-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-a062204588 2020-01-26 00:52:36.993417 --------------------------------------------------------------------------------
Name : rubygem-rack Product : Fedora EPEL 7 Version : 1.6.12 Release : 1.el7 URL : http://rack.github.io/ Summary : Common API for connecting web frameworks, web servers and layers of software Description : Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
-------------------------------------------------------------------------------- Update Information:
Update to Rack 1.6.12 as Security fix for CVE-2019-16782 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jan 9 2020 Gerd Pokorra gp@zimt.uni-siegen.de - 1:1.6.12-1 - Update to Rack 1.6.12 as Security fix for CVE-2019-16782 - Remove the two test files spec_session_memcache.rb and spec_session_pool.rb * Wed Jan 20 2016 Greg Hellings greg.hellings@gmail.com - 1:1.6.4-2 - Ported to EPEL7 * Fri Jul 31 2015 Sourav Moitra sourav.moitr@gmail.com - 1:1.6.4-1 - Update to Rack 1.6.4 * Wed Jun 17 2015 V��t Ondruch vondruch@redhat.com - 1:1.6.2-1 - Update to Rack 1.6.2. * Tue Jun 2 2015 Steve Traylen jstribny@redhat.com - 1:1.6.1-1 - Update to 1.6.1 * Mon Feb 9 2015 Josef Stribny jstribny@redhat.com - 1:1.6.0-1 - Update to 1.6.0 * Thu Sep 25 2014 Steve Traylen steve.traylen@cern.ch - 1:1.5.2-4 - Add enable_check flag and disable check for .el7. - Rely on autorequires and autoprovides. * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:1.5.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed Feb 5 2014 Josef Stribny jstribny@redhat.com - 1:1.5.2-2 - Fix licensing - Add virtual provide for bundled okjson * Wed Jul 24 2013 Josef Stribny jstribny@redhat.com - 1:1.5.2-1 - Update to rack 1.5.2 * Fri Mar 1 2013 V��t Ondruch vondruch@redhat.com - 1:1.4.5-3 - Enable thin test suite. * Mon Feb 25 2013 V��t Ondruch vondruch@redhat.com - 1:1.4.5-2 - Rebuild for https://fedoraproject.org/wiki/Features/Ruby_2.0.0 * Fri Feb 8 2013 Josef Stribny jstribny@redhat.com - 1:1.4.5-1 - Update to Rack 1.4.5. * Tue Jan 15 2013 V��t Ondruch vondruch@redhat.com - 1:1.4.4-1 - Update to Rack 1.4.4. * Thu Nov 1 2012 V��t Ondruch vondruch@redhat.com - 1:1.4.1-2 - Fixed epoch in -doc sub-package. * Mon Oct 29 2012 V��t Ondruch vondruch@redhat.com - 1:1.4.1-1 - Update to Rack 1.4.1. - Documentation moved into subpackage. * Sat Jul 21 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1:1.4.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jan 24 2012 Bohuslav Kabrda bkabrda@redhat.com - 1:1.4.0-2 - Rebuilt for Ruby 1.9.3. * Thu Jan 5 2012 Bohuslav Kabrda bkabrda@redhat.com - 1:1.4.0-1 - Update to Rack 1.4. - Moved gem install to %prep to be able to apply patches. - Applied two patches that fix test failures with Ruby 1.8.7-p357. * Tue Jun 28 2011 V��t Ondruch vondruch@redhat.com - 1:1.3.0-1 - Updated to Rack 1.3. - Fixed FTBFS. * Wed Feb 9 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Mar 11 2010 Mamoru Tasaka mtasaka@ioa.s.u-tokyo.ac.jp - 1:1.1.0-2 - Epoch 1 for keeping upgrade path from F-12 (related to bug 552972) - Enable %check * Mon Jan 4 2010 Jeroen van Meeuwen kanarip@kanarip.com - 1.1.0-1 - New upstream version * Sun Oct 25 2009 Jeroen van Meeuwen kanarip@kanarip.com - 1.0.1-1 - New upstream version * Sun Jul 26 2009 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sun Apr 26 2009 Jeroen van Meeuwen kanarip@fedoraproject.org - 1.0.0-1 - New upstream version * Mon Mar 16 2009 Jeroen van Meeuwen j.van.meeuwen@ogd.nl - 0.9.1-1 - New upstream version * Wed Feb 25 2009 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.4.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Sun Nov 9 2008 Jeroen van Meeuwen j.van.meeuwen@ogd.nl - 0.4.0-2 - Remove unused macro (#470694) - Add ruby(abi) = 1.8 as required by package guidelines (#470694) - Move %{gem_dir}/bin/rackup to %{_bindir} (#470694) * Sat Nov 8 2008 Jeroen van Meeuwen j.van.meeuwen@ogd.nl - 0.4.0-1 - Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id https://bugzilla.redhat.com/show_bug.cgi?id=1789100 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update rubygem-rack' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
epel-package-announce@lists.fedoraproject.org