rack 1.5.0.beta.1 → 1.5.0.beta.2

data/README.rdoc

@@ -478,11 +478,21 @@ run on port 11211) and memcache-client installed.
 * January 7th, 2013: Thirty first public release 1.4.3
   * Security: Prevent unbounded reads in large multipart boundaries
 
+* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
+  * [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
+  * Fixed erroneous test case in the 1.3.x series
+
 == Contact
 
 Please post bugs, suggestions and patches to
 the bug tracker at <http://github.com/rack/rack/issues>.
 
+Please post security related bugs and suggestions to the core team at
+<https://groups.google.com/group/rack-core> or rack-core@googlegroups.com. This
+list is not public. Due to wide usage of the library, it is strongly preferred
+that we manage timing in order to provide viable patches at the time of
+disclosure. Your assistance in this matter is greatly appreciated.
+
 Mailing list archives are available at
 <http://groups.google.com/group/rack-devel>.
 

data/Rakefile

@@ -85,7 +85,7 @@ task :test => 'SPEC' do
   specopts = ENV['TESTOPTS'] ||
     "-q -t '^(?!Rack::Adapter|Rack::Session::Memcache|Rack::Server|Rack::Handler)'"
 
-  sh "bacon -I./lib:./test #{opts} #{specopts}"
+  sh "bacon -w -I./lib:./test #{opts} #{specopts}"
 end
 
 desc "Run all the tests we run on CI"

data/lib/rack/auth/abstract/request.rb

@@ -21,7 +21,7 @@ module Rack
       end
 
       def scheme
-        @scheme ||= parts.first.downcase.to_sym
+        @scheme ||= parts.first.downcase
       end
 
       def params

data/lib/rack/auth/basic.rb

@@ -41,7 +41,7 @@ module Rack
 
       class Request < Auth::AbstractRequest
         def basic?
-          !parts.first.nil? && :basic == scheme
+          !parts.first.nil? && "basic" == scheme
         end
 
         def credentials

data/lib/rack/auth/digest/request.rb

@@ -11,7 +11,7 @@ module Rack
         end
 
         def digest?
-          :digest == scheme
+          "digest" == scheme
         end
 
         def correct_uri?

data/rack.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name            = "rack"
-  s.version         = "1.5.0.beta.1"
+  s.version         = "1.5.0.beta.2"
   s.platform        = Gem::Platform::RUBY
   s.summary         = "a modular Ruby webserver interface"
 

data/test/spec_mime.rb

@@ -4,47 +4,47 @@ describe Rack::Mime do
 
   it "should return the fallback mime-type for files with no extension" do
     fallback = 'image/jpg'
-    Rack::Mime.mime_type(File.extname('no_ext'), fallback).should == fallback
+    Rack::Mime.mime_type(File.extname('no_ext'), fallback).should.equal fallback
   end
 
   it "should always return 'application/octet-stream' for unknown file extensions" do
     unknown_ext = File.extname('unknown_ext.abcdefg')
-    Rack::Mime.mime_type(unknown_ext).should == 'application/octet-stream'
+    Rack::Mime.mime_type(unknown_ext).should.equal 'application/octet-stream'
   end
 
   it "should return the mime-type for a given extension" do
     # sanity check. it would be infeasible test every single mime-type.
-    Rack::Mime.mime_type(File.extname('image.jpg')).should == 'image/jpeg'
+    Rack::Mime.mime_type(File.extname('image.jpg')).should.equal 'image/jpeg'
   end
 
   it "should support null fallbacks" do
-    Rack::Mime.mime_type('.nothing', nil).should == nil
+    Rack::Mime.mime_type('.nothing', nil).should.equal nil
   end
 
   it "should match exact mimes" do
-    Rack::Mime.match?('text/html', 'text/html').should == true
-    Rack::Mime.match?('text/html', 'text/meme').should == false
-    Rack::Mime.match?('text', 'text').should == true
-    Rack::Mime.match?('text', 'binary').should == false
+    Rack::Mime.match?('text/html', 'text/html').should.equal true
+    Rack::Mime.match?('text/html', 'text/meme').should.equal false
+    Rack::Mime.match?('text', 'text').should.equal true
+    Rack::Mime.match?('text', 'binary').should.equal false
   end
 
   it "should match class wildcard mimes" do
-    Rack::Mime.match?('text/html', 'text/*').should == true
-    Rack::Mime.match?('text/plain', 'text/*').should == true
-    Rack::Mime.match?('application/json', 'text/*').should == false
-    Rack::Mime.match?('text/html', 'text').should == true
+    Rack::Mime.match?('text/html', 'text/*').should.equal true
+    Rack::Mime.match?('text/plain', 'text/*').should.equal true
+    Rack::Mime.match?('application/json', 'text/*').should.equal false
+    Rack::Mime.match?('text/html', 'text').should.equal true
   end
 
   it "should match full wildcards" do
-    Rack::Mime.match?('text/html', '*').should == true
-    Rack::Mime.match?('text/plain', '*').should == true
-    Rack::Mime.match?('text/html', '*/*').should == true
-    Rack::Mime.match?('text/plain', '*/*').should == true
+    Rack::Mime.match?('text/html', '*').should.equal true
+    Rack::Mime.match?('text/plain', '*').should.equal true
+    Rack::Mime.match?('text/html', '*/*').should.equal true
+    Rack::Mime.match?('text/plain', '*/*').should.equal true
   end
 
   it "should match type wildcard mimes" do
-    Rack::Mime.match?('text/html', '*/html').should == true
-    Rack::Mime.match?('text/plain', '*/plain').should == true
+    Rack::Mime.match?('text/html', '*/html').should.equal true
+    Rack::Mime.match?('text/plain', '*/plain').should.equal true
   end
 
 end

data/test/spec_response.rb

@@ -290,19 +290,19 @@ describe Rack::Response do
     res.status = 204
     _, _, b = res.finish
     res.body.should.be.closed
-    b.should.not == res.body
+    b.should.not.equal res.body
 
     res.body = StringIO.new
     res.status = 205
     _, _, b = res.finish
     res.body.should.be.closed
-    b.should.not == res.body
+    b.should.not.equal res.body
 
     res.body = StringIO.new
     res.status = 304
     _, _, b = res.finish
     res.body.should.be.closed
-    b.should.not == res.body
+    b.should.not.equal res.body
   end
 
   it "wraps the body from #to_ary to prevent infinite loops" do

data/test/spec_server.rb

@@ -19,12 +19,12 @@ describe Rack::Server do
 
   it "overrides :config if :app is passed in" do
     server = Rack::Server.new(:app => "FOO")
-    server.app.should == "FOO"
+    server.app.should.equal "FOO"
   end
 
   should "prefer to use :builder when it is passed in" do
     server = Rack::Server.new(:builder => "run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['success']] }")
-    server.app.class.should == Proc
+    server.app.class.should.equal Proc
     Rack::MockRequest.new(server.app).get("/").body.to_s.should.equal 'success'
   end
 

data/test/spec_utils.rb

@@ -282,17 +282,17 @@ describe Rack::Utils do
   end
 
   should "select best quality match" do
-    Rack::Utils.best_q_match("text/html", %w[text/html]).should == "text/html"
+    Rack::Utils.best_q_match("text/html", %w[text/html]).should.equal "text/html"
 
     # More specific matches are preferred
-    Rack::Utils.best_q_match("text/*;q=0.5,text/html;q=1.0", %w[text/html]).should == "text/html"
+    Rack::Utils.best_q_match("text/*;q=0.5,text/html;q=1.0", %w[text/html]).should.equal "text/html"
 
     # Higher quality matches are preferred
-    Rack::Utils.best_q_match("text/*;q=0.5,text/plain;q=1.0", %w[text/plain text/html]).should == "text/plain"
+    Rack::Utils.best_q_match("text/*;q=0.5,text/plain;q=1.0", %w[text/plain text/html]).should.equal "text/plain"
 
     # All else equal, the available mimes are preferred in order
-    Rack::Utils.best_q_match("text/*", %w[text/html text/plain]).should == "text/html"
-    Rack::Utils.best_q_match("text/plain,text/html", %w[text/html text/plain]).should == "text/html"
+    Rack::Utils.best_q_match("text/*", %w[text/html text/plain]).should.equal "text/html"
+    Rack::Utils.best_q_match("text/plain,text/html", %w[text/html text/plain]).should.equal "text/html"
   end
 
   should "escape html entities [&><'\"/]" do

metadata

@@ -1,70 +1,70 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: rack
-version: !ruby/object:Gem::Version
-  version: 1.5.0.beta.1
+version: !ruby/object:Gem::Version 
+  hash: 2837564799
   prerelease: 6
+  segments: 
+  - 1
+  - 5
+  - 0
+  - beta
+  - 2
+  version: 1.5.0.beta.2
 platform: ruby
-authors:
+authors: 
 - Christian Neukirchen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-01-11 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+
+date: 2013-01-13 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
   name: bacon
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
   type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rake
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-description: ! 'Rack provides a minimal, modular and adaptable interface for developing
-
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id002
+description: |
+  Rack provides a minimal, modular and adaptable interface for developing
   web applications in Ruby.  By wrapping HTTP requests and responses in
-
   the simplest way possible, it unifies and distills the API for web
-
   servers, web frameworks, and software in between (the so-called
-
   middleware) into a single method call.
-
-
+  
   Also see http://rack.github.com/.
 
-'
 email: chneukirchen@gmail.com
-executables:
+executables: 
 - rackup
 extensions: []
-extra_rdoc_files:
+
+extra_rdoc_files: 
 - README.rdoc
 - KNOWN-ISSUES
-files:
+files: 
 - bin/rackup
 - contrib/rack.png
 - contrib/rack.svg
@@ -239,29 +239,40 @@ files:
 - SPEC
 homepage: http://rack.github.com/
 licenses: []
+
 post_install_message: 
 rdoc_options: []
-require_paths:
+
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>'
-    - !ruby/object:Gem::Version
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      hash: 25
+      segments: 
+      - 1
+      - 3
+      - 1
       version: 1.3.1
 requirements: []
+
 rubyforge_project: rack
-rubygems_version: 1.8.23
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: a modular Ruby webserver interface
-test_files:
+test_files: 
 - test/spec_auth_basic.rb
 - test/spec_auth_digest.rb
 - test/spec_body_proxy.rb
@@ -309,3 +320,4 @@ test_files:
 - test/spec_urlmap.rb
 - test/spec_utils.rb
 - test/spec_webrick.rb
+has_rdoc: