diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | activesupport-CVE-2012-1098-safe-buffer-slice.patch | 194 | ||||
| -rw-r--r-- | activesupport-add-bigdecimal-dependency.patch | 6 | ||||
| -rw-r--r-- | rubygem-activesupport.spec | 21 | ||||
| -rw-r--r-- | sources | 4 |
5 files changed, 18 insertions, 209 deletions
@@ -9,3 +9,5 @@ activesupport-2.3.8.gem /activesupport-3.0.10.gem /activesupport-3.0.11-tests.tgz /activesupport-3.0.11.gem +/activesupport-3.0.13-tests.tgz +/activesupport-3.0.13.gem diff --git a/activesupport-CVE-2012-1098-safe-buffer-slice.patch b/activesupport-CVE-2012-1098-safe-buffer-slice.patch deleted file mode 100644 index 133be11..0000000 --- a/activesupport-CVE-2012-1098-safe-buffer-slice.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 00e632de2bde61425142ef8edc408e8d21ff9134 Mon Sep 17 00:00:00 2001 -From: Aaron Patterson <aaron.patterson@gmail.com> -Date: Wed, 29 Feb 2012 16:37:30 -0800 -Subject: [PATCH] Squashed commit of the following: -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -commit 917fd1a03845f4eedaccbc338f9d7524e98d45ee -Author: José Valim <jose.valim@gmail.com> -Date: Wed Feb 29 22:30:51 2012 +0100 - - Ensure [] respects the status of the buffer. - -commit 6adc41789017682306181e3db5b30337fe450bcc -Author: Akira Matsuda <ronnie@dio.jp> -Date: Mon Feb 13 17:57:05 2012 +0900 - - use AS::SafeBuffer#clone_empty for flushing the output_buffer - -commit e50ee96a0b37e7c5adfc555edd402ad04cc159f1 -Author: Akira Matsuda <ronnie@dio.jp> -Date: Mon Feb 13 17:54:58 2012 +0900 - - add AS::SafeBuffer#clone_empty ---- - .../lib/action_view/helpers/capture_helper.rb | 2 +- - .../core_ext/string/output_safety.rb | 50 ++++++++++++------- - activesupport/test/safe_buffer_test.rb | 46 ++++++++++++++++-- - 3 files changed, 74 insertions(+), 24 deletions(-) - -diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb -index 266f028..c0efe37 100644 ---- a/activesupport/lib/active_support/core_ext/string/output_safety.rb -+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb -@@ -85,23 +85,41 @@ module ActiveSupport #:nodoc: - end - end - -+ def [](*args) -+ return super if args.size < 2 -+ -+ if html_safe? -+ new_safe_buffer = super -+ new_safe_buffer.instance_eval { @html_safe = true } -+ new_safe_buffer -+ else -+ to_str[*args] -+ end -+ end -+ - def safe_concat(value) -- raise SafeConcatError if dirty? -+ raise SafeConcatError unless html_safe? - original_concat(value) - end - - def initialize(*) -- @dirty = false -+ @html_safe = true - super - end - - def initialize_copy(other) - super -- @dirty = other.dirty? -+ @html_safe = other.html_safe? -+ end -+ -+ def clone_empty -+ new_safe_buffer = self[0, 0] -+ new_safe_buffer.instance_variable_set(:@dirty, @dirty) -+ new_safe_buffer - end - - def concat(value) -- if dirty? || value.html_safe? -+ if !html_safe? || value.html_safe? - super(value) - else - super(ERB::Util.h(value)) -@@ -114,7 +132,7 @@ module ActiveSupport #:nodoc: - end - - def html_safe? -- !dirty? -+ defined?(@html_safe) && @html_safe - end - - def to_s -@@ -132,23 +150,17 @@ module ActiveSupport #:nodoc: - for unsafe_method in UNSAFE_STRING_METHODS - if 'String'.respond_to?(unsafe_method) - class_eval <<-EOT, __FILE__, __LINE__ + 1 -- def #{unsafe_method}(*args) -- super.to_str -- end -- -- def #{unsafe_method}!(*args) -- @dirty = true -- super -- end -+ def #{unsafe_method}(*args, &block) # def capitalize(*args, &block) -+ to_str.#{unsafe_method}(*args, &block) # to_str.capitalize(*args, &block) -+ end # end -+ -+ def #{unsafe_method}!(*args) # def capitalize!(*args) -+ @html_safe = false # @html_safe = false -+ super # super -+ end # end - EOT - end - end -- -- protected -- -- def dirty? -- @dirty -- end - end - end - -diff --git a/activesupport/test/safe_buffer_test.rb b/activesupport/test/safe_buffer_test.rb -index 77ea273..894be1b 100644 ---- a/activesupport/test/safe_buffer_test.rb -+++ b/activesupport/test/safe_buffer_test.rb -@@ -65,22 +65,60 @@ class SafeBufferTest < ActiveSupport::TestCase - assert_equal "hello<>", clean + @buffer - end - -- test "Should concat as a normal string when dirty" do -- dirty = @buffer -+ test "Should concat as a normal string when safe" do - clean = "hello".html_safe - @buffer.gsub!('', '<>') - assert_equal "<>hello", @buffer + clean - end - -- test "Should preserve dirty? status on copy" do -+ test "Should preserve html_safe? status on copy" do - @buffer.gsub!('', '<>') - assert !@buffer.dup.html_safe? - end - -- test "Should raise an error when safe_concat is called on dirty buffers" do -+ test "Should return safe buffer when added with another safe buffer" do -+ clean = "<script>".html_safe -+ result_buffer = @buffer + clean -+ assert result_buffer.html_safe? -+ assert_equal "<script>", result_buffer -+ end -+ -+ test "Should raise an error when safe_concat is called on unsafe buffers" do - @buffer.gsub!('', '<>') - assert_raise ActiveSupport::SafeBuffer::SafeConcatError do - @buffer.safe_concat "BUSTED" - end - end -+ -+ test "Should not fail if the returned object is not a string" do -+ assert_kind_of NilClass, @buffer.slice("chipchop") -+ end -+ -+ test "clone_empty returns an empty buffer" do -+ assert_equal '', ActiveSupport::SafeBuffer.new('foo').clone_empty -+ end -+ -+ test "clone_empty keeps the original dirtyness" do -+ assert @buffer.clone_empty.html_safe? -+ assert !@buffer.gsub!('', '').clone_empty.html_safe? -+ end -+ -+ test "Should be safe when sliced if original value was safe" do -+ new_buffer = @buffer[0,0] -+ assert_not_nil new_buffer -+ assert new_buffer.html_safe?, "should be safe" -+ end -+ -+ test "Should continue unsafe on slice" do -+ x = 'foo'.html_safe.gsub!('f', '<script>alert("lolpwnd");</script>') -+ -+ # calling gsub! makes the dirty flag true -+ assert !x.html_safe?, "should not be safe" -+ -+ # getting a slice of it -+ y = x[0..-1] -+ -+ # should still be unsafe -+ assert !y.html_safe?, "should not be safe" -+ end - end --- -1.7.6 - diff --git a/activesupport-add-bigdecimal-dependency.patch b/activesupport-add-bigdecimal-dependency.patch index 55b0cb4..b3d24db 100644 --- a/activesupport-add-bigdecimal-dependency.patch +++ b/activesupport-add-bigdecimal-dependency.patch @@ -1,7 +1,7 @@ -diff --git a/specifications/activesupport-3.0.11.gemspec.orig b/specifications/activesupport-3.0.11.gemspec +diff --git a/specifications/activesupport-3.0.13.gemspec.orig b/specifications/activesupport-3.0.13.gemspec index 0277593..ef9b71d 100644 ---- a/specifications/activesupport-3.0.11.gemspec.orig -+++ b/specifications/activesupport-3.0.11.gemspec +--- a/specifications/activesupport-3.0.13.gemspec.orig ++++ b/specifications/activesupport-3.0.13.gemspec @@ -20,8 +20,11 @@ Gem::Specification.new do |s| s.specification_version = 3 diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec index b13b66d..6b0b446 100644 --- a/rubygem-activesupport.spec +++ b/rubygem-activesupport.spec @@ -6,8 +6,8 @@ Summary: Support and utility classes used by the Rails framework Name: rubygem-%{gem_name} Epoch: 1 -Version: 3.0.11 -Release: 5%{?dist} +Version: 3.0.13 +Release: 1%{?dist} Group: Development/Languages License: MIT URL: http://www.rubyonrails.org @@ -18,8 +18,8 @@ Source0: http://rubygems.org/downloads/activesupport-%{version}.gem # Rails rpms, you may check it out like so # git clone http://github.com/rails/rails.git # cd rails/activesupport/ -# git checkout v3.0.11 -# tar czvf activesupport-3.0.11-tests.tgz test/ +# git checkout v3.0.13 +# tar czvf activesupport-3.0.13-tests.tgz test/ Source2: activesupport-%{version}-tests.tgz # Removes code which breaks the test suite due to a @@ -30,10 +30,6 @@ Patch1: activesupport-tests-fix.patch # is in Fedora http://bugzilla.redhat.com/show_bug.cgi?id=668822 Patch2: activesupport-remove-memcache-build-dep.patch -# Fixes CVE-2012-1098 -# https://bugzilla.redhat.com/show_bug.cgi?id=799275 -Patch3: activesupport-CVE-2012-1098-safe-buffer-slice.patch - # We need to add the bigdecimal dependency to gemspec, otherwise it won't be # loaded. The reason for this is unbundling it from ruby libdir and moving # it under %%{gem_dir} (therefore if not in Gemfile, it won't be found). @@ -73,7 +69,6 @@ tar xzvf %{SOURCE2} -C .%{gem_instdir} pushd .%{gem_instdir} %patch1 -p0 %patch2 -p0 -%patch3 -p2 popd pushd .%{gem_dir} @@ -89,11 +84,14 @@ cp -a .%{gem_dir}/* %{buildroot}%{gem_dir} %check pushd %{buildroot}%{gem_instdir} +# Test fails with newer mocha. Keep with older one is not solution. +# https://github.com/rails/rails/pull/6046 +sed -i '35,41 s|^|#|' test/whiny_nil_test.rb + ruby -Itest -e "Dir.glob('./test/**/*_test.rb').each {|t| require t}" popd %files -%defattr(-, root, root, -) %dir %{gem_instdir} %doc %{gem_instdir}/CHANGELOG %{gem_libdir} @@ -105,6 +103,9 @@ popd %changelog +* Fri Jun 01 2012 Vít Ondruch <vondruch@redhat.com> - 1:3.0.13-1 +- Update to ActiveSupport 3.0.13. + * Wed Apr 18 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1:3.0.11-5 - Add the bigdecimal dependency to gemspec. @@ -1,2 +1,2 @@ -4c658e371610208a6956afd007b48e35 activesupport-3.0.11-tests.tgz -8daae4e695fb7e3e3e7edc02662bd04b activesupport-3.0.11.gem +851a9bccf9699e1a5a60888b2851f362 activesupport-3.0.13-tests.tgz +9f84d4c31709f79fd6e12aa89e8b8162 activesupport-3.0.13.gem |