diff options
| author | Vít Ondruch <vondruch@redhat.com> | 2011-07-04 10:55:45 +0200 |
|---|---|---|
| committer | Vít Ondruch <vondruch@redhat.com> | 2011-07-04 10:55:45 +0200 |
| commit | 850b625633821bfa4ab3de60d636e8ef1e44fdbc (patch) | |
| tree | 0bedbed5e1dfe69fa8c1b228d97c6fe07990f318 | |
| parent | 37eac7ffa541b65fad1de060eeddd72d46ece581 (diff) | |
| download | rubygem-activesupport-850b625633821bfa4ab3de60d636e8ef1e44fdbc.tar.gz rubygem-activesupport-850b625633821bfa4ab3de60d636e8ef1e44fdbc.tar.xz rubygem-activesupport-850b625633821bfa4ab3de60d636e8ef1e44fdbc.zip | |
Update to ActiveSupport 3.0.9
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | activesupport-tests.tgz | bin | 94683 -> 0 bytes | |||
| -rw-r--r-- | cve-2011-2197-fix.patch | 48 | ||||
| -rw-r--r-- | rubygem-activesupport.spec | 22 | ||||
| -rw-r--r-- | sources | 3 |
5 files changed, 14 insertions, 61 deletions
@@ -3,3 +3,5 @@ activesupport-2.3.8.gem /activesupport-3.0.3.gem /activesupport-3.0.5.gem /activesupport-tests.tgz +/activesupport-3.0.9-tests.tgz +/activesupport-3.0.9.gem diff --git a/activesupport-tests.tgz b/activesupport-tests.tgz Binary files differdeleted file mode 100644 index 89a6ad7..0000000 --- a/activesupport-tests.tgz +++ /dev/null diff --git a/cve-2011-2197-fix.patch b/cve-2011-2197-fix.patch deleted file mode 100644 index 0f36f0e..0000000 --- a/cve-2011-2197-fix.patch +++ /dev/null @@ -1,48 +0,0 @@ ---- lib/active_support/core_ext/string/output_safety.rb -+++ lib/active_support/core_ext/string/output_safety.rb -@@ -73,6 +73,7 @@ end - - module ActiveSupport #:nodoc: - class SafeBuffer < String -+ UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "gsub", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "sub", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze - alias safe_concat concat - - def concat(value) -@@ -103,6 +104,18 @@ module ActiveSupport #:nodoc: - def to_yaml(*args) - to_str.to_yaml(*args) - end -+ -+ for unsafe_method in UNSAFE_STRING_METHODS -+ class_eval <<-EOT, __FILE__, __LINE__ -+ def #{unsafe_method}(*args) -+ super.to_str -+ end -+ -+ def #{unsafe_method}!(*args) -+ raise TypeError, "Cannot modify SafeBuffer in place" -+ end -+ EOT -+ end - end - end - ---- test/safe_buffer_test.rb -+++ test/safe_buffer_test.rb -@@ -38,4 +38,16 @@ class SafeBufferTest < ActiveSupport::TestCase - new_buffer = @buffer.to_s - assert_equal ActiveSupport::SafeBuffer, new_buffer.class - end -+ -+ test "Should not return safe buffer from gsub" do -+ altered_buffer = @buffer.gsub('', 'asdf') -+ assert_equal 'asdf', altered_buffer -+ assert !altered_buffer.html_safe? -+ end -+ -+ test "Should not allow gsub! on safe buffers" do -+ assert_raise TypeError do -+ @buffer.gsub!('', 'asdf') -+ end -+ end - end diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec index f4bb94d..266c5e9 100644 --- a/rubygem-activesupport.spec +++ b/rubygem-activesupport.spec @@ -1,5 +1,6 @@ -%define gemdir %(ruby -rubygems -e 'puts Gem::dir' 2>/dev/null) %define gemname activesupport + +%define gemdir %(ruby -rubygems -e 'puts Gem::dir' 2>/dev/null) %define geminstdir %{gemdir}/gems/%{gemname}-%{version} %define rubyabi 1.8 @@ -7,8 +8,8 @@ Summary: Support and utility classes used by the Rails framework Name: rubygem-%{gemname} Epoch: 1 -Version: 3.0.5 -Release: 3%{?dist} +Version: 3.0.9 +Release: 1%{?dist} Group: Development/Languages License: MIT URL: http://www.rubyonrails.org @@ -19,9 +20,9 @@ Source0: http://rubygems.org/downloads/activesupport-%{version}.gem # Rails rpms, you may check it out like so # git clone http://github.com/rails/rails.git # cd rails/activesupport/ -# git checkout v3.0.5 -# tar czvf activesupport-tests.tgz test/ -Source2: activesupport-tests.tgz +# git checkout v3.0.9 +# tar czvf activesupport-3.0.9-tests.tgz test/ +Source2: activesupport-3.0.9-tests.tgz # Removes code which breaks the test suite due to a # dependency on a file in the greater rails proj @@ -31,11 +32,6 @@ Patch1: activesupport-tests-fix.patch # is in Fedora http://bugzilla.redhat.com/show_bug.cgi?id=668822 Patch2: activesupport-remove-memcache-build-dep.patch -# CVE-2011-2197 -# http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications -# FIX: https://gist.github.com/b2ceb626fc2bcdfe497f -Patch3: cve-2011-2197-fix.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: rubygems Requires: ruby(abi) = %{rubyabi} @@ -67,7 +63,6 @@ tar xzvf %{SOURCE2} -C .%{geminstdir} pushd .%{geminstdir} %patch1 -p0 %patch2 -p0 -%patch3 -p0 %build @@ -97,6 +92,9 @@ popd %changelog +* Fri Jul 01 2011 Vít Ondruch <vondruch@redhat.com> - 1:3.0.9-1 +- Update to ActiveSupport 3.0.9 + * Thu Jun 16 2011 Mo Morsi <mmorsi@redhat.com> - 1:3.0.5-3 - Reverting accidental change adding a few gem flags @@ -1 +1,2 @@ -9a6b84bf4efae8742a555c7f35750a0d activesupport-3.0.5.gem +85326238e675f127f22482144d85acdc activesupport-3.0.9-tests.tgz +d24508b3985d4226d4ca1c88156aced9 activesupport-3.0.9.gem |