Subject: CVS commit: pkgsrc/www/ruby-rack
From: Takahiro Kambe
Date: 2023-01-19 15:18:26
Message id: 20230119141827.08636FA90@cvs.NetBSD.org
Log Message:
www/ruby-rack: update to 3.0.4.1

3.0.4 (2023-01-17)

* Rack::Request#POST should consistently raise errors.  Cache errors that
  occur when invoking Rack::Request#POST so they can be raised again later.
  (#2010, @ioquatix)

* Fix Rack::Lint error message for HTTP_CONTENT_TYPE and
  HTTP_CONTENT_LENGTH.  (#2007, @byroot)

* Extend Rack::MethodOverride to handle QueryParser::ParamsTooDeepError
  error.  (#2006, @byroot)

3.0.4.1 (2023-01-17)

* [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
* [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
* [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
Files:
RevisionActionfile
1.33modifypkgsrc/www/ruby-rack/Makefile
1.31modifypkgsrc/www/ruby-rack/distinfo