Hello community, here is the log from the commit of package rubygem-actionpack-2_3.1299 for openSUSE:12.2:Update checked in at 2013-02-12 09:51:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/rubygem-actionpack-2_3.1299 (Old) and /work/SRC/openSUSE:12.2:Update/.rubygem-actionpack-2_3.1299.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-actionpack-2_3.1299", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-09 11:18:20.872010756 +0100 +++ /work/SRC/openSUSE:12.2:Update/.rubygem-actionpack-2_3.1299.new/rubygem-actionpack-2_3.changes 2013-02-12 09:51:50.000000000 +0100 @@ -0,0 +1,165 @@ +------------------------------------------------------------------- +Wed Jan 30 16:21:57 UTC 2013 - mrueckert@suse.de + +- update to 2.3.16 (bnc#800320) CVE-2013-0333 + - backporting deep_munge + - removing [nil] from the params + - Do not mark strip_tags result as html_safe +- this obsoletes all our patches: + 2-3-null_array_param.patch + 2-3-null_param.patch + 3-0-strip_tags.patch + +------------------------------------------------------------------- +Thu Jan 17 11:24:55 UTC 2013 - mrueckert@suse.de + +- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452) + - handle missing 'HTTP_X_FORWARDED_FOR' + - added test suite for RCE bug + +------------------------------------------------------------------- +Fri Sep 7 18:49:10 UTC 2012 - mrueckert@suse.de + +- added 3-0-strip_tags.patch: (bnc#775649) + Do not mark strip_tags result as html_safe CVE-2012-3465 + +------------------------------------------------------------------- +Wed Jul 18 14:57:18 UTC 2012 - mrueckert@suse.de + +- added 2 patches to fix security issues: + 2-3-null_param.patch (CVE-2012-2660) (bnc#765097) + 2-3-null_array_param.patch (CVE-2012-2694) (bnc#766791) +- track series file from quilt for easier handling + +------------------------------------------------------------------- +Wed Aug 17 12:02:42 UTC 2011 - mrueckert@suse.de + +- update to version 2.3.14 + - fix fixing strip tags vulnerability (bnc#712057) + - fixing response splitting problem (bnc#712058) + +------------------------------------------------------------------- +Mon Jun 20 16:27:43 UTC 2011 - mrueckert@suse.de + +- update to version 2.3.12 + - dont call destroy on a session if it doesnt respond to destroy + - fix session timeout handling + +------------------------------------------------------------------- +Wed Feb 16 11:09:20 UTC 2011 - mrueckert@suse.de + +- update to version 2.3.11: (bnc#668817) + - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446 + - CSRF Bypass Risk CVE-2011-0447 + - Filter Problems on Case Insensitive Filesystems CVE-2011-0449 + - Potential SQL Injection with limit() CVE-2011-0448 + +------------------------------------------------------------------- +Mon Jan 17 13:21:21 UTC 2011 - mvidner@suse.cz + +- Split off doc and testsuite subpackages. + +------------------------------------------------------------------- +Wed Oct 27 11:34:50 UTC 2010 - mrueckert@suse.de + +- update to version 2.3.10 + * Version bump. + +------------------------------------------------------------------- +Sun Sep 5 11:07:19 UTC 2010 - mrueckert@suse.de + +- update to version 2.3.9 + * Version bump. + +------------------------------------------------------------------- +Tue May 25 16:08:12 UTC 2010 - mrueckert@suse.de + +- use rubygems_requires macro + +------------------------------------------------------------------- +Tue May 25 15:07:19 UTC 2010 - mrueckert@suse.de + +- update to version 2.3.8 + * HTML safety: fix compatibility *without* the optional rails_xss + plugin. +- additional changes from version 2.3.7 + * HTML safety: fix compatibility with the optional rails_xss + plugin. [Nathan Weizenbaum, Santiago Pastorino] +- additional changes from version 2.3.6 + * JSON: set Base.include_root_in_json = true to include a root + value in the JSON: {"post": {"title": ...}}. Mirrors the Active + Record option. #2584 [Matthew Moore, Joe Martinez, Elad + Meidar, Santiago Pastorino] + * Ruby 1.9: ERB template encoding using a magic comment at the + top of the file. [Jeremy Kemper] <%# encoding: utf-8 %> + * Fixed that default locale templates should be used if the + current locale template is missing [DHH] + * Fixed that PrototypeHelper#update_page should return html_safe + [DHH] + * Fixed that much of DateHelper wouldn't return html_safe? + strings [DHH] + * Fixed that fragment caching should return a cache hit as + html_safe (or it would all just get escaped) [DHH] + * Introduce String#html_safe for rails_xss plugin and + forward-compatibility with Rails 3. [Michael Koziarski, + Santiago Pastorino, José Ignacio Costa] + * Added :alert, :notice, and :flash as options to + ActionController::Base#redirect_to that'll automatically set + the proper flash before the redirection [DHH]. + * Added ActionController::Base#notice/= and + ActionController::Base#alert/= as a convenience accessors in + both the controller and the view for flash[:notice]/= and + flash[:alert]/= [DHH] + * Added cookies.permanent, cookies.signed, and + cookies.permanent.signed accessor for common cookie actions + [DHH]. +- removed actionpack-2.3.5_button_to.patch: + included in update + +------------------------------------------------------------------- +Thu Feb 18 14:09:24 UTC 2010 - aduffeck@novell.com + +- add a patch to fix (bnc#581792): + https://rails.lighthouseapp.com/projects/8994/tickets/3448-button_to-does-no... + +------------------------------------------------------------------- +Fri Jan 15 14:21:37 UTC 2010 - mrueckert@suse.de + +- fix requires on rack. gem spec and code disagree with each other. + +------------------------------------------------------------------- +Tue Dec 1 18:19:07 UTC 2009 - chris@computersalat.de + +- update to version 2.3.5 + - Minor Bug Fixes and deprecation warnings + - Ruby 1.9 Support + - Fix filtering parameters when there are Fixnum or other + un-dupable values. + - Improvements to ActionView::TestCase + - Compatiblity with the rails_xss plugin +- removed actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch: + included in update + +------------------------------------------------------------------- +Fri Nov 20 13:53:22 UTC 2009 - mrueckert@suse.de + +- added actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch + fix number_to_human_size (bnc#545720) + +------------------------------------------------------------------- +Thu Sep 10 12:03:08 UTC 2009 - adrian@suse.de + +- update to version 2.3.4 + +------------------------------------------------------------------- +Fri Jun 5 16:58:30 CEST 2009 - mrueckert@suse.de + +- add rails-2.3.2_http_auth_digest_nil_check.patch: + do not allow authentication with a missing password (bnc#509914) + +------------------------------------------------------------------- +Mon Mar 16 20:34:36 CET 2009 - mrueckert@suse.de + +- starting package for the rails 2.3 series + +------------------------------------------------------------------- New: ---- actionpack-2.3.16.gem rubygem-actionpack-2_3.changes rubygem-actionpack-2_3.spec series ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-actionpack-2_3.spec ++++++ # # spec file for package rubygem-actionpack-2_3 # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: rubygem-actionpack-2_3 Version: 2.3.16 Release: 0 %define mod_name actionpack %define mod_full_name %{mod_name}-%{version} # # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: rubygems_with_buildroot_patch %rubygems_requires Provides: rubygem-%{mod_name} = %{version}-%{release} # # activesupport = 2.3.15 BuildRequires: rubygem-activesupport-2_3 = %{version} Requires: rubygem-activesupport-2_3 = %{version} # rack ~> 1.1.0 BuildRequires: rubygem-rack-1_1 >= 1.1.3 Requires: rubygem-rack-1_1 >= 1.1.3 # Url: http://rubyforge.org/projects/actionpack Source: %{mod_full_name}.gem Source99: series # Summary: Web-flow and rendering framework putting the VC in MVC License: MIT Group: Development/Languages/Ruby %description Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. %package doc Summary: RDoc documentation for %{mod_name} Group: Development/Languages/Ruby Requires: %{name} = %{version} %description doc Documentation generated at gem installation time. Usually in RDoc and RI formats. %package testsuite Summary: Test suite for %{mod_name} Group: Development/Languages/Ruby Requires: %{name} = %{version} %description testsuite Test::Unit or RSpec files, useful for developers. %prep %build %install %gem_install %{S:0} find %{buildroot}%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_name}-%{version}/ -name \*\~ -print -delete %clean %{__rm} -rf %{buildroot} %files %defattr(-,root,root,-) %{_libdir}/ruby/gems/%{rb_ver}/cache/%{mod_full_name}.gem %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/ %exclude %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/test %{_libdir}/ruby/gems/%{rb_ver}/specifications/%{mod_full_name}.gemspec %files doc %defattr(-,root,root,-) %doc %{_libdir}/ruby/gems/%{rb_ver}/doc/%{mod_full_name}/ %files testsuite %defattr(-,root,root,-) %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/test %changelog ++++++ series ++++++ 2-3-null_param.patch -p0 2-3-null_array_param.patch -p0 3-0-strip_tags.patch -p0 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org