commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionpack-5.2 for openSUSE:Factory checked in at 2020-10-05 19:29:14 Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.4249 (New) Package is "rubygem-actionpack-5.2" Mon Oct 5 19:29:14 2020 rev:10 rq:838011 version:5.2.4.4 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes 2020-05-11 13:38:02.596701199 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.4249/rubygem-actionpack-5.2.changes 2020-10-05 19:29:16.656493745 +0200 @@ -1,0 +2,19 @@ +Fri Sep 25 13:19:36 UTC 2020 - Stephan Kulow + +updated to version 5.2.4.4 + see installed CHANGELOG.md + + ## Rails 5.2.4.4 (September 09, 2020) ## + + * No changes. + + + ## Rails 5.2.4.3 (May 18, 2020) ## + + * [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token + + * [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash + + + +--- Old: actionpack-5.2.4.2.gem New: actionpack-5.2.4.4.gem Other differences: -- ++ rubygem-actionpack-5.2.spec ++ --- /var/tmp/diff_new_pack.BxR3AZ/_old 2020-10-05 19:29:17.372494437 +0200 +++ /var/tmp/diff_new_pack.BxR3AZ/_new 2020-10-05 19:29:17.376494441 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionpack-5.2 -Version:5.2.4.2 +Version:5.2.4.4 Release:0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} ++ actionpack-5.2.4.2.gem -> actionpack-5.2.4.4.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2020-03-19 17:37:03.0 +0100 +++ new/CHANGELOG.md2020-09-09 20:34:59.0 +0200 @@ -1,3 +1,15 @@ +## Rails 5.2.4.4 (September 09, 2020) ## + +* No changes. + + +## Rails 5.2.4.3 (May 18, 2020) ## + +* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token + +* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash + + ## Rails 5.2.4.1 (December 18, 2019) ## * Fix possible information leak / session hijacking vulnerability. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_controller/metal/request_forgery_protection.rb new/lib/action_controller/metal/request_forgery_protection.rb --- old/lib/action_controller/metal/request_forgery_protection.rb 2020-03-19 17:37:03.0 +0100 +++ new/lib/action_controller/metal/request_forgery_protection.rb 2020-09-09 20:34:59.0 +0200 @@ -318,13 +318,15 @@ action_path = normalize_action_path(action) per_form_csrf_token(session, action_path, method) else - real_csrf_token(session) + global_csrf_token(session) end one_time_pad = SecureRandom.random_bytes(AUTHENTICITY_TOKEN_LENGTH) encrypted_csrf_token = xor_byte_strings(one_time_pad, raw_token) masked_token = one_time_pad + encrypted_csrf_token -Base64.strict_encode64(masked_token) +Base64.urlsafe_encode64(masked_token, padding: false) + +mask_token(raw_token) end # Checks the client's masked token to see if it matches the @@ -354,7 +356,8 @@ elsif masked_token.length == AUTHENTICITY_TOKEN_LENGTH * 2 csrf_token = unmask_token(masked_token) - compare_with_real_token(csrf_token, session) || + compare_with_global_token(csrf_token, session) || +compare_with_real_token(csrf_token, session) || valid_per_form_csrf_token?(csrf_token, session) else false # Token is malformed. @@ -369,10 +372,21 @@ xor_byte_strings(one_time_pad, encrypted_csrf_token) end + def mask_token(raw_token) # :doc: +one_time_pad = SecureRandom.random_bytes(AUTHENTICITY_TOKEN_LENGTH) +encrypted_csrf_token = xor_byte_strings(one_time_pad, raw_token) +masked_token = one_time_pad + encrypted_csrf_token +Base64.strict_encode64(masked_token) + end + def compare_with_real_token(token, session) # :doc: ActiveSupport::SecurityUtils.fixed_length_secure_compare(token, real_csrf_token(session)) end + def compare_with_global_token(token, session) # :doc: +ActiveSu
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionpack-5.2 for openSUSE:Factory checked in at 2020-05-11 13:38:00 Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.2738 (New) Package is "rubygem-actionpack-5.2" Mon May 11 13:38:00 2020 rev:9 rq:802310 version:5.2.4.2 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes 2019-12-23 22:47:36.466071274 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.2738/rubygem-actionpack-5.2.changes 2020-05-11 13:38:02.596701199 +0200 @@ -1,0 +2,6 @@ +Thu May 7 19:58:11 UTC 2020 - Stephan Kulow + +- updated to version 5.2.4.2 + see installed CHANGELOG.md + +--- Old: actionpack-5.2.4.1.gem New: actionpack-5.2.4.2.gem Other differences: -- ++ rubygem-actionpack-5.2.spec ++ --- /var/tmp/diff_new_pack.EOkyVs/_old 2020-05-11 13:38:03.800703723 +0200 +++ /var/tmp/diff_new_pack.EOkyVs/_new 2020-05-11 13:38:03.800703723 +0200 @@ -1,7 +1,7 @@ # # spec file for package rubygem-actionpack-5.2 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-actionpack-5.2 -Version:5.2.4.1 +Version:5.2.4.2 Release:0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} @@ -36,10 +36,10 @@ %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} -Url:http://rubyonrails.org +BuildRequires: ruby-macros >= 5 +URL:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml Summary:Web-flow and rendering framework putting the VC in MVC (part of ++ actionpack-5.2.4.1.gem -> actionpack-5.2.4.2.gem ++ Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_pack/gem_version.rb new/lib/action_pack/gem_version.rb --- old/lib/action_pack/gem_version.rb 2019-12-18 20:00:16.0 +0100 +++ new/lib/action_pack/gem_version.rb 2020-03-19 17:37:04.0 +0100 @@ -10,7 +10,7 @@ MAJOR = 5 MINOR = 2 TINY = 4 -PRE = "1" +PRE = "2" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2019-12-18 20:00:15.0 +0100 +++ new/metadata2020-03-19 17:37:03.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionpack version: !ruby/object:Gem::Version - version: 5.2.4.1 + version: 5.2.4.2 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2019-12-18 00:00:00.0 Z +date: 2020-03-19 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4.1 +version: 5.2.4.2 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4.1 +version: 5.2.4.2 - !ruby/object:Gem::Dependency name: rack requirement: !ruby/object:Gem::Requirement @@ -98,28 +98,28 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4.1 +version: 5.2.4.2 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4.1 +version: 5.2.4.2 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.4.1 +version: 5.2.4.2 type: :development prerelease: false version_requirements: !ruby/object:Gem::R
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionpack-5.2 for openSUSE:Factory checked in at 2019-12-23 22:44:55 Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.6675 (New) Package is "rubygem-actionpack-5.2" Mon Dec 23 22:44:55 2019 rev:8 rq:758822 version:5.2.4.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes 2019-11-30 10:40:40.904148404 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.6675/rubygem-actionpack-5.2.changes 2019-12-23 22:47:36.466071274 +0100 @@ -1,0 +2,6 @@ +Fri Dec 20 15:12:50 UTC 2019 - Marcus Rueckert + +- update to version 5.2.4.1 (CVE-2019-16782): + https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/ + +--- Old: actionpack-5.2.4.gem New: actionpack-5.2.4.1.gem Other differences: -- ++ rubygem-actionpack-5.2.spec ++ --- /var/tmp/diff_new_pack.C2YfcX/_old 2019-12-23 22:47:37.462071642 +0100 +++ /var/tmp/diff_new_pack.C2YfcX/_new 2019-12-23 22:47:37.470071645 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-actionpack-5.2 -Version:5.2.4 +Version:5.2.4.1 Release:0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} @@ -36,9 +36,9 @@ %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} -BuildRequires: ruby-macros >= 5 Url:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml ++ actionpack-5.2.4.gem -> actionpack-5.2.4.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2019-11-27 16:40:09.0 +0100 +++ new/CHANGELOG.md2019-12-18 20:00:15.0 +0100 @@ -1,3 +1,13 @@ +## Rails 5.2.4.1 (December 18, 2019) ## + +* Fix possible information leak / session hijacking vulnerability. + +The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the +gem dalli to be updated as well. + +CVE-2019-16782. + + ## Rails 5.2.4 (November 27, 2019) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_dispatch/middleware/session/abstract_store.rb new/lib/action_dispatch/middleware/session/abstract_store.rb --- old/lib/action_dispatch/middleware/session/abstract_store.rb 2019-11-27 16:40:09.0 +0100 +++ new/lib/action_dispatch/middleware/session/abstract_store.rb 2019-12-18 20:00:16.0 +0100 @@ -83,7 +83,21 @@ include SessionObject private +def set_cookie(request, session_id, cookie) + request.cookie_jar[key] = cookie +end +end +class AbstractSecureStore < Rack::Session::Abstract::PersistedSecure + include Compatibility + include StaleSessionCheck + include SessionObject + + def generate_sid +Rack::Session::SessionId.new(super) + end + + private def set_cookie(request, session_id, cookie) request.cookie_jar[key] = cookie end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_dispatch/middleware/session/cache_store.rb new/lib/action_dispatch/middleware/session/cache_store.rb --- old/lib/action_dispatch/middleware/session/cache_store.rb 2019-11-27 16:40:09.0 +0100 +++ new/lib/action_dispatch/middleware/session/cache_store.rb 2019-12-18 20:00:16.0 +0100 @@ -12,7 +12,7 @@ # * cache - The cache to use. If it is not specified, Rails.cache will be used. # * expire_after - The length of time a session will be stored before automatically expiring. # By default, the :expires_in option of the cache is used. -class CacheStore < AbstractStore +class CacheStore < AbstractSecureStore def initialize(app, options = {}) @cache = options[:cache] || Rails.cache options[:expire_after] ||= @cache.options[:expires_in] @@ -21,7 +21,7 @@ # Get a session from the cache. def find
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionpack-5.2 for openSUSE:Factory checked in at 2019-11-30 10:39:12 Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.26869 (New) Package is "rubygem-actionpack-5.2" Sat Nov 30 10:39:12 2019 rev:7 rq:751752 version:5.2.4 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes 2019-04-01 12:35:47.609839570 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.26869/rubygem-actionpack-5.2.changes 2019-11-30 10:40:40.904148404 +0100 @@ -1,0 +2,7 @@ +Thu Nov 28 12:52:16 UTC 2019 - Manuel Schnitzer + +- updated to version 5.2.4 + + * no changes + +--- Old: actionpack-5.2.3.gem New: actionpack-5.2.4.gem Other differences: -- ++ rubygem-actionpack-5.2.spec ++ --- /var/tmp/diff_new_pack.ZjoacJ/_old 2019-11-30 10:40:41.924148281 +0100 +++ /var/tmp/diff_new_pack.ZjoacJ/_new 2019-11-30 10:40:41.928148281 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-actionpack-5.2 -Version:5.2.3 +Version:5.2.4 Release:0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} ++ actionpack-5.2.3.gem -> actionpack-5.2.4.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2019-03-28 04:02:01.0 +0100 +++ new/CHANGELOG.md2019-11-27 16:40:09.0 +0100 @@ -1,10 +1,15 @@ +## Rails 5.2.4 (November 27, 2019) ## + +* No changes. + + ## Rails 5.2.3 (March 27, 2019) ## -* Allow using combine the Cache Control `public` and `no-cache` headers. +* Allow using `public` and `no-cache` together in the the Cache Control header. -Before this change, even if `public` was specified for Cache Control header, -it was excluded when `no-cache` was included. This fixed to keep `public` -header as is. +Before this change, even if `public` was specified in the Cache Control header, +it was excluded when `no-cache` was included. This change preserves the +`public` value as is. Fixes #34780. @@ -186,6 +191,34 @@ * Matches behavior of `Hash#each` in `ActionController::Parameters#each`. +Rails 5.0 introduced a bug when looping through controller params using `each`. Only the keys of params hash were passed to the block, e.g. + +# Parameters: {"param"=>"1", "param_two"=>"2"} +def index + params.each do |name| +puts name + end +end + +# Prints +# param +# param_two + +In Rails 5.2 the bug has been fixed and name will be an array (which was the behavior for all versions prior to 5.0), instead of a string. + +To fix the code above simply change as per example below: + +# Parameters: {"param"=>"1", "param_two"=>"2"} +def index + params.each do |name, value| +puts name + end +end + +# Prints +# param +# param_two + *Dominic Cleal* * Add `Referrer-Policy` header to default headers set. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_controller/metal/params_wrapper.rb new/lib/action_controller/metal/params_wrapper.rb --- old/lib/action_controller/metal/params_wrapper.rb 2019-03-28 04:02:01.0 +0100 +++ new/lib/action_controller/metal/params_wrapper.rb 2019-11-27 16:40:09.0 +0100 @@ -93,7 +93,7 @@ end def model -super || synchronize { super || self.model = _default_wrap_model } +super || self.model = _default_wrap_model end def include @@ -115,7 +115,7 @@ if m.respond_to?(:nested_attributes_options) && m.nested_attributes_options.keys.any? self.include += m.nested_attributes_options.keys.map do |key| - key.to_s.concat("_attributes") + key.to_s.dup.concat("_attributes") end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_controller/metal.rb new/lib/action_controller/metal.rb --- old/lib/action_controller/metal.rb 2019-03-28 04:02:01.0 +0100 +++ new/lib/action_controller/metal.rb 2019-11-27 16:40:09.0 +0100 @@ -26,10 +26,10 @@ end end -def build(action, app = Proc.new) +def build(action, app = nil, &block) action = action.to_s -
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionpack-5.2 for openSUSE:Factory checked in at 2019-04-01 12:35:46 Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.25356 (New) Package is "rubygem-actionpack-5.2" Mon Apr 1 12:35:46 2019 rev:6 rq:689677 version:5.2.3 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes 2019-03-14 15:03:49.235632002 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.25356/rubygem-actionpack-5.2.changes 2019-04-01 12:35:47.609839570 +0200 @@ -1,0 +2,22 @@ +Fri Mar 29 05:49:58 UTC 2019 - Stephan Kulow + +- updated to version 5.2.3 + see installed CHANGELOG.md + + ## Rails 5.2.3 (March 27, 2019) ## + + * Allow using combine the Cache Control `public` and `no-cache` headers. + + Before this change, even if `public` was specified for Cache Control header, + it was excluded when `no-cache` was included. This fixed to keep `public` + header as is. + + Fixes #34780. + + *Yuji Yaginuma* + + * Allow `nil` params for `ActionController::TestCase`. + + *Ryo Nakamura* + +--- Old: actionpack-5.2.2.1.gem New: actionpack-5.2.3.gem Other differences: -- ++ rubygem-actionpack-5.2.spec ++ --- /var/tmp/diff_new_pack.o2hqOm/_old 2019-04-01 12:35:48.621840064 +0200 +++ /var/tmp/diff_new_pack.o2hqOm/_new 2019-04-01 12:35:48.621840064 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-actionpack-5.2 -Version:5.2.2.1 +Version:5.2.3 Release:0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} @@ -36,9 +36,9 @@ %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} +BuildRequires: ruby-macros >= 5 Url:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml ++ actionpack-5.2.2.1.gem -> actionpack-5.2.3.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2019-03-13 17:47:18.0 +0100 +++ new/CHANGELOG.md2019-03-28 04:02:01.0 +0100 @@ -1,3 +1,20 @@ +## Rails 5.2.3 (March 27, 2019) ## + +* Allow using combine the Cache Control `public` and `no-cache` headers. + +Before this change, even if `public` was specified for Cache Control header, +it was excluded when `no-cache` was included. This fixed to keep `public` +header as is. + +Fixes #34780. + +*Yuji Yaginuma* + +* Allow `nil` params for `ActionController::TestCase`. + +*Ryo Nakamura* + + ## Rails 5.2.2.1 (March 11, 2019) ## * No changes. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_controller/test_case.rb new/lib/action_controller/test_case.rb --- old/lib/action_controller/test_case.rb 2019-03-13 17:47:18.0 +0100 +++ new/lib/action_controller/test_case.rb 2019-03-28 04:02:01.0 +0100 @@ -457,7 +457,7 @@ # respectively which will make tests more expressive. # # Note that the request method is not verified. - def process(action, method: "GET", params: {}, session: nil, body: nil, flash: {}, format: nil, xhr: false, as: nil) + def process(action, method: "GET", params: nil, session: nil, body: nil, flash: {}, format: nil, xhr: false, as: nil) check_required_ivars http_method = method.to_s.upcase @@ -485,7 +485,7 @@ format ||= as end -parameters = params.symbolize_keys +parameters = (params || {}).symbolize_keys if format parameters[:format] = format diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_dispatch/http/cache.rb new/lib/action_dispatch/http/cache.rb --- old/lib/action_dispatch/http/cache.rb 2019-03-13 17:47:18.0 +0100 +++ new/lib/action_dispatch/http/cache.rb 2019-03-28 04:02:01.0 +0100 @@ -197,10 +197,12 @@ if control.empty? # Let middleware handle de
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionpack-5.2 for openSUSE:Factory checked in at 2019-03-14 15:03:43 Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.28833 (New) Package is "rubygem-actionpack-5.2" Thu Mar 14 15:03:43 2019 rev:5 rq:684893 version:5.2.2.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes 2019-01-21 10:27:34.509604288 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.28833/rubygem-actionpack-5.2.changes 2019-03-14 15:03:49.235632002 +0100 @@ -1,0 +2,17 @@ +Thu Mar 14 03:44:21 UTC 2019 - Marcus Rueckert + +- update to version 5.2.2.1: + https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ + CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 + +--- +Sat Jan 19 19:50:56 UTC 2019 - Marcus Rueckert + +- rb_build_ruby_abi needs to be rb_build_ruby_abis + +--- +Fri Jan 18 16:24:32 UTC 2019 - Marcus Rueckert + +- limit to ruby 2.5 and above for 42.3/sle12 + +--- Old: actionpack-5.2.2.gem New: actionpack-5.2.2.1.gem Other differences: -- ++ rubygem-actionpack-5.2.spec ++ --- /var/tmp/diff_new_pack.X9lZdy/_old 2019-03-14 15:03:50.715631064 +0100 +++ /var/tmp/diff_new_pack.X9lZdy/_new 2019-03-14 15:03:50.719631061 +0100 @@ -1,7 +1,7 @@ # # spec file for package rubygem-actionpack-5.2 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -24,21 +24,21 @@ # Name: rubygem-actionpack-5.2 -Version:5.2.2 +Version:5.2.2.1 Release:0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} %define mod_version_suffix -5.2 # MANUAL %if 0%{?suse_version} && 0%{?suse_version} < 1330 -%define rb_build_versions ruby23 ruby24 ruby25 -%define rb_build_ruby_abi ruby:2.3.0 ruby:2.4.0 ruby:2.5.0 +%define rb_build_versions ruby25 ruby26 +%define rb_build_ruby_abis ruby:2.5.0 ruby:2.6.0 %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} -BuildRequires: ruby-macros >= 5 Url:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml ++ actionpack-5.2.2.gem -> actionpack-5.2.2.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2018-12-04 19:12:06.0 +0100 +++ new/CHANGELOG.md2019-03-13 17:47:18.0 +0100 @@ -1,3 +1,8 @@ +## Rails 5.2.2.1 (March 11, 2019) ## + +* No changes. + + ## Rails 5.2.2 (December 04, 2018) ## * Reset Capybara sessions if failed system test screenshot raising an exception. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_dispatch/http/mime_negotiation.rb new/lib/action_dispatch/http/mime_negotiation.rb --- old/lib/action_dispatch/http/mime_negotiation.rb2018-12-04 19:12:07.0 +0100 +++ new/lib/action_dispatch/http/mime_negotiation.rb2019-03-13 17:47:18.0 +0100 @@ -74,6 +74,11 @@ else [Mime[:html]] end + + v = v.select do |format| +format.symbol || format.ref == "*/*" + end + set_header k, v end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_dispatch/middleware/session/cookie_store.rb new/lib/action_dispatch/middleware/session/cookie_store.rb --- old/lib/action_dispatch/middleware/session/cookie_store.rb 2018-12-04 19:12:07.0 +0100 +++ new/lib/action_dispatch/middleware/session/cookie_store.rb 2019-03-13 17:47:18.0 +0100 @@ -29,9 +29,10 @@ # # Rails.application.config.session_store :cookie_store, key: '_your_app_session'
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionpack-5.2 for openSUSE:Factory checked in at 2019-01-21 10:27:32 Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.28833 (New) Package is "rubygem-actionpack-5.2" Mon Jan 21 10:27:32 2019 rev:4 rq:656406 version:5.2.2 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes 2018-12-06 12:18:02.353473276 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.28833/rubygem-actionpack-5.2.changes 2019-01-21 10:27:34.509604288 +0100 @@ -1,0 +2,50 @@ +Sat Dec 8 16:12:29 UTC 2018 - Stephan Kulow + +- updated to version 5.2.2 + see installed CHANGELOG.md + + ## Rails 5.2.2 (December 04, 2018) ## + + * Reset Capybara sessions if failed system test screenshot raising an exception. + + Reset Capybara sessions if `take_failed_screenshot` raise exception + in system test `after_teardown`. + + *Maxim Perepelitsa* + + * Use request object for context if there's no controller + + There is no controller instance when using a redirect route or a + mounted rack application so pass the request object as the context + when resolving dynamic CSP sources in this scenario. + + Fixes #34200. + + *Andrew White* + + * Apply mapping to symbols returned from dynamic CSP sources + + Previously if a dynamic source returned a symbol such as :self it + would be converted to a string implicity, e.g: + + policy.default_src -> { :self } + + would generate the header: + + Content-Security-Policy: default-src self + + and now it generates: + + Content-Security-Policy: default-src 'self' + + *Andrew White* + + * Fix `rails routes -c` for controller name consists of multiple word. + + *Yoshiyuki Kinjo* + + * Call the `#redirect_to` block in controller context. + + *Steven Peckins* + +--- Old: actionpack-5.2.1.1.gem New: actionpack-5.2.2.gem Other differences: -- ++ rubygem-actionpack-5.2.spec ++ --- /var/tmp/diff_new_pack.2i9Bb5/_old 2019-01-21 10:27:34.977603775 +0100 +++ /var/tmp/diff_new_pack.2i9Bb5/_new 2019-01-21 10:27:34.981603771 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: rubygem-actionpack-5.2 -Version:5.2.1.1 +Version:5.2.2 Release:0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} @@ -36,9 +36,9 @@ %endif # /MANUAL BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: ruby-macros >= 5 BuildRequires: %{ruby >= 2.2.2} BuildRequires: %{rubygem gem2rpm} +BuildRequires: ruby-macros >= 5 Url:http://rubyonrails.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1:gem2rpm.yml ++ actionpack-5.2.1.1.gem -> actionpack-5.2.2.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2018-11-27 21:12:20.0 +0100 +++ new/CHANGELOG.md2018-12-04 19:12:06.0 +0100 @@ -1,3 +1,48 @@ +## Rails 5.2.2 (December 04, 2018) ## + +* Reset Capybara sessions if failed system test screenshot raising an exception. + +Reset Capybara sessions if `take_failed_screenshot` raise exception +in system test `after_teardown`. + +*Maxim Perepelitsa* + +* Use request object for context if there's no controller + +There is no controller instance when using a redirect route or a +mounted rack application so pass the request object as the context +when resolving dynamic CSP sources in this scenario. + +Fixes #34200. + +*Andrew White* + +* Apply mapping to symbols returned from dynamic CSP sources + +Previously if a dynamic source returned a symbol such as :self it +would be converted to a string implicity, e.g: + +policy.default_src -> { :self } + +would generate the header: + +Content-Security-Policy: default-src self + +and now it generates: + +Content-Security-Policy: default-src 'self' + +*Andrew White* + +* Fix `rails routes -c` for controller name consists of multiple word. + +*Yoshiyuki Kinjo* + +* Call the `#redirect_to` block in controller context. + +*Steven Peckins*
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionpack-5.2 for openSUSE:Factory checked in at 2018-12-06 12:18:00 Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.19453 (New) Package is "rubygem-actionpack-5.2" Thu Dec 6 12:18:00 2018 rev:3 rq:655332 version:5.2.1.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes 2018-08-12 20:53:14.977208684 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.19453/rubygem-actionpack-5.2.changes 2018-12-06 12:18:02.353473276 +0100 @@ -1,0 +2,7 @@ +Mon Dec 3 06:18:31 UTC 2018 - mschnit...@suse.com + +- updated to version 5.2.1.1 (boo#1118076) + + * No changes / Just a version bump to match with Rails 5.2.1.1 + +--- Old: actionpack-5.2.1.gem New: actionpack-5.2.1.1.gem Other differences: -- ++ rubygem-actionpack-5.2.spec ++ --- /var/tmp/diff_new_pack.3D0QOL/_old 2018-12-06 12:18:03.329472228 +0100 +++ /var/tmp/diff_new_pack.3D0QOL/_new 2018-12-06 12:18:03.333472224 +0100 @@ -24,7 +24,7 @@ # Name: rubygem-actionpack-5.2 -Version:5.2.1 +Version:5.2.1.1 Release:0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} ++ actionpack-5.2.1.gem -> actionpack-5.2.1.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2018-08-07 23:42:07.0 +0200 +++ new/CHANGELOG.md2018-11-27 21:12:20.0 +0100 @@ -1,3 +1,8 @@ +## Rails 5.2.1.1 (November 27, 2018) ## + +* No changes. + + ## Rails 5.2.1 (August 07, 2018) ## * Prevent `?null=` being passed on JSON encoded test requests. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_pack/gem_version.rb new/lib/action_pack/gem_version.rb --- old/lib/action_pack/gem_version.rb 2018-08-07 23:42:07.0 +0200 +++ new/lib/action_pack/gem_version.rb 2018-11-27 21:12:20.0 +0100 @@ -10,7 +10,7 @@ MAJOR = 5 MINOR = 2 TINY = 1 -PRE = nil +PRE = "1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata2018-08-07 23:42:07.0 +0200 +++ new/metadata2018-11-27 21:12:20.0 +0100 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: actionpack version: !ruby/object:Gem::Version - version: 5.2.1 + version: 5.2.1.1 platform: ruby authors: - David Heinemeier Hansson autorequire: bindir: bin cert_chain: [] -date: 2018-08-07 00:00:00.0 Z +date: 2018-11-27 00:00:00.0 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -16,14 +16,14 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 - !ruby/object:Gem::Dependency name: rack requirement: !ruby/object:Gem::Requirement @@ -92,28 +92,28 @@ requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 - !ruby/object:Gem::Dependency name: activemodel requirement: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 type: :development prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - '=' - !ruby/object:Gem::Version -version: 5.2.1 +version: 5.2.1.1 description: Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server. email: da...@loudthinking.com @@ -293,8 +293,8 @@ licenses: - MIT metadata: - source_code_uri: https://github.com/rails/rails/tree/v5.2.1/actionpack - changelog_uri: https://github.com/rails/rails/blob/v5.2.1/actionpack/CHANGELOG.md + source_code_uri: https://github.com/rails/rails/tree/v5.2.1.1/actionpack + c
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community, here is the log from the commit of package rubygem-actionpack-5.2 for openSUSE:Factory checked in at 2018-08-12 20:53:14 Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old) and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new (New) Package is "rubygem-actionpack-5.2" Sun Aug 12 20:53:14 2018 rev:2 rq:628580 version:5.2.1 Changes: --- /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes 2018-07-18 22:47:11.160304498 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new/rubygem-actionpack-5.2.changes 2018-08-12 20:53:14.977208684 +0200 @@ -1,0 +2,42 @@ +Wed Aug 8 14:44:15 UTC 2018 - mschnit...@suse.com + +- updated to version 5.2.1 (boo#1104209) + + * Prevent `?null=` being passed on JSON encoded test requests. + +`RequestEncoder#encode_params` won't attempt to parse params if +there are none. + +So call like this will no longer append a `?null=` query param. + +get foos_url, as: :json + +(Alireza Bashiri) + * Ensure `ActionController::Parameters#transform_values` and +`ActionController::Parameters#transform_values!` converts hashes into +parameters. +(Kevin Sjöberg) + * Fix strong parameters `permit!` with nested arrays. + +Given: +``` +params = ActionController::Parameters.new(nested_arrays: [[{ x: 2, y: 3 }, { x: 21, y: 42 }]]) +params.permit! +``` + +`params[:nested_arrays][0][0].permitted?` will now return `true` instead of `false`. +(Steve Hull) + * Reset `RAW_POST_DATA` and `CONTENT_LENGTH` request environment between test requests in +`ActionController::TestCase` subclasses. +(Eugene Kenny) + * Output only one Content-Security-Policy nonce header value per request. +Fixes #32597. +(Andrey Novikov, Andrew White) + * Only disable GPUs for headless Chrome on Windows. +It is not necessary anymore for Linux and macOS machines. +https://bugs.chromium.org/p/chromium/issues/detail?id=737678#c1 +(Stefan Wrobel) + * Fix system tests transactions not closed between examples. +(Sergey Tarasov) + +--- Old: actionpack-5.2.0.gem New: actionpack-5.2.1.gem Other differences: -- ++ rubygem-actionpack-5.2.spec ++ --- /var/tmp/diff_new_pack.DTxjPU/_old 2018-08-12 20:53:15.341209422 +0200 +++ /var/tmp/diff_new_pack.DTxjPU/_new 2018-08-12 20:53:15.341209422 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-actionpack-5.2 -Version:5.2.0 +Version:5.2.1 Release:0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} ++ actionpack-5.2.0.gem -> actionpack-5.2.1.gem ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md2018-04-09 22:04:33.0 +0200 +++ new/CHANGELOG.md2018-08-07 23:42:07.0 +0200 @@ -1,3 +1,58 @@ +## Rails 5.2.1 (August 07, 2018) ## + +* Prevent `?null=` being passed on JSON encoded test requests. + +`RequestEncoder#encode_params` won't attempt to parse params if +there are none. + +So call like this will no longer append a `?null=` query param. + +get foos_url, as: :json + +*Alireza Bashiri* + +* Ensure `ActionController::Parameters#transform_values` and +`ActionController::Parameters#transform_values!` converts hashes into +parameters. + +*Kevin Sjöberg* + +* Fix strong parameters `permit!` with nested arrays. + +Given: +``` +params = ActionController::Parameters.new(nested_arrays: [[{ x: 2, y: 3 }, { x: 21, y: 42 }]]) +params.permit! +``` + +`params[:nested_arrays][0][0].permitted?` will now return `true` instead of `false`. + +*Steve Hull* + +* Reset `RAW_POST_DATA` and `CONTENT_LENGTH` request environment between test requests in +`ActionController::TestCase` subclasses. + +*Eugene Kenny* + +* Output only one Content-Security-Policy nonce header value per request. + +Fixes #32597. + +*Andrey Novikov*, *Andrew White* + +* Only disable GPUs for headless Chrome on Windows. + +It is not necessary anymore for Linux and macOS machines. + +https://bugs.chromium.org/p/chromium/issues/detail?id=737678#c1 + +*Stefan Wrobel* + +* Fix system tests transactions not closed between examples. + +*Sergey Tarasov* + + ## Rails 5.2.0 (April 09, 2018) ## * Check exclude before flagging cookies as secure. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/action_controller/metal/request_forgery