Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=f3ebac63f16df1b3ba3fbe5804fd0996b0a4baeb
commit f3ebac63f16df1b3ba3fbe5804fd0996b0a4baeb Author: kikadf <[email protected]> Date: Sun Jul 20 11:38:53 2014 +0200 activerecord-3.2.13-2arcturus1-x86_64 * Fix CVE-2014-3482, CVE-2014-3483 diff --git a/source/devel-extra/activerecord/CVE-2014-3482-3483.patch b/source/devel-extra/activerecord/CVE-2014-3482-3483.patch new file mode 100644 index 0000000..958833a --- /dev/null +++ b/source/devel-extra/activerecord/CVE-2014-3482-3483.patch @@ -0,0 +1,39 @@ +From 1bf1a25b1789ec10f71a749fd038c6b3118da589 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= + <[email protected]> +Date: Thu, 5 Jun 2014 12:34:07 -0300 +Subject: [PATCH] Check against bit string values using multiline regexp + +Fix CVE-2014-3482. +--- + .../lib/active_record/connection_adapters/postgresql_adapter.rb | 6 +++--- + activerecord/test/cases/adapters/postgresql/quoting_test.rb | 5 +++++ + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb +index e98337e..3cd65d0 100644 +--- a/lib/active_record/connection_adapters/postgresql_adapter.rb ++++ b/lib/active_record/connection_adapters/postgresql_adapter.rb +@@ -442,8 +442,8 @@ module ActiveRecord + when 'xml' then "xml '#{quote_string(value)}'" + when /^bit/ + case value +- when /^[01]*$/ then "B'#{value}'" # Bit-string notation +- when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation ++ when /\A[01]*\Z/ then "B'#{value}'" # Bit-string notation ++ when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation + end + else + super +@@ -1160,7 +1160,7 @@ module ActiveRecord + FEATURE_NOT_SUPPORTED = "0A000" # :nodoc: + + def exec_no_cache(sql, binds) +- @connection.async_exec(sql) ++ @connection.async_exec(sql, []) + end + + def exec_cache(sql, binds) +-- +2.0.0 + diff --git a/source/devel-extra/activerecord/FrugalBuild b/source/devel-extra/activerecord/FrugalBuild index 21c2871..2827639 100644 --- a/source/devel-extra/activerecord/FrugalBuild +++ b/source/devel-extra/activerecord/FrugalBuild @@ -3,7 +3,7 @@ pkgname=activerecord pkgver=3.2.13 -pkgrel=1 +pkgrel=2arcturus1 pkgdesc="Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM" url="http://rubyforge.org/projects/actionpack/"; depends=('activesupport>=3.2.13') @@ -11,3 +11,10 @@ groups=('devel-extra') archs=('i686' 'x86_64') Finclude gem sha1sums=('469f6b4456d7fa1bf0336d488ad5878a6842e2da') + + +# FSA fix *** +source=(${source[@]} CVE-2014-3482-3483.patch) +sha1sums=(${sha1sums[@]} '81b692a22f46223c415692797ba750dfd923fcb2') +# *********** + _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
