summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVít Ondruch <vondruch@redhat.com>2012-06-01 15:56:28 +0200
committerVít Ondruch <vondruch@redhat.com>2012-06-01 15:56:28 +0200
commitaa6ad2871b62f12073169a83b67f979750ea21e1 (patch)
tree08ce171bb4a5dcce23a9f22f4306b53c47217eb8
parentb67d4ee0c39ca696191b9a5c04c4886bd34af4a5 (diff)
downloadrubygem-actionpack-aa6ad2871b62f12073169a83b67f979750ea21e1.zip
rubygem-actionpack-aa6ad2871b62f12073169a83b67f979750ea21e1.tar.gz
rubygem-actionpack-aa6ad2871b62f12073169a83b67f979750ea21e1.tar.xz
Updated to the ActionPack 3.0.13.
-rw-r--r--.gitignore2
-rw-r--r--actionpack-CVE-2012-1098-safe-buffer-slice.patch44
-rw-r--r--actionpack-CVE-2012-1099-select-options-XSS.patch61
-rw-r--r--actionpack-downgrade-dependencies.patch10
-rw-r--r--actionpack-tests-fix.patch8
-rw-r--r--rubygem-actionpack.spec32
-rw-r--r--sources4
7 files changed, 20 insertions, 141 deletions
diff --git a/.gitignore b/.gitignore
index 5a1c559..3977fa6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,5 @@ actionpack-2.3.8.gem
/actionpack-3.0.10.gem
/actionpack-3.0.11-tests.tgz
/actionpack-3.0.11.gem
+/actionpack-3.0.13-tests.tgz
+/actionpack-3.0.13.gem
diff --git a/actionpack-CVE-2012-1098-safe-buffer-slice.patch b/actionpack-CVE-2012-1098-safe-buffer-slice.patch
deleted file mode 100644
index 3eaca8d..0000000
--- a/actionpack-CVE-2012-1098-safe-buffer-slice.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 00e632de2bde61425142ef8edc408e8d21ff9134 Mon Sep 17 00:00:00 2001
-From: Aaron Patterson <aaron.patterson@gmail.com>
-Date: Wed, 29 Feb 2012 16:37:30 -0800
-Subject: [PATCH] Squashed commit of the following:
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 917fd1a03845f4eedaccbc338f9d7524e98d45ee
-Author: José Valim <jose.valim@gmail.com>
-Date: Wed Feb 29 22:30:51 2012 +0100
-
- Ensure [] respects the status of the buffer.
-
-commit 6adc41789017682306181e3db5b30337fe450bcc
-Author: Akira Matsuda <ronnie@dio.jp>
-Date: Mon Feb 13 17:57:05 2012 +0900
-
- use AS::SafeBuffer#clone_empty for flushing the output_buffer
-
-commit e50ee96a0b37e7c5adfc555edd402ad04cc159f1
-Author: Akira Matsuda <ronnie@dio.jp>
-Date: Mon Feb 13 17:54:58 2012 +0900
-
- add AS::SafeBuffer#clone_empty
----
- .../lib/action_view/helpers/capture_helper.rb | 2 +-
- .../core_ext/string/output_safety.rb | 50 ++++++++++++-------
- activesupport/test/safe_buffer_test.rb | 46 ++++++++++++++++--
- 3 files changed, 74 insertions(+), 24 deletions(-)
-
-diff --git a/actionpack/lib/action_view/helpers/capture_helper.rb b/actionpack/lib/action_view/helpers/capture_helper.rb
-index cbc660d..c91e4c1 100644
---- a/actionpack/lib/action_view/helpers/capture_helper.rb
-+++ b/actionpack/lib/action_view/helpers/capture_helper.rb
-@@ -179,7 +179,7 @@ module ActionView
- def flush_output_buffer #:nodoc:
- if output_buffer && !output_buffer.empty?
- response.body_parts << output_buffer
-- self.output_buffer = output_buffer[0,0]
-+ self.output_buffer = output_buffer.respond_to?(:clone_empty) ? output_buffer.clone_empty : output_buffer[0, 0]
- nil
- end
- end
diff --git a/actionpack-CVE-2012-1099-select-options-XSS.patch b/actionpack-CVE-2012-1099-select-options-XSS.patch
deleted file mode 100644
index f0211c0..0000000
--- a/actionpack-CVE-2012-1099-select-options-XSS.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 5b4082fddf3412aef6c085fbb2a13fd3bbc75f4e Mon Sep 17 00:00:00 2001
-From: Sergey Nartimov <just.lest@gmail.com>
-Date: Mon, 20 Feb 2012 15:41:17 -0800
-Subject: [PATCH] fix output safety issue with select options
-
----
- .../lib/action_view/helpers/form_options_helper.rb | 6 +++---
- .../test/template/form_options_helper_test.rb | 9 ++++++++-
- 2 files changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/actionpack/lib/action_view/helpers/form_options_helper.rb b/actionpack/lib/action_view/helpers/form_options_helper.rb
-index 082647f..949b02a 100644
---- a/actionpack/lib/action_view/helpers/form_options_helper.rb
-+++ b/actionpack/lib/action_view/helpers/form_options_helper.rb
-@@ -596,13 +596,13 @@ module ActionView
- private
- def add_options(option_tags, options, value = nil)
- if options[:include_blank]
-- option_tags = "<option value=\"\">#{html_escape(options[:include_blank]) if options[:include_blank].kind_of?(String)}</option>\n" + option_tags
-+ option_tags = content_tag('option', options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, :value => '') + "\n" + option_tags
- end
- if value.blank? && options[:prompt]
- prompt = options[:prompt].kind_of?(String) ? options[:prompt] : I18n.translate('helpers.select.prompt', :default => 'Please select')
-- option_tags = "<option value=\"\">#{html_escape(prompt)}</option>\n" + option_tags
-+ option_tags = content_tag('option', prompt, :value => '') + "\n" + option_tags
- end
-- option_tags.html_safe
-+ option_tags
- end
- end
-
-diff --git a/actionpack/test/template/form_options_helper_test.rb b/actionpack/test/template/form_options_helper_test.rb
-index 6656420..9ca4bf6 100644
---- a/actionpack/test/template/form_options_helper_test.rb
-+++ b/actionpack/test/template/form_options_helper_test.rb
-@@ -432,7 +432,7 @@ class FormOptionsHelperTest < ActionView::TestCase
-
- def test_select_under_fields_for_with_string_and_given_prompt
- @post = Post.new
-- options = "<option value=\"abe\">abe</option><option value=\"mus\">mus</option><option value=\"hest\">hest</option>"
-+ options = "<option value=\"abe\">abe</option><option value=\"mus\">mus</option><option value=\"hest\">hest</option>".html_safe
-
- output_buffer = fields_for :post, @post do |f|
- concat f.select(:category, options, :prompt => 'The prompt')
-@@ -536,6 +536,13 @@ class FormOptionsHelperTest < ActionView::TestCase
- )
- end
-
-+ def test_select_escapes_options
-+ assert_dom_equal(
-+ '<select id="post_title" name="post[title]">&lt;script&gt;alert(1)&lt;/script&gt;</select>',
-+ select('post', 'title', '<script>alert(1)</script>')
-+ )
-+ end
-+
- def test_select_with_selected_nil
- @post = Post.new
- @post.category = "<mus>"
---
-1.7.6
-
diff --git a/actionpack-downgrade-dependencies.patch b/actionpack-downgrade-dependencies.patch
index 4114bd4..b7f76d0 100644
--- a/actionpack-downgrade-dependencies.patch
+++ b/actionpack-downgrade-dependencies.patch
@@ -1,9 +1,9 @@
---- specifications/actionpack-3.0.11.gemspec.orig
-+++ specifications/actionpack-3.0.11.gemspec
+--- specifications/actionpack-3.0.13.gemspec.orig
++++ specifications/actionpack-3.0.13.gemspec
@@ -26,7 +26,7 @@
s.add_runtime_dependency(%q<builder>, ["~> 2.1.2"])
s.add_runtime_dependency(%q<i18n>, ["~> 0.5.0"])
- s.add_runtime_dependency(%q<rack>, [">= 1.2.1"])
+ s.add_runtime_dependency(%q<rack>, [">= 1.2.5"])
- s.add_runtime_dependency(%q<rack-test>, [">= 0.5.7"])
+ s.add_runtime_dependency(%q<rack-test>, [">= 0.5.4"])
s.add_runtime_dependency(%q<rack-mount>, [">= 0.6.14"])
@@ -12,7 +12,7 @@
@@ -36,7 +36,7 @@
s.add_dependency(%q<builder>, ["~> 2.1.2"])
s.add_dependency(%q<i18n>, ["~> 0.5.0"])
- s.add_dependency(%q<rack>, [">= 1.2.1"])
+ s.add_dependency(%q<rack>, [">= 1.2.5"])
- s.add_dependency(%q<rack-test>, [">= 0.5.7"])
+ s.add_dependency(%q<rack-test>, [">= 0.5.4"])
s.add_dependency(%q<rack-mount>, [">= 0.6.14"])
@@ -21,7 +21,7 @@
@@ -47,7 +47,7 @@
s.add_dependency(%q<builder>, ["~> 2.1.2"])
s.add_dependency(%q<i18n>, ["~> 0.5.0"])
- s.add_dependency(%q<rack>, [">= 1.2.1"])
+ s.add_dependency(%q<rack>, [">= 1.2.5"])
- s.add_dependency(%q<rack-test>, [">= 0.5.7"])
+ s.add_dependency(%q<rack-test>, [">= 0.5.4"])
s.add_dependency(%q<rack-mount>, [">= 0.6.14"])
diff --git a/actionpack-tests-fix.patch b/actionpack-tests-fix.patch
deleted file mode 100644
index 90af2e4..0000000
--- a/actionpack-tests-fix.patch
+++ /dev/null
@@ -1,8 +0,0 @@
---- test/abstract_unit.rb.orig 2011-01-10 23:22:06.245506019 -0500
-+++ test/abstract_unit.rb 2011-01-10 23:22:18.633505885 -0500
-@@ -1,4 +1,4 @@
--require File.expand_path('../../../load_paths', __FILE__)
-+require 'rubygems'
-
- lib = File.expand_path("#{File.dirname(__FILE__)}/../lib")
- $:.unshift(lib) unless $:.include?('lib') || $:.include?(lib)
diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec
index d8f2661..f683d0f 100644
--- a/rubygem-actionpack.spec
+++ b/rubygem-actionpack.spec
@@ -6,8 +6,8 @@
Summary: Web-flow and rendering framework putting the VC in MVC
Name: rubygem-%{gem_name}
Epoch: 1
-Version: 3.0.11
-Release: 3%{?dist}
+Version: 3.0.13
+Release: 1%{?dist}
Group: Development/Languages
License: MIT
URL: http://www.rubyonrails.org
@@ -20,8 +20,8 @@ Source1: http://github.com/rails/rails/raw/v%{version}/%{gem_name}/Rakefile
# You may check it out like so
# git clone http://github.com/rails/rails.git
# cd rails/actionpack/
-# git checkout v3.0.11
-# tar czvf actionpack-3.0.11-tests.tgz test/
+# git checkout v3.0.13
+# tar czvf actionpack-3.0.13-tests.tgz test/
Source2: actionpack-%{version}-tests.tgz
Patch0: rubygem-actionpack-enable-test.patch
@@ -30,20 +30,8 @@ Patch0: rubygem-actionpack-enable-test.patch
# not being present in the gem
Patch1: actionpack-rakefile-fix.patch
-# Removes code which breaks the test suite due to a
-# dependency on a file in the greater rails proj
-Patch2: actionpack-tests-fix.patch
-
Patch3: actionpack-downgrade-dependencies.patch
-# Fixes CVE-2012-1098
-# https://bugzilla.redhat.com/show_bug.cgi?id=799275
-Patch4: actionpack-CVE-2012-1098-safe-buffer-slice.patch
-
-# Fixes CVE-2012-1099
-# https://bugzilla.redhat.com/show_bug.cgi?id=799276
-Patch5: actionpack-CVE-2012-1099-select-options-XSS.patch
-
Requires: ruby(rubygems)
Requires: rubygem(activesupport) = %{version}
Requires: rubygem(activemodel) = %{version}
@@ -101,9 +89,6 @@ tar xzvf %{SOURCE2} -C .%{gem_instdir}
pushd .%{gem_instdir}
%patch0 -p0
%patch1 -p0
-%patch2 -p0
-%patch4 -p2
-%patch5 -p2
# create missing symlink
pushd test/fixtures/layout_tests/layouts/
@@ -152,6 +137,9 @@ export TMPDIR=$(pwd)/tmpdir
pushd .%{gem_instdir}
+# load_path is not available, remove its require.
+sed -i '1,2d' test/abstract_unit.rb
+
# dependency loop
# depends on actionmailer, while actionmailer has BR(check): actionpack
mv test/controller/assert_select_test.rb \
@@ -161,7 +149,6 @@ mv test/controller/assert_select_test.rb \
rake test --trace
%files
-%defattr(-, root, root, -)
%dir %{gem_instdir}
%doc %{gem_instdir}/CHANGELOG
%{gem_libdir}
@@ -170,11 +157,14 @@ rake test --trace
%doc %{gem_instdir}/README.rdoc
%doc %{gem_instdir}/test/
%doc %{gem_docdir}
-%{gem_cache}
+%exclude %{gem_cache}
%{gem_spec}
%changelog
+* Fri Jun 01 2012 Vít Ondruch <vondruch@redhat.com> - 1:3.0.13-1
+- Updated to the ActionPack 3.0.13.
+
* Fri Mar 16 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1:3.0.11-3
- The CVE patches names now contain the CVE id.
diff --git a/sources b/sources
index 8364e35..69bb877 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-c67f5eeb29b519724028f64b69c7c757 actionpack-3.0.11-tests.tgz
-1a9a7eee2333853563af54afad349ee9 actionpack-3.0.11.gem
+8890a7c20c44f8b927592b8d49e2a4de actionpack-3.0.13-tests.tgz
+cc755373456a070fca005119abef601b actionpack-3.0.13.gem