Hello community, here is the log from the commit of package rubygem-activerecord-2_3.1540 for openSUSE:12.1:Update checked in at 2013-04-10 22:41:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/rubygem-activerecord-2_3.1540 (Old) and /work/SRC/openSUSE:12.1:Update/.rubygem-activerecord-2_3.1540.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-activerecord-2_3.1540", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-04-05 00:01:41.916011506 +0200 +++ /work/SRC/openSUSE:12.1:Update/.rubygem-activerecord-2_3.1540.new/rubygem-activerecord-2_3.changes 2013-04-10 22:41:33.000000000 +0200 @@ -0,0 +1,133 @@ +------------------------------------------------------------------- +Tue Apr 2 11:51:26 UTC 2013 - jmassaguer...@suse.com + +- add patch to fix security issue: + - bug-809932_2-3-attribute_symbols.patch: + fix CVE-2013-1854: rubygem-activerecord*: Symbol DoS vulnerability + in Active Record (bnc#809932) + +------------------------------------------------------------------- +Wed Feb 13 23:26:12 UTC 2013 - mrueck...@suse.de + +- update to version 2.3.17 (bnc#803336, bnc#803339) + CVE-2013-0276 CVE-2013-0277: + - Fix issue with attr_protected where malformed input could + circumvent protection + - Fix Serialized Attributes YAML Vulnerability + +------------------------------------------------------------------- +Wed Jan 30 16:24:46 UTC 2013 - mrueck...@suse.de + +- update to 2.3.16 (bnc#800320) CVE-2013-0333 + - Fix for CVE-2013-0155 +- obsoletes 2-3-null_array_param.patch + +------------------------------------------------------------------- +Thu Jan 17 11:46:46 UTC 2013 - mrueck...@suse.de + +- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452) + - CVE-2012-5664 options hashes should only be extracted if + there are extra parameters + - CVE-2012-2695 Fix SQL injection via nested hashes in conditions +- dropped 2-3-sql-injection.patch: + included upstream +- added 2-3-null_array_param.patch: + Patch for CVE-2013-0155. + +------------------------------------------------------------------- +Wed Jul 18 15:13:34 UTC 2012 - mrueck...@suse.de + +- added 2-3-sql-injection.patch (CVE-2012-2695) (bnc#766792) + +------------------------------------------------------------------- +Wed Aug 17 11:53:14 UTC 2011 - mrueck...@suse.de + +- update to version 2.3.14 + - potential SQL injection with quote_table_name (bnc#712062) + +------------------------------------------------------------------- +Mon Jun 20 17:07:28 UTC 2011 - mrueck...@suse.de + +- update to version 2.3.12 + * Version Bump + +------------------------------------------------------------------- +Wed Feb 16 11:11:50 UTC 2011 - mrueck...@suse.de + +- update to version 2.3.11: (bnc#668817) + - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446 + - CSRF Bypass Risk CVE-2011-0447 + - Filter Problems on Case Insensitive Filesystems CVE-2011-0449 + - Potential SQL Injection with limit() CVE-2011-0448 + +------------------------------------------------------------------- +Mon Jan 17 13:34:57 UTC 2011 - mvid...@suse.cz + +- Split off doc and testsuite subpackages. + +------------------------------------------------------------------- +Wed Oct 27 11:40:21 UTC 2010 - mrueck...@suse.de + +- update to version 2.3.10 + * Security Release to fix CVE-2010-3933 + +------------------------------------------------------------------- +Sun Sep 5 11:10:08 UTC 2010 - mrueck...@suse.de + +- update to version 2.3.9 + * Version bump. + +------------------------------------------------------------------- +Tue May 25 16:11:20 UTC 2010 - mrueck...@suse.de + +- use rubygems_requires macro + +------------------------------------------------------------------- +Tue May 25 15:19:40 UTC 2010 - mrueck...@suse.de + +- update to version 2.3.8 + * Version bump. +- additional changes from version 2.3.7 + * Version bump. +- additional changes from version 2.3.6 + * Add index length support for MySQL. + #1852 [Emili Parreno, Pratik Naik] + * find_or_create_by_attr(value, ...) works when attr is + protected. #4457 [Santiago Pastorino, Marc-André Lafortune] + * JSON supports a custom root option: to_json(:root => 'custom') + #4515 [Jatinder Singh] + * Destroy uses optimistic locking. If lock_version on the record + you're destroying doesn't match lock_version in the database, a + StaleObjectError is raised. #1966 [Curtis Hawthorne] + * To prefix the table names of all models in a module, define + self.table_name_prefix on the module. #4032 [Andrew White] + * Association inverses for belongs_to, has_one, and has_many. + Optimization to reduce database queries. #3533 [Murray Steele] + * MySQL: add_ and change_column support positioning. + #3286 [Ben Marini] + * Reset your Active Record counter caches with the + reset_counter_cache class method. + #1211 [Mike Breen, Gabe da Silveira] + +------------------------------------------------------------------- +Tue Dec 1 16:27:49 UTC 2009 - ch...@computersalat.de + +- update to version 2.3.5 + * Minor Bug Fixes and deprecation warnings + * 1.9 Compatibility + * Numerous fixes to the nested attributes functionality + +------------------------------------------------------------------- +Thu Sep 10 12:03:16 UTC 2009 - adr...@suse.de + +- update to version 2.3.4 + * PostgreSQL: XML datatype support. #1874 [Leonardo Borges] + * SQLite: deprecate the 'dbfile' option in favor of 'database.' + #2363 [Paul Hinze, Jeremy Kemper] + +------------------------------------------------------------------- +Mon Mar 16 20:38:16 CET 2009 - mrueck...@suse.de + +- starting package for the rails 2.3 series + +------------------------------------------------------------------- New: ---- activerecord-2.3.17.gem bug-809932_2-3-attribute_symbols.patch rubygem-activerecord-2_3.changes rubygem-activerecord-2_3.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-activerecord-2_3.spec ++++++ # # spec file for package rubygem-activerecord-2_3 # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: rubygem-activerecord-2_3 Version: 2.3.17 Release: 0 %define mod_name activerecord %define mod_full_name %{mod_name}-%{version} # # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: rubygems_with_buildroot_patch %rubygems_requires Provides: rubygem-%{mod_name} = %{version}-%{release} # activesupport = 2.3.17 BuildRequires: rubygem-activesupport-2_3 = %{version} Requires: rubygem-activesupport-2_3 = %{version} # Url: http://www.rubyonrails.org Source: %{mod_full_name}.gem Source1: bug-809932_2-3-attribute_symbols.patch # Summary: Implements the ActiveRecord pattern for ORM License: MIT Group: Development/Languages/Ruby %description Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. %package doc Summary: RDoc documentation for %{mod_name} Group: Development/Languages/Ruby Requires: %{name} = %{version} %description doc Documentation generated at gem installation time. Usually in RDoc and RI formats. %package testsuite Summary: Test suite for %{mod_name} Group: Development/Languages/Ruby Requires: %{name} = %{version} %description testsuite Test::Unit or RSpec files, useful for developers. %prep %build %install %gem_install %{S:0} pushd %{buildroot}%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_name}-%{version} patch -p2 < %{S:1} popd %clean %{__rm} -rf %{buildroot} %files %defattr(-,root,root,-) %{_libdir}/ruby/gems/%{rb_ver}/cache/%{mod_full_name}.gem %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/ %exclude %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/test %{_libdir}/ruby/gems/%{rb_ver}/specifications/%{mod_full_name}.gemspec %files doc %defattr(-,root,root,-) %doc %{_libdir}/ruby/gems/%{rb_ver}/doc/%{mod_full_name}/ %files testsuite %defattr(-,root,root,-) %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/test %changelog ++++++ bug-809932_2-3-attribute_symbols.patch ++++++ diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index c11b702..894ca6b 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -2307,7 +2307,7 @@ module ActiveRecord #:nodoc: def expand_hash_conditions_for_aggregates(attrs) expanded_attrs = {} attrs.each do |attr, value| - unless (aggregation = reflect_on_aggregation(attr.to_sym)).nil? + unless (aggregation = reflect_on_aggregation(attr)).nil? mapping = aggregate_mapping(aggregation) mapping.each do |field_attr, aggregate_attr| if mapping.size == 1 && !value.respond_to?(aggregate_attr) diff --git a/activerecord/lib/active_record/reflection.rb b/activerecord/lib/active_record/reflection.rb index 13bcb8b..a07d442 100644 --- a/activerecord/lib/active_record/reflection.rb +++ b/activerecord/lib/active_record/reflection.rb @@ -18,7 +18,7 @@ module ActiveRecord when :composed_of reflection = AggregateReflection.new(macro, name, options, active_record) end - write_inheritable_hash :reflections, name => reflection + write_inheritable_hiwa :reflections, name => reflection reflection end -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
