Hello community,
here is the log from the commit of package rubygem-actionpack-2_3.1299 for
openSUSE:12.2:Update checked in at 2013-02-12 09:51:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/rubygem-actionpack-2_3.1299 (Old)
and /work/SRC/openSUSE:12.2:Update/.rubygem-actionpack-2_3.1299.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-actionpack-2_3.1299", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2013-02-09 11:18:20.872010756 +0100
+++
/work/SRC/openSUSE:12.2:Update/.rubygem-actionpack-2_3.1299.new/rubygem-actionpack-2_3.changes
2013-02-12 09:51:50.000000000 +0100
@@ -0,0 +1,165 @@
+-------------------------------------------------------------------
+Wed Jan 30 16:21:57 UTC 2013 - mrueck...@suse.de
+
+- update to 2.3.16 (bnc#800320) CVE-2013-0333
+ - backporting deep_munge
+ - removing [nil] from the params
+ - Do not mark strip_tags result as html_safe
+- this obsoletes all our patches:
+ 2-3-null_array_param.patch
+ 2-3-null_param.patch
+ 3-0-strip_tags.patch
+
+-------------------------------------------------------------------
+Thu Jan 17 11:24:55 UTC 2013 - mrueck...@suse.de
+
+- update to 2.3.15: (bnc#796712, bnc#797449, bnc#797452)
+ - handle missing 'HTTP_X_FORWARDED_FOR'
+ - added test suite for RCE bug
+
+-------------------------------------------------------------------
+Fri Sep 7 18:49:10 UTC 2012 - mrueck...@suse.de
+
+- added 3-0-strip_tags.patch: (bnc#775649)
+ Do not mark strip_tags result as html_safe CVE-2012-3465
+
+-------------------------------------------------------------------
+Wed Jul 18 14:57:18 UTC 2012 - mrueck...@suse.de
+
+- added 2 patches to fix security issues:
+ 2-3-null_param.patch (CVE-2012-2660) (bnc#765097)
+ 2-3-null_array_param.patch (CVE-2012-2694) (bnc#766791)
+- track series file from quilt for easier handling
+
+-------------------------------------------------------------------
+Wed Aug 17 12:02:42 UTC 2011 - mrueck...@suse.de
+
+- update to version 2.3.14
+ - fix fixing strip tags vulnerability (bnc#712057)
+ - fixing response splitting problem (bnc#712058)
+
+-------------------------------------------------------------------
+Mon Jun 20 16:27:43 UTC 2011 - mrueck...@suse.de
+
+- update to version 2.3.12
+ - dont call destroy on a session if it doesnt respond to destroy
+ - fix session timeout handling
+
+-------------------------------------------------------------------
+Wed Feb 16 11:09:20 UTC 2011 - mrueck...@suse.de
+
+- update to version 2.3.11: (bnc#668817)
+ - XSS Risk in mail_to :encode=>:javascript CVE-2011-0446
+ - CSRF Bypass Risk CVE-2011-0447
+ - Filter Problems on Case Insensitive Filesystems CVE-2011-0449
+ - Potential SQL Injection with limit() CVE-2011-0448
+
+-------------------------------------------------------------------
+Mon Jan 17 13:21:21 UTC 2011 - mvid...@suse.cz
+
+- Split off doc and testsuite subpackages.
+
+-------------------------------------------------------------------
+Wed Oct 27 11:34:50 UTC 2010 - mrueck...@suse.de
+
+- update to version 2.3.10
+ * Version bump.
+
+-------------------------------------------------------------------
+Sun Sep 5 11:07:19 UTC 2010 - mrueck...@suse.de
+
+- update to version 2.3.9
+ * Version bump.
+
+-------------------------------------------------------------------
+Tue May 25 16:08:12 UTC 2010 - mrueck...@suse.de
+
+- use rubygems_requires macro
+
+-------------------------------------------------------------------
+Tue May 25 15:07:19 UTC 2010 - mrueck...@suse.de
+
+- update to version 2.3.8
+ * HTML safety: fix compatibility *without* the optional rails_xss
+ plugin.
+- additional changes from version 2.3.7
+ * HTML safety: fix compatibility with the optional rails_xss
+ plugin. [Nathan Weizenbaum, Santiago Pastorino]
+- additional changes from version 2.3.6
+ * JSON: set Base.include_root_in_json = true to include a root
+ value in the JSON: {"post": {"title": ...}}. Mirrors the Active
+ Record option. #2584 [Matthew Moore, Joe Martinez, Elad
+ Meidar, Santiago Pastorino]
+ * Ruby 1.9: ERB template encoding using a magic comment at the
+ top of the file. [Jeremy Kemper] <%# encoding: utf-8 %>
+ * Fixed that default locale templates should be used if the
+ current locale template is missing [DHH]
+ * Fixed that PrototypeHelper#update_page should return html_safe
+ [DHH]
+ * Fixed that much of DateHelper wouldn't return html_safe?
+ strings [DHH]
+ * Fixed that fragment caching should return a cache hit as
+ html_safe (or it would all just get escaped) [DHH]
+ * Introduce String#html_safe for rails_xss plugin and
+ forward-compatibility with Rails 3. [Michael Koziarski,
+ Santiago Pastorino, José Ignacio Costa]
+ * Added :alert, :notice, and :flash as options to
+ ActionController::Base#redirect_to that'll automatically set
+ the proper flash before the redirection [DHH].
+ * Added ActionController::Base#notice/= and
+ ActionController::Base#alert/= as a convenience accessors in
+ both the controller and the view for flash[:notice]/= and
+ flash[:alert]/= [DHH]
+ * Added cookies.permanent, cookies.signed, and
+ cookies.permanent.signed accessor for common cookie actions
+ [DHH].
+- removed actionpack-2.3.5_button_to.patch:
+ included in update
+
+-------------------------------------------------------------------
+Thu Feb 18 14:09:24 UTC 2010 - aduff...@novell.com
+
+- add a patch to fix (bnc#581792):
+
https://rails.lighthouseapp.com/projects/8994/tickets/3448-button_to-does-not-return-an-html-safe-string
+
+-------------------------------------------------------------------
+Fri Jan 15 14:21:37 UTC 2010 - mrueck...@suse.de
+
+- fix requires on rack. gem spec and code disagree with each other.
+
+-------------------------------------------------------------------
+Tue Dec 1 18:19:07 UTC 2009 - ch...@computersalat.de
+
+- update to version 2.3.5
+ - Minor Bug Fixes and deprecation warnings
+ - Ruby 1.9 Support
+ - Fix filtering parameters when there are Fixnum or other
+ un-dupable values.
+ - Improvements to ActionView::TestCase
+ - Compatiblity with the rails_xss plugin
+- removed
actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch:
+ included in update
+
+-------------------------------------------------------------------
+Fri Nov 20 13:53:22 UTC 2009 - mrueck...@suse.de
+
+- added
actionpack-2.3.4_number_to_human_size_fix_eb30c695444b904d7937c8c12c59da9a8c4d60e5.patch
+ fix number_to_human_size (bnc#545720)
+
+-------------------------------------------------------------------
+Thu Sep 10 12:03:08 UTC 2009 - adr...@suse.de
+
+- update to version 2.3.4
+
+-------------------------------------------------------------------
+Fri Jun 5 16:58:30 CEST 2009 - mrueck...@suse.de
+
+- add rails-2.3.2_http_auth_digest_nil_check.patch:
+ do not allow authentication with a missing password (bnc#509914)
+
+-------------------------------------------------------------------
+Mon Mar 16 20:34:36 CET 2009 - mrueck...@suse.de
+
+- starting package for the rails 2.3 series
+
+-------------------------------------------------------------------
New:
----
actionpack-2.3.16.gem
rubygem-actionpack-2_3.changes
rubygem-actionpack-2_3.spec
series
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-actionpack-2_3.spec ++++++
#
# spec file for package rubygem-actionpack-2_3
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: rubygem-actionpack-2_3
Version: 2.3.16
Release: 0
%define mod_name actionpack
%define mod_full_name %{mod_name}-%{version}
#
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: rubygems_with_buildroot_patch
%rubygems_requires
Provides: rubygem-%{mod_name} = %{version}-%{release}
#
# activesupport = 2.3.15
BuildRequires: rubygem-activesupport-2_3 = %{version}
Requires: rubygem-activesupport-2_3 = %{version}
# rack ~> 1.1.0
BuildRequires: rubygem-rack-1_1 >= 1.1.3
Requires: rubygem-rack-1_1 >= 1.1.3
#
Url: http://rubyforge.org/projects/actionpack
Source: %{mod_full_name}.gem
Source99: series
#
Summary: Web-flow and rendering framework putting the VC in MVC
License: MIT
Group: Development/Languages/Ruby
%description
Eases web-request routing, handling, and response as a half-way front, half-way
page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn't require a browser.
%package doc
Summary: RDoc documentation for %{mod_name}
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
%description doc
Documentation generated at gem installation time.
Usually in RDoc and RI formats.
%package testsuite
Summary: Test suite for %{mod_name}
Group: Development/Languages/Ruby
Requires: %{name} = %{version}
%description testsuite
Test::Unit or RSpec files, useful for developers.
%prep
%build
%install
%gem_install %{S:0}
find %{buildroot}%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_name}-%{version}/
-name \*\~ -print -delete
%clean
%{__rm} -rf %{buildroot}
%files
%defattr(-,root,root,-)
%{_libdir}/ruby/gems/%{rb_ver}/cache/%{mod_full_name}.gem
%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/
%exclude %{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/test
%{_libdir}/ruby/gems/%{rb_ver}/specifications/%{mod_full_name}.gemspec
%files doc
%defattr(-,root,root,-)
%doc %{_libdir}/ruby/gems/%{rb_ver}/doc/%{mod_full_name}/
%files testsuite
%defattr(-,root,root,-)
%{_libdir}/ruby/gems/%{rb_ver}/gems/%{mod_full_name}/test
%changelog
++++++ series ++++++
2-3-null_param.patch -p0
2-3-null_array_param.patch -p0
3-0-strip_tags.patch -p0
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
