Hello community,
here is the log from the commit of package rubygem-activerecord-3_2 for
openSUSE:Factory checked in at 2012-07-16 09:34:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-activerecord-3_2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-activerecord-3_2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-activerecord-3_2", Maintainer is ""
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-activerecord-3_2/rubygem-activerecord-3_2.changes
2012-06-01 07:36:07.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-activerecord-3_2.new/rubygem-activerecord-3_2.changes
2012-07-16 09:34:46.000000000 +0200
@@ -1,0 +2,28 @@
+Fri Jun 29 10:26:02 UTC 2012 - [email protected]
+
+- update to 3.2.6
+ * protect against the nesting of hashes changing the
+ table context in the next call to build_from_hash. This fix
+ covers this case as well.
+ CVE-2012-2695
+ * Revert earlier 'perf fix' (see 3.2.4 changelog / GH #6289). This
+ change introduced a regression (GH #6609). assoc.clear and
+ assoc.delete_all have loaded the association before doing the delete
+ since at least Rails 2.3. Doing the delete without loading the
+ records means that the `before_remove` and `after_remove` callbacks do
+ not get invoked. Therefore, this change was less a fix a more an
+ optimisation, which should only have gone into master.
+ * Restore behavior of Active Record 3.2.3 scopes.
+ A series of commits relating to preloading and scopes caused a
regression.
+ * Perf fix: Don't load the records when doing assoc.delete_all.
+ GH #6289. *Jon Leighton*
+ * Association preloading shouldn't be affected by the current scoping.
+ This could cause infinite recursion and potentially other problems.
+ See GH #5667. *Jon Leighton*
+ * Datetime attributes are forced to be changed. GH #3965
+ * Fix attribute casting. GH #5549
+ * Fix #5667. Preloading should ignore scoping.
+ * Predicate builder should not recurse for determining where columns.
+ Thanks to Ben Murphy for reporting this! CVE-2012-2661
+
+-------------------------------------------------------------------
Old:
----
activerecord-3.2.3.gem
New:
----
activerecord-3.2.6.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-activerecord-3_2.spec ++++++
--- /var/tmp/diff_new_pack.AjIlgg/_old 2012-07-16 09:34:47.000000000 +0200
+++ /var/tmp/diff_new_pack.AjIlgg/_new 2012-07-16 09:34:47.000000000 +0200
@@ -17,7 +17,7 @@
Name: rubygem-activerecord-3_2
-Version: 3.2.3
+Version: 3.2.6
Release: 0
%define mod_name activerecord
%define mod_full_name %{mod_name}-%{version}
@@ -30,12 +30,12 @@
Provides: rubygem-%{mod_name}-3 = %{version}-%{release}
Requires: ruby >= 1.8.7
BuildRequires: ruby-devel >= 1.8.7
-# activesupport = 3.2.3
-BuildRequires: rubygem-activesupport-3_2 = 3.2.3
-Requires: rubygem-activesupport-3_2 = 3.2.3
-# activemodel = 3.2.3
-BuildRequires: rubygem-activemodel-3_2 = 3.2.3
-Requires: rubygem-activemodel-3_2 = 3.2.3
+# activesupport = %{version}
+BuildRequires: rubygem-activesupport-3_2 = %{version}
+Requires: rubygem-activesupport-3_2 = %{version}
+# activemodel = %{version}
+BuildRequires: rubygem-activemodel-3_2 = %{version}
+Requires: rubygem-activemodel-3_2 = %{version}
# arel ~> 3.0.2
BuildRequires: rubygem-arel-3_0 >= 3.0.2
Requires: rubygem-arel-3_0 >= 3.0.2
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
