Digest::Nonce.time_limit = 1
|
metadata
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
+
hash: 27
|
|
4
5
|
prerelease: false
|
|
5
6
|
segments:
|
|
6
7
|
- 1
|
|
7
8
|
- 2
|
|
8
|
-
-
|
|
9
|
-
version: 1.2.
|
|
9
|
+
- 2
|
|
10
|
+
version: 1.2.2
|
|
10
11
|
platform: ruby
|
|
11
12
|
authors:
|
|
12
13
|
- Christian Neukirchen
|
|
@@ -14,16 +15,18 @@ autorequire:
|
|
|
14
15
|
bindir: bin
|
|
15
16
|
cert_chain: []
|
|
16
17
|
|
|
17
|
-
date:
|
|
18
|
+
date: 2011-03-13 00:00:00 +01:00
|
|
18
19
|
default_executable:
|
|
19
20
|
dependencies:
|
|
20
21
|
- !ruby/object:Gem::Dependency
|
|
21
22
|
name: bacon
|
|
22
23
|
prerelease: false
|
|
23
24
|
requirement: &id001 !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
24
26
|
requirements:
|
|
25
27
|
- - ">="
|
|
26
28
|
- !ruby/object:Gem::Version
|
|
29
|
+
hash: 3
|
|
27
30
|
segments:
|
|
28
31
|
- 0
|
|
29
32
|
version: "0"
|
|
@@ -33,9 +36,11 @@ dependencies:
|
|
|
33
36
|
name: rake
|
|
34
37
|
prerelease: false
|
|
35
38
|
requirement: &id002 !ruby/object:Gem::Requirement
|
|
39
|
+
none: false
|
|
36
40
|
requirements:
|
|
37
41
|
- - ">="
|
|
38
42
|
- !ruby/object:Gem::Version
|
|
43
|
+
hash: 3
|
|
39
44
|
segments:
|
|
40
45
|
- 0
|
|
41
46
|
version: "0"
|
|
@@ -45,9 +50,11 @@ dependencies:
|
|
|
45
50
|
name: fcgi
|
|
46
51
|
prerelease: false
|
|
47
52
|
requirement: &id003 !ruby/object:Gem::Requirement
|
|
53
|
+
none: false
|
|
48
54
|
requirements:
|
|
49
55
|
- - ">="
|
|
50
56
|
- !ruby/object:Gem::Version
|
|
57
|
+
hash: 3
|
|
51
58
|
segments:
|
|
52
59
|
- 0
|
|
53
60
|
version: "0"
|
|
@@ -57,9 +64,11 @@ dependencies:
|
|
|
57
64
|
name: memcache-client
|
|
58
65
|
prerelease: false
|
|
59
66
|
requirement: &id004 !ruby/object:Gem::Requirement
|
|
67
|
+
none: false
|
|
60
68
|
requirements:
|
|
61
69
|
- - ">="
|
|
62
70
|
- !ruby/object:Gem::Version
|
|
71
|
+
hash: 3
|
|
63
72
|
segments:
|
|
64
73
|
- 0
|
|
65
74
|
version: "0"
|
|
@@ -69,9 +78,11 @@ dependencies:
|
|
|
69
78
|
name: mongrel
|
|
70
79
|
prerelease: false
|
|
71
80
|
requirement: &id005 !ruby/object:Gem::Requirement
|
|
81
|
+
none: false
|
|
72
82
|
requirements:
|
|
73
83
|
- - ">="
|
|
74
84
|
- !ruby/object:Gem::Version
|
|
85
|
+
hash: 3
|
|
75
86
|
segments:
|
|
76
87
|
- 0
|
|
77
88
|
version: "0"
|
|
@@ -81,9 +92,11 @@ dependencies:
|
|
|
81
92
|
name: thin
|
|
82
93
|
prerelease: false
|
|
83
94
|
requirement: &id006 !ruby/object:Gem::Requirement
|
|
95
|
+
none: false
|
|
84
96
|
requirements:
|
|
85
97
|
- - ">="
|
|
86
98
|
- !ruby/object:Gem::Version
|
|
99
|
+
hash: 3
|
|
87
100
|
segments:
|
|
88
101
|
- 0
|
|
89
102
|
version: "0"
|
|
@@ -251,23 +264,27 @@ rdoc_options: []
|
|
|
251
264
|
require_paths:
|
|
252
265
|
- lib
|
|
253
266
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
267
|
+
none: false
|
|
254
268
|
requirements:
|
|
255
269
|
- - ">="
|
|
256
270
|
- !ruby/object:Gem::Version
|
|
271
|
+
hash: 3
|
|
257
272
|
segments:
|
|
258
273
|
- 0
|
|
259
274
|
version: "0"
|
|
260
275
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
276
|
+
none: false
|
|
261
277
|
requirements:
|
|
262
278
|
- - ">="
|
|
263
279
|
- !ruby/object:Gem::Version
|
|
280
|
+
hash: 3
|
|
264
281
|
segments:
|
|
265
282
|
- 0
|
|
266
283
|
version: "0"
|
|
267
284
|
requirements: []
|
|
268
285
|
|
|
269
286
|
rubyforge_project: rack
|
|
270
|
-
rubygems_version: 1.3.
|
|
287
|
+
rubygems_version: 1.3.7
|
|
271
288
|
signing_key:
|
|
272
289
|
specification_version: 3
|
|
273
290
|
summary: a modular Ruby webserver interface
|