Package: ruby-rack / 1.6.4-5~bpo9+1

Metadata

Package Version Patches format
ruby-rack 1.6.4-5~bpo9+1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 Fix Params_Depth.patch | (download)

test/spec_utils.rb | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 raise an exception if the parameters are too deep

CVE-2015-3225

Conflicts:
	lib/rack/utils.rb
	test/spec_utils.rb

0002 Support multipart filename with in the name.patch | (download)

lib/rack/directory.rb | 6 3 + 3 - 0 !
lib/rack/file.rb | 2 1 + 1 - 0 !
lib/rack/multipart/parser.rb | 2 1 + 1 - 0 !
lib/rack/utils.rb | 11 10 + 1 - 0 !
test/spec_directory.rb | 4 2 + 2 - 0 !
5 files changed, 17 insertions(+), 8 deletions(-)

 support multipart filename with + in the name

Use Utils.unescape_path in Rack::Multipart::Parser.get_name
in order to not translate + to space in the filename, since
filenames with + are valid.

This patch was based on these upstream commits (with some extra
modifications):

https://github.com/rack/rack/commit/568cf7294d3c8abb84825514e91cf98c58a5e503
https://github.com/rack/rack/commit/978eb9b9935d388ca8cc45fe31c870b9bc0aaab2