Hello community,
here is the log from the commit of package rubygem-actionpack-4_2 for
openSUSE:Factory checked in at 2016-03-07 13:27:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-4_2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-4_2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-actionpack-4_2"
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-4_2/rubygem-actionpack-4_2.changes
2016-03-01 09:41:41.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-4_2.new/rubygem-actionpack-4_2.changes
2016-03-07 13:27:55.000000000 +0100
@@ -1,0 +2,19 @@
+Tue Mar 1 05:30:50 UTC 2016 - [email protected]
+
+- updated to version 4.2.5.2
+ see installed CHANGELOG.md
+
+ ## Rails 4.2.5.2 (February 26, 2016) ##
+
+ * Do not allow render with unpermitted parameter.
+
+ Fixes CVE-2016-2098.
+
+ *Arthur Neves*
+
+
+ ## Rails 4.2.5.1 (January 25, 2015) ##
+
+ * No changes.
+
+-------------------------------------------------------------------
Old:
----
actionpack-4.2.5.1.gem
New:
----
actionpack-4.2.5.2.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-actionpack-4_2.spec ++++++
--- /var/tmp/diff_new_pack.q85WWL/_old 2016-03-07 13:27:56.000000000 +0100
+++ /var/tmp/diff_new_pack.q85WWL/_new 2016-03-07 13:27:56.000000000 +0100
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-4_2
-Version: 4.2.5.1
+Version: 4.2.5.2
Release: 0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
++++++ actionpack-4.2.5.1.gem -> actionpack-4.2.5.2.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2016-01-25 19:25:07.000000000 +0100
+++ new/CHANGELOG.md 2016-02-29 20:16:20.000000000 +0100
@@ -1,3 +1,17 @@
+## Rails 4.2.5.2 (February 26, 2016) ##
+
+* Do not allow render with unpermitted parameter.
+
+ Fixes CVE-2016-2098.
+
+ *Arthur Neves*
+
+
+## Rails 4.2.5.1 (January 25, 2015) ##
+
+* No changes.
+
+
## Rails 4.2.5 (November 12, 2015) ##
* `ActionController::TestCase` can teardown gracefully if an error is raised
Files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/abstract_controller/rendering.rb
new/lib/abstract_controller/rendering.rb
--- old/lib/abstract_controller/rendering.rb 2016-01-25 19:25:07.000000000
+0100
+++ new/lib/abstract_controller/rendering.rb 2016-02-29 20:16:20.000000000
+0100
@@ -77,13 +77,13 @@
# render "foo/bar" to render :file => "foo/bar".
# :api: plugin
def _normalize_args(action=nil, options={})
- case action
- when ActionController::Parameters
- unless action.permitted?
+ if action.respond_to?(:permitted?)
+ if action.permitted?
+ action
+ else
raise ArgumentError, "render parameters are not permitted"
end
- action
- when Hash
+ elsif action.is_a?(Hash)
action
else
options
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_pack/gem_version.rb
new/lib/action_pack/gem_version.rb
--- old/lib/action_pack/gem_version.rb 2016-01-25 19:25:07.000000000 +0100
+++ new/lib/action_pack/gem_version.rb 2016-02-29 20:16:20.000000000 +0100
@@ -8,7 +8,7 @@
MAJOR = 4
MINOR = 2
TINY = 5
- PRE = "1"
+ PRE = "2"
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2016-01-25 19:25:07.000000000 +0100
+++ new/metadata 2016-02-29 20:16:20.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: actionpack
version: !ruby/object:Gem::Version
- version: 4.2.5.1
+ version: 4.2.5.2
platform: ruby
authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-date: 2016-01-25 00:00:00.000000000 Z
+date: 2016-02-29 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -16,14 +16,14 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 4.2.5.1
+ version: 4.2.5.2
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 4.2.5.1
+ version: 4.2.5.2
- !ruby/object:Gem::Dependency
name: rack
requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 4.2.5.1
+ version: 4.2.5.2
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 4.2.5.1
+ version: 4.2.5.2
- !ruby/object:Gem::Dependency
name: activemodel
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 4.2.5.1
+ version: 4.2.5.2
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 4.2.5.1
+ version: 4.2.5.2
description: Web apps on Rails. Simple, battle-tested conventions for building
and
testing MVC web applications. Works with any Rack-compatible server.
email: [email protected]
