From 850b625633821bfa4ab3de60d636e8ef1e44fdbc Mon Sep 17 00:00:00 2001
From: Vít Ondruch <vondruch@redhat.com>
Date: Mon, 4 Jul 2011 10:55:45 +0200
Subject: Update to ActiveSupport 3.0.9

---
 .gitignore                 |   2 ++
 activesupport-tests.tgz    | Bin 94683 -> 0 bytes
 cve-2011-2197-fix.patch    |  48 ---------------------------------------------
 rubygem-activesupport.spec |  22 ++++++++++-----------
 sources                    |   3 ++-
 5 files changed, 14 insertions(+), 61 deletions(-)
 delete mode 100644 activesupport-tests.tgz
 delete mode 100644 cve-2011-2197-fix.patch

diff --git a/.gitignore b/.gitignore
index 1c7051e..8cd85d6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,5 @@ activesupport-2.3.8.gem
 /activesupport-3.0.3.gem
 /activesupport-3.0.5.gem
 /activesupport-tests.tgz
+/activesupport-3.0.9-tests.tgz
+/activesupport-3.0.9.gem
diff --git a/activesupport-tests.tgz b/activesupport-tests.tgz
deleted file mode 100644
index 89a6ad7..0000000
Binary files a/activesupport-tests.tgz and /dev/null differ
diff --git a/cve-2011-2197-fix.patch b/cve-2011-2197-fix.patch
deleted file mode 100644
index 0f36f0e..0000000
--- a/cve-2011-2197-fix.patch
+++ /dev/null
@@ -1,48 +0,0 @@
---- lib/active_support/core_ext/string/output_safety.rb
-+++ lib/active_support/core_ext/string/output_safety.rb
-@@ -73,6 +73,7 @@ end
- 
- module ActiveSupport #:nodoc:
-   class SafeBuffer < String
-+    UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "gsub", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "sub", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze
-     alias safe_concat concat
- 
-     def concat(value)
-@@ -103,6 +104,18 @@ module ActiveSupport #:nodoc:
-     def to_yaml(*args)
-       to_str.to_yaml(*args)
-     end
-+
-+    for unsafe_method in UNSAFE_STRING_METHODS
-+      class_eval <<-EOT, __FILE__, __LINE__
-+        def #{unsafe_method}(*args)
-+          super.to_str
-+        end
-+
-+        def #{unsafe_method}!(*args)
-+          raise TypeError, "Cannot modify SafeBuffer in place"
-+        end
-+      EOT
-+    end
-   end
- end
- 
---- test/safe_buffer_test.rb
-+++ test/safe_buffer_test.rb
-@@ -38,4 +38,16 @@ class SafeBufferTest < ActiveSupport::TestCase
-     new_buffer = @buffer.to_s
-     assert_equal ActiveSupport::SafeBuffer, new_buffer.class
-   end
-+
-+  test "Should not return safe buffer from gsub" do
-+    altered_buffer = @buffer.gsub('', 'asdf')
-+    assert_equal 'asdf', altered_buffer
-+    assert !altered_buffer.html_safe?
-+  end
-+
-+  test "Should not allow gsub! on safe buffers" do
-+    assert_raise TypeError do
-+      @buffer.gsub!('', 'asdf')
-+    end
-+  end
- end
diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec
index f4bb94d..266c5e9 100644
--- a/rubygem-activesupport.spec
+++ b/rubygem-activesupport.spec
@@ -1,5 +1,6 @@
-%define gemdir %(ruby -rubygems -e 'puts Gem::dir' 2>/dev/null)
 %define gemname activesupport
+
+%define gemdir %(ruby -rubygems -e 'puts Gem::dir' 2>/dev/null)
 %define geminstdir %{gemdir}/gems/%{gemname}-%{version}
 
 %define rubyabi 1.8
@@ -7,8 +8,8 @@
 Summary: Support and utility classes used by the Rails framework
 Name: rubygem-%{gemname}
 Epoch: 1
-Version: 3.0.5
-Release: 3%{?dist}
+Version: 3.0.9
+Release: 1%{?dist}
 Group: Development/Languages
 License: MIT
 URL: http://www.rubyonrails.org
@@ -19,9 +20,9 @@ Source0: http://rubygems.org/downloads/activesupport-%{version}.gem
 # Rails rpms, you may check it out like so
 # git clone http://github.com/rails/rails.git
 # cd rails/activesupport/
-# git checkout v3.0.5
-# tar czvf activesupport-tests.tgz test/
-Source2: activesupport-tests.tgz
+# git checkout v3.0.9
+# tar czvf activesupport-3.0.9-tests.tgz test/
+Source2: activesupport-3.0.9-tests.tgz
 
 # Removes code which breaks the test suite due to a
 # dependency on a file in the greater rails proj
@@ -31,11 +32,6 @@ Patch1: activesupport-tests-fix.patch
 # is in Fedora http://bugzilla.redhat.com/show_bug.cgi?id=668822
 Patch2: activesupport-remove-memcache-build-dep.patch
 
-# CVE-2011-2197
-# http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
-# FIX: https://gist.github.com/b2ceb626fc2bcdfe497f
-Patch3: cve-2011-2197-fix.patch
-
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: rubygems
 Requires: ruby(abi) = %{rubyabi}
@@ -67,7 +63,6 @@ tar xzvf %{SOURCE2} -C .%{geminstdir}
 pushd .%{geminstdir}
 %patch1 -p0
 %patch2 -p0
-%patch3 -p0
 
 %build
 
@@ -97,6 +92,9 @@ popd
 
 
 %changelog
+* Fri Jul 01 2011 Vít Ondruch <vondruch@redhat.com> - 1:3.0.9-1
+- Update to ActiveSupport 3.0.9
+
 * Thu Jun 16 2011 Mo Morsi <mmorsi@redhat.com> - 1:3.0.5-3
 - Reverting accidental change adding a few gem flags
 
diff --git a/sources b/sources
index fdcd339..5d4b3bc 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
-9a6b84bf4efae8742a555c7f35750a0d  activesupport-3.0.5.gem
+85326238e675f127f22482144d85acdc  activesupport-3.0.9-tests.tgz
+d24508b3985d4226d4ca1c88156aced9  activesupport-3.0.9.gem
-- 
cgit