Hello community, here is the log from the commit of package rubygem-activesupport-2_3.1542 for openSUSE:12.1:Update checked in at 2013-04-10 22:42:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/rubygem-activesupport-2_3.1542 (Old) and /work/SRC/openSUSE:12.1:Update/.rubygem-activesupport-2_3.1542.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-activesupport-2_3.1542", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-04-05 00:01:41.916011506 +0200 +++ /work/SRC/openSUSE:12.1:Update/.rubygem-activesupport-2_3.1542.new/rubygem-activesupport-2_3.changes 2013-04-10 22:42:02.000000000 +0200 @@ -0,0 +1,155 @@ +------------------------------------------------------------------- +Tue Apr 2 11:46:40 UTC 2013 - jmassaguer...@suse.com + +- add patch to fix security issue: + - bug-809932_2-3-attribute_symbols.patch: + fix CVE-2013-1854: rubygem-activerecord*: Symbol DoS vulnerability + in Active Record (bnc#809932) + +------------------------------------------------------------------- +Wed Feb 13 23:50:34 UTC 2013 - mrueck...@suse.de + +- update to version 2.3.17 (bnc#803336, bnc#803339) + CVE-2013-0276 CVE-2013-0277: + * Version bump + +------------------------------------------------------------------- +Wed Jan 30 16:47:36 UTC 2013 - mrueck...@suse.de + +- update to 2.3.16 (bnc#800320) CVE-2013-0333 + - fixing load error messages + - html_escape should escape single quotes + - Add an OkJson backend and remove the YAML backend + Fixes CVE-2013-0333. The ActiveSupport::JSON::Backends::Yaml + class is present but the functionality has been removed + entirely. +- obsoletes 3-0-escape_html-activesupport.patch: + upstreamed + +------------------------------------------------------------------- +Thu Jan 17 13:20:55 UTC 2013 - mrueck...@suse.de + +- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452) + * Hash.from_xml raises when it encounters type="symbol" or + type="yaml". Use Hash.from_trusted_xml to parse this XML. + CVE-2013-0156 [Jeremy Kemper] + +------------------------------------------------------------------- +Fri Sep 7 19:04:46 UTC 2012 - mrueck...@suse.de + +- added 3-0-escape_html-activesupport.patch: (bnc#775653) + Also encode single quote (CVE-2012-3464) + +------------------------------------------------------------------- +Wed Aug 17 11:44:57 UTC 2011 - mrueck...@suse.de + +- update to version 2.3.14 + - fixing utf8 escape vulerability (bnc#712060) + - Fix OrderedHash merging with block given. + +------------------------------------------------------------------- +Mon Jun 20 16:33:17 UTC 2011 - mrueck...@suse.de + +- update to version 2.3.12 + * Version bump + +------------------------------------------------------------------- +Wed Feb 16 11:17:34 UTC 2011 - mrueck...@suse.de + +- update to version 2.3.11: (bnc#668817) + - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446 + - CSRF Bypass Risk CVE-2011-0447 + - Filter Problems on Case Insensitive Filesystems CVE-2011-0449 + - Potential SQL Injection with limit() CVE-2011-0448 + +------------------------------------------------------------------- +Mon Jan 17 13:22:47 UTC 2011 - mvid...@suse.cz + +- Split off doc subpackage. + +------------------------------------------------------------------- +Wed Oct 27 11:31:28 UTC 2010 - mrueck...@suse.de + +- update to version 2.3.10 + * i18n: bundle i18n 0.4.1 for forward compatibility with Rails 3. + Deprecates {{foo}} interpolation syntax in favor of 1.9-native + %{foo}. + * Deprecate Kernel#returning in favor of Object#tap since it's + included in Ruby 1.8.7 and later. [Santiago Pastorino] + * Deprecates ActiveSupport::Dependencies.load_(once_)paths, + renamed to autoload_(once_)paths. [fxn] + * Deprecates Array#random_element, renamed to sample to match + Ruby 1.9, thanks to Marc-Andre Lafortune. [fxn] + +------------------------------------------------------------------- +Sun Sep 5 11:03:51 UTC 2010 - mrueck...@suse.de + +- update to version 2.3.9 + * i18n: bundle i18n 0.4.1 for forward compatibility with Rails 3. + Deprecates {{foo}} interpolation syntax in favor of 1.9-native + %{foo}. + * Deprecate Kernel#returning in favor of Object#tap since it's + included in Ruby 1.8.7 and later. [Santiago Pastorino] + * Deprecates ActiveSupport::Dependencies.load_(once_)paths, + renamed to autoload_(once_)paths. [fxn] + * Deprecates Array#random_element, renamed to sample to match + Ruby 1.9, thanks to Marc-Andre Lafortune. [fxn] + +------------------------------------------------------------------- +Tue May 25 16:07:41 UTC 2010 - mrueck...@suse.de + +- use rubygems_requires macro + +------------------------------------------------------------------- +Tue May 25 14:58:20 UTC 2010 - mrueck...@suse.de + +- update to version 2.3.8 + * Version bump. +- additional changes from version 2.3.7 + * HTML safety: fix compatibility with the optional rails_xss + plugin. [Nathan Weizenbaum, Santiago Pastorino] +- additional changes from version 2.3.6 + * 1.9 compat: deprecated last_(month|year) in favor of + prev_(month|year). [fxn] + * Deprecated Array#rand in favor of Array#random_element. + [Santiago Pastorino, Rizwan Reza] + * Added Object#presence that returns the object if it's #present? + otherwise returns nil [DHH/Colin Kelley] + * New assertions assert_blank and assert_present. + #4299 [Juanjo Bazan] + * Use Object#singleton_class instead of #metaclass. Prefer Ruby's + choice. [Jeremy Kemper] + * JSON backend for YAJL. Preferred if available. + #2666 [Brian Lopez] + * Introduce String#html_safe for rails_xss plugin and + forward-compatibility with Rails 3. [Michael Koziarski, + Santiago Pastorino, José Ignacio Costa] + * Time#- with a DateTime argument behaves the same as with a Time + argument, i.e. returns the difference between self and arg as a + Float #3476 [Geoff Buesing] + * YAML serialization for OrderedHash. #3608 [Gregor Schmidt] + * Add Enumerable#exclude? to bring parity to Enumerable#include? + and avoid if !x.include?/else calls [DHH] + +------------------------------------------------------------------- +Tue Dec 1 16:33:12 UTC 2009 - ch...@computersalat.de + +- update to version 2.3.5 + * Minor Bug Fixes and deprecation warnings + * Fixes for the Nokogiri backend for XmlMini + * Ruby 1.9 Compatibility + +------------------------------------------------------------------- +Thu Sep 10 09:05:34 UTC 2009 - adr...@suse.de + +- update to version 2.3.4 + * Introduce ActiveSupport::Multibyte.clean to clean invalid + multibyte strings. + * Bug fixes + +------------------------------------------------------------------- +Mon Mar 16 20:31:30 CET 2009 - mrueck...@suse.de + +- starting package for the rails 2.3 series + +------------------------------------------------------------------- New: ---- activesupport-2.3.17.gem bug-809932_2-3-attribute_symbols.patch rubygem-activesupport-2_3.changes rubygem-activesupport-2_3.spec series ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-activesupport-2_3.spec ++++++ # # spec file for package rubygem-activesupport-2_3 # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: rubygem-activesupport-2_3 Version: 2.3.17 Release: 0 %define mod_name activesupport %define mod_full_name %{mod_name}-%{version} # # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: rubygems_with_buildroot_patch %rubygems_requires Provides: rubygem-%{mod_name} = %{version}-%{release} # Url: http://rubyforge.org/projects/activesupport/ Source: %{mod_full_name}.gem Source1: bug-809932_2-3-attribute_symbols.patch Source99: series # Summary: Support and utility classes used by the Rails framework License: MIT Group: Development/Languages/Ruby %description Utility library which carries commonly used classes and goodies from the Rails framework %package doc Summary: RDoc documentation for %{mod_name} Group: Development/Languages/Ruby Requires: %{name} = %{version} %description doc Documentation generated at gem installation time. Usually in RDoc and RI formats. %prep %build %install %gem_install %{S:0} pushd %{buildroot}%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_name}-%{version} patch -p2 < %{S:1} popd %clean %{__rm} -rf %{buildroot} %files %defattr(-,root,root,-) %{_libdir}/ruby/gems/%{rb_ver}/cache/%{mod_full_name}.gem %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/ %{_libdir}/ruby/gems/%{rb_ver}/specifications/%{mod_full_name}.gemspec %files doc %defattr(-,root,root,-) %doc %{_libdir}/ruby/gems/%{rb_ver}/doc/%{mod_full_name}/ %changelog ++++++ bug-809932_2-3-attribute_symbols.patch ++++++ diff --git a/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb b/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb index 1794afe..d86eab8 100644 --- a/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb +++ b/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb @@ -109,6 +109,11 @@ class Class # :nodoc: write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash)) end + def write_inheritable_hiwa(key, hash) + write_inheritable_attribute(key, {}.with_indifferent_access) if read_inheritable_attribute(key).nil? + write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash)) + end + def read_inheritable_attribute(key) inheritable_attributes[key] end ++++++ series ++++++ 3-0-escape_html-activesupport.patch -p0 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org