commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community,
here is the log from the commit of package rubygem-actionpack-5.2 for
openSUSE:Factory checked in at 2020-10-05 19:29:14
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.4249 (New)
Package is "rubygem-actionpack-5.2"
Mon Oct 5 19:29:14 2020 rev:10 rq:838011 version:5.2.4.4
Changes:
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes
2020-05-11 13:38:02.596701199 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.4249/rubygem-actionpack-5.2.changes
2020-10-05 19:29:16.656493745 +0200
@@ -1,0 +2,19 @@
+Fri Sep 25 13:19:36 UTC 2020 - Stephan Kulow
+
+updated to version 5.2.4.4
+ see installed CHANGELOG.md
+
+ ## Rails 5.2.4.4 (September 09, 2020) ##
+
+ * No changes.
+
+
+ ## Rails 5.2.4.3 (May 18, 2020) ##
+
+ * [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be
used to reconstruct a per-form token
+
+ * [CVE-2020-8164] Return self when calling #each, #each_pair, and
#each_value instead of the raw @parameters hash
+
+
+
+---
Old:
actionpack-5.2.4.2.gem
New:
actionpack-5.2.4.4.gem
Other differences:
--
++ rubygem-actionpack-5.2.spec ++
--- /var/tmp/diff_new_pack.BxR3AZ/_old 2020-10-05 19:29:17.372494437 +0200
+++ /var/tmp/diff_new_pack.BxR3AZ/_new 2020-10-05 19:29:17.376494441 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-5.2
-Version:5.2.4.2
+Version:5.2.4.4
Release:0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
++ actionpack-5.2.4.2.gem -> actionpack-5.2.4.4.gem ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md2020-03-19 17:37:03.0 +0100
+++ new/CHANGELOG.md2020-09-09 20:34:59.0 +0200
@@ -1,3 +1,15 @@
+## Rails 5.2.4.4 (September 09, 2020) ##
+
+* No changes.
+
+
+## Rails 5.2.4.3 (May 18, 2020) ##
+
+* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be
used to reconstruct a per-form token
+
+* [CVE-2020-8164] Return self when calling #each, #each_pair, and
#each_value instead of the raw @parameters hash
+
+
## Rails 5.2.4.1 (December 18, 2019) ##
* Fix possible information leak / session hijacking vulnerability.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/action_controller/metal/request_forgery_protection.rb
new/lib/action_controller/metal/request_forgery_protection.rb
--- old/lib/action_controller/metal/request_forgery_protection.rb
2020-03-19 17:37:03.0 +0100
+++ new/lib/action_controller/metal/request_forgery_protection.rb
2020-09-09 20:34:59.0 +0200
@@ -318,13 +318,15 @@
action_path = normalize_action_path(action)
per_form_csrf_token(session, action_path, method)
else
- real_csrf_token(session)
+ global_csrf_token(session)
end
one_time_pad = SecureRandom.random_bytes(AUTHENTICITY_TOKEN_LENGTH)
encrypted_csrf_token = xor_byte_strings(one_time_pad, raw_token)
masked_token = one_time_pad + encrypted_csrf_token
-Base64.strict_encode64(masked_token)
+Base64.urlsafe_encode64(masked_token, padding: false)
+
+mask_token(raw_token)
end
# Checks the client's masked token to see if it matches the
@@ -354,7 +356,8 @@
elsif masked_token.length == AUTHENTICITY_TOKEN_LENGTH * 2
csrf_token = unmask_token(masked_token)
- compare_with_real_token(csrf_token, session) ||
+ compare_with_global_token(csrf_token, session) ||
+compare_with_real_token(csrf_token, session) ||
valid_per_form_csrf_token?(csrf_token, session)
else
false # Token is malformed.
@@ -369,10 +372,21 @@
xor_byte_strings(one_time_pad, encrypted_csrf_token)
end
+ def mask_token(raw_token) # :doc:
+one_time_pad = SecureRandom.random_bytes(AUTHENTICITY_TOKEN_LENGTH)
+encrypted_csrf_token = xor_byte_strings(one_time_pad, raw_token)
+masked_token = one_time_pad + encrypted_csrf_token
+Base64.strict_encode64(masked_token)
+ end
+
def compare_with_real_token(token, session) # :doc:
ActiveSupport::SecurityUtils.fixed_length_secure_compare(token,
real_csrf_token(session))
end
+ def compare_with_global_token(token, session) # :doc:
+ActiveSu
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community,
here is the log from the commit of package rubygem-actionpack-5.2 for
openSUSE:Factory checked in at 2020-05-11 13:38:00
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.2738 (New)
Package is "rubygem-actionpack-5.2"
Mon May 11 13:38:00 2020 rev:9 rq:802310 version:5.2.4.2
Changes:
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes
2019-12-23 22:47:36.466071274 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.2738/rubygem-actionpack-5.2.changes
2020-05-11 13:38:02.596701199 +0200
@@ -1,0 +2,6 @@
+Thu May 7 19:58:11 UTC 2020 - Stephan Kulow
+
+- updated to version 5.2.4.2
+ see installed CHANGELOG.md
+
+---
Old:
actionpack-5.2.4.1.gem
New:
actionpack-5.2.4.2.gem
Other differences:
--
++ rubygem-actionpack-5.2.spec ++
--- /var/tmp/diff_new_pack.EOkyVs/_old 2020-05-11 13:38:03.800703723 +0200
+++ /var/tmp/diff_new_pack.EOkyVs/_new 2020-05-11 13:38:03.800703723 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-actionpack-5.2
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-5.2
-Version:5.2.4.1
+Version:5.2.4.2
Release:0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
@@ -36,10 +36,10 @@
%endif
# /MANUAL
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: ruby-macros >= 5
BuildRequires: %{ruby >= 2.2.2}
BuildRequires: %{rubygem gem2rpm}
-Url:http://rubyonrails.org
+BuildRequires: ruby-macros >= 5
+URL:http://rubyonrails.org
Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1:gem2rpm.yml
Summary:Web-flow and rendering framework putting the VC in MVC (part of
++ actionpack-5.2.4.1.gem -> actionpack-5.2.4.2.gem ++
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_pack/gem_version.rb
new/lib/action_pack/gem_version.rb
--- old/lib/action_pack/gem_version.rb 2019-12-18 20:00:16.0 +0100
+++ new/lib/action_pack/gem_version.rb 2020-03-19 17:37:04.0 +0100
@@ -10,7 +10,7 @@
MAJOR = 5
MINOR = 2
TINY = 4
-PRE = "1"
+PRE = "2"
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata2019-12-18 20:00:15.0 +0100
+++ new/metadata2020-03-19 17:37:03.0 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: actionpack
version: !ruby/object:Gem::Version
- version: 5.2.4.1
+ version: 5.2.4.2
platform: ruby
authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-date: 2019-12-18 00:00:00.0 Z
+date: 2020-03-19 00:00:00.0 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -16,14 +16,14 @@
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.4.1
+version: 5.2.4.2
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.4.1
+version: 5.2.4.2
- !ruby/object:Gem::Dependency
name: rack
requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.4.1
+version: 5.2.4.2
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.4.1
+version: 5.2.4.2
- !ruby/object:Gem::Dependency
name: activemodel
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.4.1
+version: 5.2.4.2
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::R
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community,
here is the log from the commit of package rubygem-actionpack-5.2 for
openSUSE:Factory checked in at 2019-12-23 22:44:55
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.6675 (New)
Package is "rubygem-actionpack-5.2"
Mon Dec 23 22:44:55 2019 rev:8 rq:758822 version:5.2.4.1
Changes:
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes
2019-11-30 10:40:40.904148404 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.6675/rubygem-actionpack-5.2.changes
2019-12-23 22:47:36.466071274 +0100
@@ -1,0 +2,6 @@
+Fri Dec 20 15:12:50 UTC 2019 - Marcus Rueckert
+
+- update to version 5.2.4.1 (CVE-2019-16782):
+ https://weblog.rubyonrails.org/2019/12/18/Rails-5-2-4-1-has-been-released/
+
+---
Old:
actionpack-5.2.4.gem
New:
actionpack-5.2.4.1.gem
Other differences:
--
++ rubygem-actionpack-5.2.spec ++
--- /var/tmp/diff_new_pack.C2YfcX/_old 2019-12-23 22:47:37.462071642 +0100
+++ /var/tmp/diff_new_pack.C2YfcX/_new 2019-12-23 22:47:37.470071645 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-5.2
-Version:5.2.4
+Version:5.2.4.1
Release:0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
@@ -36,9 +36,9 @@
%endif
# /MANUAL
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: ruby-macros >= 5
BuildRequires: %{ruby >= 2.2.2}
BuildRequires: %{rubygem gem2rpm}
-BuildRequires: ruby-macros >= 5
Url:http://rubyonrails.org
Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1:gem2rpm.yml
++ actionpack-5.2.4.gem -> actionpack-5.2.4.1.gem ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md2019-11-27 16:40:09.0 +0100
+++ new/CHANGELOG.md2019-12-18 20:00:15.0 +0100
@@ -1,3 +1,13 @@
+## Rails 5.2.4.1 (December 18, 2019) ##
+
+* Fix possible information leak / session hijacking vulnerability.
+
+The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it
requires the
+gem dalli to be updated as well.
+
+CVE-2019-16782.
+
+
## Rails 5.2.4 (November 27, 2019) ##
* No changes.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/action_dispatch/middleware/session/abstract_store.rb
new/lib/action_dispatch/middleware/session/abstract_store.rb
--- old/lib/action_dispatch/middleware/session/abstract_store.rb
2019-11-27 16:40:09.0 +0100
+++ new/lib/action_dispatch/middleware/session/abstract_store.rb
2019-12-18 20:00:16.0 +0100
@@ -83,7 +83,21 @@
include SessionObject
private
+def set_cookie(request, session_id, cookie)
+ request.cookie_jar[key] = cookie
+end
+end
+class AbstractSecureStore < Rack::Session::Abstract::PersistedSecure
+ include Compatibility
+ include StaleSessionCheck
+ include SessionObject
+
+ def generate_sid
+Rack::Session::SessionId.new(super)
+ end
+
+ private
def set_cookie(request, session_id, cookie)
request.cookie_jar[key] = cookie
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/action_dispatch/middleware/session/cache_store.rb
new/lib/action_dispatch/middleware/session/cache_store.rb
--- old/lib/action_dispatch/middleware/session/cache_store.rb 2019-11-27
16:40:09.0 +0100
+++ new/lib/action_dispatch/middleware/session/cache_store.rb 2019-12-18
20:00:16.0 +0100
@@ -12,7 +12,7 @@
# * cache - The cache to use. If it is not specified,
Rails.cache will be used.
# * expire_after - The length of time a session will be stored
before automatically expiring.
# By default, the :expires_in option of the cache is used.
-class CacheStore < AbstractStore
+class CacheStore < AbstractSecureStore
def initialize(app, options = {})
@cache = options[:cache] || Rails.cache
options[:expire_after] ||= @cache.options[:expires_in]
@@ -21,7 +21,7 @@
# Get a session from the cache.
def find
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community,
here is the log from the commit of package rubygem-actionpack-5.2 for
openSUSE:Factory checked in at 2019-11-30 10:39:12
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.26869 (New)
Package is "rubygem-actionpack-5.2"
Sat Nov 30 10:39:12 2019 rev:7 rq:751752 version:5.2.4
Changes:
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes
2019-04-01 12:35:47.609839570 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.26869/rubygem-actionpack-5.2.changes
2019-11-30 10:40:40.904148404 +0100
@@ -1,0 +2,7 @@
+Thu Nov 28 12:52:16 UTC 2019 - Manuel Schnitzer
+
+- updated to version 5.2.4
+
+ * no changes
+
+---
Old:
actionpack-5.2.3.gem
New:
actionpack-5.2.4.gem
Other differences:
--
++ rubygem-actionpack-5.2.spec ++
--- /var/tmp/diff_new_pack.ZjoacJ/_old 2019-11-30 10:40:41.924148281 +0100
+++ /var/tmp/diff_new_pack.ZjoacJ/_new 2019-11-30 10:40:41.928148281 +0100
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-5.2
-Version:5.2.3
+Version:5.2.4
Release:0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
++ actionpack-5.2.3.gem -> actionpack-5.2.4.gem ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md2019-03-28 04:02:01.0 +0100
+++ new/CHANGELOG.md2019-11-27 16:40:09.0 +0100
@@ -1,10 +1,15 @@
+## Rails 5.2.4 (November 27, 2019) ##
+
+* No changes.
+
+
## Rails 5.2.3 (March 27, 2019) ##
-* Allow using combine the Cache Control `public` and `no-cache` headers.
+* Allow using `public` and `no-cache` together in the the Cache Control
header.
-Before this change, even if `public` was specified for Cache Control
header,
-it was excluded when `no-cache` was included. This fixed to keep `public`
-header as is.
+Before this change, even if `public` was specified in the Cache Control
header,
+it was excluded when `no-cache` was included. This change preserves the
+`public` value as is.
Fixes #34780.
@@ -186,6 +191,34 @@
* Matches behavior of `Hash#each` in `ActionController::Parameters#each`.
+Rails 5.0 introduced a bug when looping through controller params using
`each`. Only the keys of params hash were passed to the block, e.g.
+
+# Parameters: {"param"=>"1", "param_two"=>"2"}
+def index
+ params.each do |name|
+puts name
+ end
+end
+
+# Prints
+# param
+# param_two
+
+In Rails 5.2 the bug has been fixed and name will be an array (which was
the behavior for all versions prior to 5.0), instead of a string.
+
+To fix the code above simply change as per example below:
+
+# Parameters: {"param"=>"1", "param_two"=>"2"}
+def index
+ params.each do |name, value|
+puts name
+ end
+end
+
+# Prints
+# param
+# param_two
+
*Dominic Cleal*
* Add `Referrer-Policy` header to default headers set.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_controller/metal/params_wrapper.rb
new/lib/action_controller/metal/params_wrapper.rb
--- old/lib/action_controller/metal/params_wrapper.rb 2019-03-28
04:02:01.0 +0100
+++ new/lib/action_controller/metal/params_wrapper.rb 2019-11-27
16:40:09.0 +0100
@@ -93,7 +93,7 @@
end
def model
-super || synchronize { super || self.model = _default_wrap_model }
+super || self.model = _default_wrap_model
end
def include
@@ -115,7 +115,7 @@
if m.respond_to?(:nested_attributes_options) &&
m.nested_attributes_options.keys.any?
self.include += m.nested_attributes_options.keys.map do |key|
- key.to_s.concat("_attributes")
+ key.to_s.dup.concat("_attributes")
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_controller/metal.rb
new/lib/action_controller/metal.rb
--- old/lib/action_controller/metal.rb 2019-03-28 04:02:01.0 +0100
+++ new/lib/action_controller/metal.rb 2019-11-27 16:40:09.0 +0100
@@ -26,10 +26,10 @@
end
end
-def build(action, app = Proc.new)
+def build(action, app = nil, &block)
action = action.to_s
-
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community,
here is the log from the commit of package rubygem-actionpack-5.2 for
openSUSE:Factory checked in at 2019-04-01 12:35:46
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.25356 (New)
Package is "rubygem-actionpack-5.2"
Mon Apr 1 12:35:46 2019 rev:6 rq:689677 version:5.2.3
Changes:
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes
2019-03-14 15:03:49.235632002 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.25356/rubygem-actionpack-5.2.changes
2019-04-01 12:35:47.609839570 +0200
@@ -1,0 +2,22 @@
+Fri Mar 29 05:49:58 UTC 2019 - Stephan Kulow
+
+- updated to version 5.2.3
+ see installed CHANGELOG.md
+
+ ## Rails 5.2.3 (March 27, 2019) ##
+
+ * Allow using combine the Cache Control `public` and `no-cache` headers.
+
+ Before this change, even if `public` was specified for Cache Control
header,
+ it was excluded when `no-cache` was included. This fixed to keep `public`
+ header as is.
+
+ Fixes #34780.
+
+ *Yuji Yaginuma*
+
+ * Allow `nil` params for `ActionController::TestCase`.
+
+ *Ryo Nakamura*
+
+---
Old:
actionpack-5.2.2.1.gem
New:
actionpack-5.2.3.gem
Other differences:
--
++ rubygem-actionpack-5.2.spec ++
--- /var/tmp/diff_new_pack.o2hqOm/_old 2019-04-01 12:35:48.621840064 +0200
+++ /var/tmp/diff_new_pack.o2hqOm/_new 2019-04-01 12:35:48.621840064 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-5.2
-Version:5.2.2.1
+Version:5.2.3
Release:0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
@@ -36,9 +36,9 @@
%endif
# /MANUAL
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: ruby-macros >= 5
BuildRequires: %{ruby >= 2.2.2}
BuildRequires: %{rubygem gem2rpm}
+BuildRequires: ruby-macros >= 5
Url:http://rubyonrails.org
Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1:gem2rpm.yml
++ actionpack-5.2.2.1.gem -> actionpack-5.2.3.gem ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md2019-03-13 17:47:18.0 +0100
+++ new/CHANGELOG.md2019-03-28 04:02:01.0 +0100
@@ -1,3 +1,20 @@
+## Rails 5.2.3 (March 27, 2019) ##
+
+* Allow using combine the Cache Control `public` and `no-cache` headers.
+
+Before this change, even if `public` was specified for Cache Control
header,
+it was excluded when `no-cache` was included. This fixed to keep `public`
+header as is.
+
+Fixes #34780.
+
+*Yuji Yaginuma*
+
+* Allow `nil` params for `ActionController::TestCase`.
+
+*Ryo Nakamura*
+
+
## Rails 5.2.2.1 (March 11, 2019) ##
* No changes.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_controller/test_case.rb
new/lib/action_controller/test_case.rb
--- old/lib/action_controller/test_case.rb 2019-03-13 17:47:18.0
+0100
+++ new/lib/action_controller/test_case.rb 2019-03-28 04:02:01.0
+0100
@@ -457,7 +457,7 @@
# respectively which will make tests more expressive.
#
# Note that the request method is not verified.
- def process(action, method: "GET", params: {}, session: nil, body: nil,
flash: {}, format: nil, xhr: false, as: nil)
+ def process(action, method: "GET", params: nil, session: nil, body: nil,
flash: {}, format: nil, xhr: false, as: nil)
check_required_ivars
http_method = method.to_s.upcase
@@ -485,7 +485,7 @@
format ||= as
end
-parameters = params.symbolize_keys
+parameters = (params || {}).symbolize_keys
if format
parameters[:format] = format
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_dispatch/http/cache.rb
new/lib/action_dispatch/http/cache.rb
--- old/lib/action_dispatch/http/cache.rb 2019-03-13 17:47:18.0
+0100
+++ new/lib/action_dispatch/http/cache.rb 2019-03-28 04:02:01.0
+0100
@@ -197,10 +197,12 @@
if control.empty?
# Let middleware handle de
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community,
here is the log from the commit of package rubygem-actionpack-5.2 for
openSUSE:Factory checked in at 2019-03-14 15:03:43
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.28833 (New)
Package is "rubygem-actionpack-5.2"
Thu Mar 14 15:03:43 2019 rev:5 rq:684893 version:5.2.2.1
Changes:
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes
2019-01-21 10:27:34.509604288 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.28833/rubygem-actionpack-5.2.changes
2019-03-14 15:03:49.235632002 +0100
@@ -1,0 +2,17 @@
+Thu Mar 14 03:44:21 UTC 2019 - Marcus Rueckert
+
+- update to version 5.2.2.1:
+
https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
+ CVE-2019-5418 CVE-2019-5419 CVE-2019-5420
+
+---
+Sat Jan 19 19:50:56 UTC 2019 - Marcus Rueckert
+
+- rb_build_ruby_abi needs to be rb_build_ruby_abis
+
+---
+Fri Jan 18 16:24:32 UTC 2019 - Marcus Rueckert
+
+- limit to ruby 2.5 and above for 42.3/sle12
+
+---
Old:
actionpack-5.2.2.gem
New:
actionpack-5.2.2.1.gem
Other differences:
--
++ rubygem-actionpack-5.2.spec ++
--- /var/tmp/diff_new_pack.X9lZdy/_old 2019-03-14 15:03:50.715631064 +0100
+++ /var/tmp/diff_new_pack.X9lZdy/_new 2019-03-14 15:03:50.719631061 +0100
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-actionpack-5.2
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@@ -24,21 +24,21 @@
#
Name: rubygem-actionpack-5.2
-Version:5.2.2
+Version:5.2.2.1
Release:0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
%define mod_version_suffix -5.2
# MANUAL
%if 0%{?suse_version} && 0%{?suse_version} < 1330
-%define rb_build_versions ruby23 ruby24 ruby25
-%define rb_build_ruby_abi ruby:2.3.0 ruby:2.4.0 ruby:2.5.0
+%define rb_build_versions ruby25 ruby26
+%define rb_build_ruby_abis ruby:2.5.0 ruby:2.6.0
%endif
# /MANUAL
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: ruby-macros >= 5
BuildRequires: %{ruby >= 2.2.2}
BuildRequires: %{rubygem gem2rpm}
-BuildRequires: ruby-macros >= 5
Url:http://rubyonrails.org
Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1:gem2rpm.yml
++ actionpack-5.2.2.gem -> actionpack-5.2.2.1.gem ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md2018-12-04 19:12:06.0 +0100
+++ new/CHANGELOG.md2019-03-13 17:47:18.0 +0100
@@ -1,3 +1,8 @@
+## Rails 5.2.2.1 (March 11, 2019) ##
+
+* No changes.
+
+
## Rails 5.2.2 (December 04, 2018) ##
* Reset Capybara sessions if failed system test screenshot raising an
exception.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_dispatch/http/mime_negotiation.rb
new/lib/action_dispatch/http/mime_negotiation.rb
--- old/lib/action_dispatch/http/mime_negotiation.rb2018-12-04
19:12:07.0 +0100
+++ new/lib/action_dispatch/http/mime_negotiation.rb2019-03-13
17:47:18.0 +0100
@@ -74,6 +74,11 @@
else
[Mime[:html]]
end
+
+ v = v.select do |format|
+format.symbol || format.ref == "*/*"
+ end
+
set_header k, v
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/action_dispatch/middleware/session/cookie_store.rb
new/lib/action_dispatch/middleware/session/cookie_store.rb
--- old/lib/action_dispatch/middleware/session/cookie_store.rb 2018-12-04
19:12:07.0 +0100
+++ new/lib/action_dispatch/middleware/session/cookie_store.rb 2019-03-13
17:47:18.0 +0100
@@ -29,9 +29,10 @@
#
# Rails.application.config.session_store :cookie_store, key:
'_your_app_session'
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community,
here is the log from the commit of package rubygem-actionpack-5.2 for
openSUSE:Factory checked in at 2019-01-21 10:27:32
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.28833 (New)
Package is "rubygem-actionpack-5.2"
Mon Jan 21 10:27:32 2019 rev:4 rq:656406 version:5.2.2
Changes:
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes
2018-12-06 12:18:02.353473276 +0100
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.28833/rubygem-actionpack-5.2.changes
2019-01-21 10:27:34.509604288 +0100
@@ -1,0 +2,50 @@
+Sat Dec 8 16:12:29 UTC 2018 - Stephan Kulow
+
+- updated to version 5.2.2
+ see installed CHANGELOG.md
+
+ ## Rails 5.2.2 (December 04, 2018) ##
+
+ * Reset Capybara sessions if failed system test screenshot raising an
exception.
+
+ Reset Capybara sessions if `take_failed_screenshot` raise exception
+ in system test `after_teardown`.
+
+ *Maxim Perepelitsa*
+
+ * Use request object for context if there's no controller
+
+ There is no controller instance when using a redirect route or a
+ mounted rack application so pass the request object as the context
+ when resolving dynamic CSP sources in this scenario.
+
+ Fixes #34200.
+
+ *Andrew White*
+
+ * Apply mapping to symbols returned from dynamic CSP sources
+
+ Previously if a dynamic source returned a symbol such as :self it
+ would be converted to a string implicity, e.g:
+
+ policy.default_src -> { :self }
+
+ would generate the header:
+
+ Content-Security-Policy: default-src self
+
+ and now it generates:
+
+ Content-Security-Policy: default-src 'self'
+
+ *Andrew White*
+
+ * Fix `rails routes -c` for controller name consists of multiple word.
+
+ *Yoshiyuki Kinjo*
+
+ * Call the `#redirect_to` block in controller context.
+
+ *Steven Peckins*
+
+---
Old:
actionpack-5.2.1.1.gem
New:
actionpack-5.2.2.gem
Other differences:
--
++ rubygem-actionpack-5.2.spec ++
--- /var/tmp/diff_new_pack.2i9Bb5/_old 2019-01-21 10:27:34.977603775 +0100
+++ /var/tmp/diff_new_pack.2i9Bb5/_new 2019-01-21 10:27:34.981603771 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-5.2
-Version:5.2.1.1
+Version:5.2.2
Release:0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
@@ -36,9 +36,9 @@
%endif
# /MANUAL
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: ruby-macros >= 5
BuildRequires: %{ruby >= 2.2.2}
BuildRequires: %{rubygem gem2rpm}
+BuildRequires: ruby-macros >= 5
Url:http://rubyonrails.org
Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1:gem2rpm.yml
++ actionpack-5.2.1.1.gem -> actionpack-5.2.2.gem ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md2018-11-27 21:12:20.0 +0100
+++ new/CHANGELOG.md2018-12-04 19:12:06.0 +0100
@@ -1,3 +1,48 @@
+## Rails 5.2.2 (December 04, 2018) ##
+
+* Reset Capybara sessions if failed system test screenshot raising an
exception.
+
+Reset Capybara sessions if `take_failed_screenshot` raise exception
+in system test `after_teardown`.
+
+*Maxim Perepelitsa*
+
+* Use request object for context if there's no controller
+
+There is no controller instance when using a redirect route or a
+mounted rack application so pass the request object as the context
+when resolving dynamic CSP sources in this scenario.
+
+Fixes #34200.
+
+*Andrew White*
+
+* Apply mapping to symbols returned from dynamic CSP sources
+
+Previously if a dynamic source returned a symbol such as :self it
+would be converted to a string implicity, e.g:
+
+policy.default_src -> { :self }
+
+would generate the header:
+
+Content-Security-Policy: default-src self
+
+and now it generates:
+
+Content-Security-Policy: default-src 'self'
+
+*Andrew White*
+
+* Fix `rails routes -c` for controller name consists of multiple word.
+
+*Yoshiyuki Kinjo*
+
+* Call the `#redirect_to` block in controller context.
+
+*Steven Peckins*
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community,
here is the log from the commit of package rubygem-actionpack-5.2 for
openSUSE:Factory checked in at 2018-12-06 12:18:00
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.19453 (New)
Package is "rubygem-actionpack-5.2"
Thu Dec 6 12:18:00 2018 rev:3 rq:655332 version:5.2.1.1
Changes:
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes
2018-08-12 20:53:14.977208684 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new.19453/rubygem-actionpack-5.2.changes
2018-12-06 12:18:02.353473276 +0100
@@ -1,0 +2,7 @@
+Mon Dec 3 06:18:31 UTC 2018 - mschnit...@suse.com
+
+- updated to version 5.2.1.1 (boo#1118076)
+
+ * No changes / Just a version bump to match with Rails 5.2.1.1
+
+---
Old:
actionpack-5.2.1.gem
New:
actionpack-5.2.1.1.gem
Other differences:
--
++ rubygem-actionpack-5.2.spec ++
--- /var/tmp/diff_new_pack.3D0QOL/_old 2018-12-06 12:18:03.329472228 +0100
+++ /var/tmp/diff_new_pack.3D0QOL/_new 2018-12-06 12:18:03.333472224 +0100
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-5.2
-Version:5.2.1
+Version:5.2.1.1
Release:0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
++ actionpack-5.2.1.gem -> actionpack-5.2.1.1.gem ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md2018-08-07 23:42:07.0 +0200
+++ new/CHANGELOG.md2018-11-27 21:12:20.0 +0100
@@ -1,3 +1,8 @@
+## Rails 5.2.1.1 (November 27, 2018) ##
+
+* No changes.
+
+
## Rails 5.2.1 (August 07, 2018) ##
* Prevent `?null=` being passed on JSON encoded test requests.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/action_pack/gem_version.rb
new/lib/action_pack/gem_version.rb
--- old/lib/action_pack/gem_version.rb 2018-08-07 23:42:07.0 +0200
+++ new/lib/action_pack/gem_version.rb 2018-11-27 21:12:20.0 +0100
@@ -10,7 +10,7 @@
MAJOR = 5
MINOR = 2
TINY = 1
-PRE = nil
+PRE = "1"
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata2018-08-07 23:42:07.0 +0200
+++ new/metadata2018-11-27 21:12:20.0 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: actionpack
version: !ruby/object:Gem::Version
- version: 5.2.1
+ version: 5.2.1.1
platform: ruby
authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-date: 2018-08-07 00:00:00.0 Z
+date: 2018-11-27 00:00:00.0 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -16,14 +16,14 @@
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.1
+version: 5.2.1.1
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.1
+version: 5.2.1.1
- !ruby/object:Gem::Dependency
name: rack
requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.1
+version: 5.2.1.1
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.1
+version: 5.2.1.1
- !ruby/object:Gem::Dependency
name: activemodel
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.1
+version: 5.2.1.1
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
-version: 5.2.1
+version: 5.2.1.1
description: Web apps on Rails. Simple, battle-tested conventions for building
and
testing MVC web applications. Works with any Rack-compatible server.
email: da...@loudthinking.com
@@ -293,8 +293,8 @@
licenses:
- MIT
metadata:
- source_code_uri: https://github.com/rails/rails/tree/v5.2.1/actionpack
- changelog_uri:
https://github.com/rails/rails/blob/v5.2.1/actionpack/CHANGELOG.md
+ source_code_uri: https://github.com/rails/rails/tree/v5.2.1.1/actionpack
+ c
commit rubygem-actionpack-5.2 for openSUSE:Factory
Hello community,
here is the log from the commit of package rubygem-actionpack-5.2 for
openSUSE:Factory checked in at 2018-08-12 20:53:14
Comparing /work/SRC/openSUSE:Factory/rubygem-actionpack-5.2 (Old)
and /work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new (New)
Package is "rubygem-actionpack-5.2"
Sun Aug 12 20:53:14 2018 rev:2 rq:628580 version:5.2.1
Changes:
---
/work/SRC/openSUSE:Factory/rubygem-actionpack-5.2/rubygem-actionpack-5.2.changes
2018-07-18 22:47:11.160304498 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-actionpack-5.2.new/rubygem-actionpack-5.2.changes
2018-08-12 20:53:14.977208684 +0200
@@ -1,0 +2,42 @@
+Wed Aug 8 14:44:15 UTC 2018 - mschnit...@suse.com
+
+- updated to version 5.2.1 (boo#1104209)
+
+ * Prevent `?null=` being passed on JSON encoded test requests.
+
+`RequestEncoder#encode_params` won't attempt to parse params if
+there are none.
+
+So call like this will no longer append a `?null=` query param.
+
+get foos_url, as: :json
+
+(Alireza Bashiri)
+ * Ensure `ActionController::Parameters#transform_values` and
+`ActionController::Parameters#transform_values!` converts hashes into
+parameters.
+(Kevin Sjöberg)
+ * Fix strong parameters `permit!` with nested arrays.
+
+Given:
+```
+params = ActionController::Parameters.new(nested_arrays: [[{ x: 2, y: 3 },
{ x: 21, y: 42 }]])
+params.permit!
+```
+
+`params[:nested_arrays][0][0].permitted?` will now return `true` instead
of `false`.
+(Steve Hull)
+ * Reset `RAW_POST_DATA` and `CONTENT_LENGTH` request environment between
test requests in
+`ActionController::TestCase` subclasses.
+(Eugene Kenny)
+ * Output only one Content-Security-Policy nonce header value per request.
+Fixes #32597.
+(Andrey Novikov, Andrew White)
+ * Only disable GPUs for headless Chrome on Windows.
+It is not necessary anymore for Linux and macOS machines.
+https://bugs.chromium.org/p/chromium/issues/detail?id=737678#c1
+(Stefan Wrobel)
+ * Fix system tests transactions not closed between examples.
+(Sergey Tarasov)
+
+---
Old:
actionpack-5.2.0.gem
New:
actionpack-5.2.1.gem
Other differences:
--
++ rubygem-actionpack-5.2.spec ++
--- /var/tmp/diff_new_pack.DTxjPU/_old 2018-08-12 20:53:15.341209422 +0200
+++ /var/tmp/diff_new_pack.DTxjPU/_new 2018-08-12 20:53:15.341209422 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-actionpack-5.2
-Version:5.2.0
+Version:5.2.1
Release:0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
++ actionpack-5.2.0.gem -> actionpack-5.2.1.gem ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md2018-04-09 22:04:33.0 +0200
+++ new/CHANGELOG.md2018-08-07 23:42:07.0 +0200
@@ -1,3 +1,58 @@
+## Rails 5.2.1 (August 07, 2018) ##
+
+* Prevent `?null=` being passed on JSON encoded test requests.
+
+`RequestEncoder#encode_params` won't attempt to parse params if
+there are none.
+
+So call like this will no longer append a `?null=` query param.
+
+get foos_url, as: :json
+
+*Alireza Bashiri*
+
+* Ensure `ActionController::Parameters#transform_values` and
+`ActionController::Parameters#transform_values!` converts hashes into
+parameters.
+
+*Kevin Sjöberg*
+
+* Fix strong parameters `permit!` with nested arrays.
+
+Given:
+```
+params = ActionController::Parameters.new(nested_arrays: [[{ x: 2, y: 3 },
{ x: 21, y: 42 }]])
+params.permit!
+```
+
+`params[:nested_arrays][0][0].permitted?` will now return `true` instead
of `false`.
+
+*Steve Hull*
+
+* Reset `RAW_POST_DATA` and `CONTENT_LENGTH` request environment between
test requests in
+`ActionController::TestCase` subclasses.
+
+*Eugene Kenny*
+
+* Output only one Content-Security-Policy nonce header value per request.
+
+Fixes #32597.
+
+*Andrey Novikov*, *Andrew White*
+
+* Only disable GPUs for headless Chrome on Windows.
+
+It is not necessary anymore for Linux and macOS machines.
+
+https://bugs.chromium.org/p/chromium/issues/detail?id=737678#c1
+
+*Stefan Wrobel*
+
+* Fix system tests transactions not closed between examples.
+
+*Sergey Tarasov*
+
+
## Rails 5.2.0 (April 09, 2018) ##
* Check exclude before flagging cookies as secure.
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/action_controller/metal/request_forgery
