Hello community,
here is the log from the commit of package rubygem-activesupport-2_3.1542 for
openSUSE:12.1:Update checked in at 2013-04-10 22:42:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1:Update/rubygem-activesupport-2_3.1542 (Old)
and /work/SRC/openSUSE:12.1:Update/.rubygem-activesupport-2_3.1542.new
(New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-activesupport-2_3.1542", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2013-04-05 00:01:41.916011506 +0200
+++
/work/SRC/openSUSE:12.1:Update/.rubygem-activesupport-2_3.1542.new/rubygem-activesupport-2_3.changes
2013-04-10 22:42:02.000000000 +0200
@@ -0,0 +1,155 @@
+-------------------------------------------------------------------
+Tue Apr 2 11:46:40 UTC 2013 - [email protected]
+
+- add patch to fix security issue:
+ - bug-809932_2-3-attribute_symbols.patch:
+ fix CVE-2013-1854: rubygem-activerecord*: Symbol DoS vulnerability
+ in Active Record (bnc#809932)
+
+-------------------------------------------------------------------
+Wed Feb 13 23:50:34 UTC 2013 - [email protected]
+
+- update to version 2.3.17 (bnc#803336, bnc#803339)
+ CVE-2013-0276 CVE-2013-0277:
+ * Version bump
+
+-------------------------------------------------------------------
+Wed Jan 30 16:47:36 UTC 2013 - [email protected]
+
+- update to 2.3.16 (bnc#800320) CVE-2013-0333
+ - fixing load error messages
+ - html_escape should escape single quotes
+ - Add an OkJson backend and remove the YAML backend
+ Fixes CVE-2013-0333. The ActiveSupport::JSON::Backends::Yaml
+ class is present but the functionality has been removed
+ entirely.
+- obsoletes 3-0-escape_html-activesupport.patch:
+ upstreamed
+
+-------------------------------------------------------------------
+Thu Jan 17 13:20:55 UTC 2013 - [email protected]
+
+- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452)
+ * Hash.from_xml raises when it encounters type="symbol" or
+ type="yaml". Use Hash.from_trusted_xml to parse this XML.
+ CVE-2013-0156 [Jeremy Kemper]
+
+-------------------------------------------------------------------
+Fri Sep 7 19:04:46 UTC 2012 - [email protected]
+
+- added 3-0-escape_html-activesupport.patch: (bnc#775653)
+ Also encode single quote (CVE-2012-3464)
+
+-------------------------------------------------------------------
+Wed Aug 17 11:44:57 UTC 2011 - [email protected]
+
+- update to version 2.3.14
+ - fixing utf8 escape vulerability (bnc#712060)
+ - Fix OrderedHash merging with block given.
+
+-------------------------------------------------------------------
+Mon Jun 20 16:33:17 UTC 2011 - [email protected]
+
+- update to version 2.3.12
+ * Version bump
+
+-------------------------------------------------------------------
+Wed Feb 16 11:17:34 UTC 2011 - [email protected]
+
+- update to version 2.3.11: (bnc#668817)
+ - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446
+ - CSRF Bypass Risk CVE-2011-0447
+ - Filter Problems on Case Insensitive Filesystems CVE-2011-0449
+ - Potential SQL Injection with limit() CVE-2011-0448
+
+-------------------------------------------------------------------
+Mon Jan 17 13:22:47 UTC 2011 - [email protected]
+
+- Split off doc subpackage.
+
+-------------------------------------------------------------------
+Wed Oct 27 11:31:28 UTC 2010 - [email protected]
+
+- update to version 2.3.10
+ * i18n: bundle i18n 0.4.1 for forward compatibility with Rails 3.
+ Deprecates {{foo}} interpolation syntax in favor of 1.9-native
+ %{foo}.
+ * Deprecate Kernel#returning in favor of Object#tap since it's
+ included in Ruby 1.8.7 and later. [Santiago Pastorino]
+ * Deprecates ActiveSupport::Dependencies.load_(once_)paths,
+ renamed to autoload_(once_)paths. [fxn]
+ * Deprecates Array#random_element, renamed to sample to match
+ Ruby 1.9, thanks to Marc-Andre Lafortune. [fxn]
+
+-------------------------------------------------------------------
+Sun Sep 5 11:03:51 UTC 2010 - [email protected]
+
+- update to version 2.3.9
+ * i18n: bundle i18n 0.4.1 for forward compatibility with Rails 3.
+ Deprecates {{foo}} interpolation syntax in favor of 1.9-native
+ %{foo}.
+ * Deprecate Kernel#returning in favor of Object#tap since it's
+ included in Ruby 1.8.7 and later. [Santiago Pastorino]
+ * Deprecates ActiveSupport::Dependencies.load_(once_)paths,
+ renamed to autoload_(once_)paths. [fxn]
+ * Deprecates Array#random_element, renamed to sample to match
+ Ruby 1.9, thanks to Marc-Andre Lafortune. [fxn]
+
+-------------------------------------------------------------------
+Tue May 25 16:07:41 UTC 2010 - [email protected]
+
+- use rubygems_requires macro
+
+-------------------------------------------------------------------
+Tue May 25 14:58:20 UTC 2010 - [email protected]
+
+- update to version 2.3.8
+ * Version bump.
+- additional changes from version 2.3.7
+ * HTML safety: fix compatibility with the optional rails_xss
+ plugin. [Nathan Weizenbaum, Santiago Pastorino]
+- additional changes from version 2.3.6
+ * 1.9 compat: deprecated last_(month|year) in favor of
+ prev_(month|year). [fxn]
+ * Deprecated Array#rand in favor of Array#random_element.
+ [Santiago Pastorino, Rizwan Reza]
+ * Added Object#presence that returns the object if it's #present?
+ otherwise returns nil [DHH/Colin Kelley]
+ * New assertions assert_blank and assert_present.
+ #4299 [Juanjo Bazan]
+ * Use Object#singleton_class instead of #metaclass. Prefer Ruby's
+ choice. [Jeremy Kemper]
+ * JSON backend for YAJL. Preferred if available.
+ #2666 [Brian Lopez]
+ * Introduce String#html_safe for rails_xss plugin and
+ forward-compatibility with Rails 3. [Michael Koziarski,
+ Santiago Pastorino, José Ignacio Costa]
+ * Time#- with a DateTime argument behaves the same as with a Time
+ argument, i.e. returns the difference between self and arg as a
+ Float #3476 [Geoff Buesing]
+ * YAML serialization for OrderedHash. #3608 [Gregor Schmidt]
+ * Add Enumerable#exclude? to bring parity to Enumerable#include?
+ and avoid if !x.include?/else calls [DHH]
+
+-------------------------------------------------------------------
+Tue Dec 1 16:33:12 UTC 2009 - [email protected]
+
+- update to version 2.3.5
+ * Minor Bug Fixes and deprecation warnings
+ * Fixes for the Nokogiri backend for XmlMini
+ * Ruby 1.9 Compatibility
+
+-------------------------------------------------------------------
+Thu Sep 10 09:05:34 UTC 2009 - [email protected]
+
+- update to version 2.3.4
+ * Introduce ActiveSupport::Multibyte.clean to clean invalid
+ multibyte strings.
+ * Bug fixes
+
+-------------------------------------------------------------------
+Mon Mar 16 20:31:30 CET 2009 - [email protected]
+
+- starting package for the rails 2.3 series
+
+-------------------------------------------------------------------
New:
----
activesupport-2.3.17.gem
bug-809932_2-3-attribute_symbols.patch
rubygem-activesupport-2_3.changes
rubygem-activesupport-2_3.spec
series
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-activesupport-2_3.spec ++++++
#
# spec file for package rubygem-activesupport-2_3
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: rubygem-activesupport-2_3
Version: 2.3.17
Release: 0
%define mod_name activesupport
%define mod_full_name %{mod_name}-%{version}
#
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: rubygems_with_buildroot_patch
%rubygems_requires
Provides: rubygem-%{mod_name} = %{version}-%{release}
#
Url: http://rubyforge.org/projects/activesupport/
Source: %{mod_full_name}.gem
Source1: bug-809932_2-3-attribute_symbols.patch
Source99: series
#
Summary: Support and utility classes used by the Rails framework
License: MIT
Group: Development/Languages/Ruby
%description
Utility library which carries commonly used classes and goodies from the Rails
framework
%package doc
Summary: RDoc documentation for %{mod_name}
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
%description doc
Documentation generated at gem installation time.
Usually in RDoc and RI formats.
%prep
%build
%install
%gem_install %{S:0}
pushd %{buildroot}%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_name}-%{version}
patch -p2 < %{S:1}
popd
%clean
%{__rm} -rf %{buildroot}
%files
%defattr(-,root,root,-)
%{_libdir}/ruby/gems/%{rb_ver}/cache/%{mod_full_name}.gem
%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/
%{_libdir}/ruby/gems/%{rb_ver}/specifications/%{mod_full_name}.gemspec
%files doc
%defattr(-,root,root,-)
%doc %{_libdir}/ruby/gems/%{rb_ver}/doc/%{mod_full_name}/
%changelog
++++++ bug-809932_2-3-attribute_symbols.patch ++++++
diff --git
a/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb
b/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb
index 1794afe..d86eab8 100644
--- a/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb
+++ b/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb
@@ -109,6 +109,11 @@ class Class # :nodoc:
write_inheritable_attribute(key,
read_inheritable_attribute(key).merge(hash))
end
+ def write_inheritable_hiwa(key, hash)
+ write_inheritable_attribute(key, {}.with_indifferent_access) if
read_inheritable_attribute(key).nil?
+ write_inheritable_attribute(key,
read_inheritable_attribute(key).merge(hash))
+ end
+
def read_inheritable_attribute(key)
inheritable_attributes[key]
end
++++++ series ++++++
3-0-escape_html-activesupport.patch -p0
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
