CVS commit: pkgsrc/www/ruby-rack

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/ruby-rack
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Wed, 1 Apr 2026 14:30:17 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Wed Apr  1 14:30:17 UTC 2026

Modified Files:
        pkgsrc/www/ruby-rack: Makefile distinfo

Log Message:
www/ruby-rack: update to 3.2.6

3.2.6 (2026-04-01)

Security

* CVE-2026-34763 Root directory disclosure via unescaped regex interpolation
  in Rack::Directory.

* CVE-2026-34230 Avoid O(n^2) algorithm in Rack::Utils.select_best_encoding
  which could lead to denial of service.

* CVE-2026-32762 Forwarded header semicolon injection enables Host and
  Scheme spoofing.

* CVE-2026-26961 Raise error for multipart requests with multiple boundary
  parameters.

* CVE-2026-34786 Rack::Static header_rules bypass via URL-encoded path mismatch.

* CVE-2026-34831 Content-Length mismatch in Rack::Files error responses.

* CVE-2026-34826 Multipart byte range processing allows denial of service
  via excessive overlapping ranges.

* CVE-2026-34835 Rack::Request accepts invalid Host characters, enabling
  host allowlist bypass.

* CVE-2026-34830 Rack::Sendfile header-based X-Accel-Mapping regex injection
  enables unauthorized X-Accel-Redirect.

* CVE-2026-34785 Rack::Static prefix matching can expose unintended files
  under the static root.

* CVE-2026-34829 Multipart parsing without Content-Length header allows
  unbounded chunked file uploads.

* CVE-2026-34827 Quadratic-time multipart header parsing allows denial of
  service via escape-heavy quoted parameters.

* CVE-2026-26962 Improper unfolding of folded multipart headers preserves
  CRLF in parsed parameter values.


To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 pkgsrc/www/ruby-rack/Makefile
cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/ruby-rack/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/ruby-rack/Makefile
diff -u pkgsrc/www/ruby-rack/Makefile:1.56 pkgsrc/www/ruby-rack/Makefile:1.57
--- pkgsrc/www/ruby-rack/Makefile:1.56  Mon Feb 16 14:43:49 2026
+++ pkgsrc/www/ruby-rack/Makefile       Wed Apr  1 14:30:17 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.56 2026/02/16 14:43:49 taca Exp $
+# $NetBSD: Makefile,v 1.57 2026/04/01 14:30:17 taca Exp $
 
-DISTNAME=      rack-3.2.5
+DISTNAME=      rack-3.2.6
 CATEGORIES=    www
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost

Index: pkgsrc/www/ruby-rack/distinfo
diff -u pkgsrc/www/ruby-rack/distinfo:1.54 pkgsrc/www/ruby-rack/distinfo:1.55
--- pkgsrc/www/ruby-rack/distinfo:1.54  Mon Feb 16 14:43:49 2026
+++ pkgsrc/www/ruby-rack/distinfo       Wed Apr  1 14:30:17 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.54 2026/02/16 14:43:49 taca Exp $
+$NetBSD: distinfo,v 1.55 2026/04/01 14:30:17 taca Exp $
 
-BLAKE2s (rack-3.2.5.gem) = 2e36e40a865c7c65a1de64d76cc2c7b75c7f7cfd79be4b943f1ff329e9f63dcf
-SHA512 (rack-3.2.5.gem) = f425f526d7261f7d9f0c144840b9c4efe568ee6e44603e702f82843bcda176df1546437507bb6495995e204500457df41a12e4cf97425e7a14f35a3ce1248572
-Size (rack-3.2.5.gem) = 119296 bytes
+BLAKE2s (rack-3.2.6.gem) = e20eda72b432f8366adb7f0f8b77949788d991075adfaa57adc75ef90a174387
+SHA512 (rack-3.2.6.gem) = 61d6f880dd4bd7078da1135f905a0aedb63837996b8cd80f770d5a6270d1bbd63f3e2189aca65fd06000840d1c8700dd8568f1a16e29061fbde6f52e258cc7ee
+Size (rack-3.2.6.gem) = 121344 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index