diff options
| author |   Hans de Graaff <graaff@gentoo.org> | 2013-01-15 07:33:24 +0000 |
|---|---|---|
| committer | Hans de Graaff <graaff@gentoo.org> | 2013-01-15 07:33:24 +0000 |
| commit | 07f725a6ead2a5f4f1e16941618714cc02994706 (patch) | |
| tree | 996319ed1adeb8f83fec6ff4387389a19bf0e0b6 /dev-ruby/activerecord | |
| parent | version bump #451724 (diff) | |
| download | gentoo-2-07f725a6ead2a5f4f1e16941618714cc02994706.tar.gz gentoo-2-07f725a6ead2a5f4f1e16941618714cc02994706.tar.bz2 gentoo-2-07f725a6ead2a5f4f1e16941618714cc02994706.zip | |
Fix security issue, bug 450974.
(Portage version: 2.1.11.31/cvs/Linux x86_64, signed Manifest commit with key 0x8883FA56A308A8D7!)
Diffstat (limited to 'dev-ruby/activerecord')
| -rw-r--r-- | dev-ruby/activerecord/ChangeLog | 9 | ||||
| -rw-r--r-- | dev-ruby/activerecord/activerecord-2.3.15-r1.ebuild | 66 | ||||
| -rw-r--r-- | dev-ruby/activerecord/files/activerecord-2.3.15-null-array-param.patch | 25 |
3 files changed, 99 insertions, 1 deletions
diff --git a/dev-ruby/activerecord/ChangeLog b/dev-ruby/activerecord/ChangeLog index 8d03f922eb7c..db6da422252b 100644 --- a/dev-ruby/activerecord/ChangeLog +++ b/dev-ruby/activerecord/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for dev-ruby/activerecord # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-ruby/activerecord/ChangeLog,v 1.215 2013/01/09 15:14:01 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-ruby/activerecord/ChangeLog,v 1.216 2013/01/15 07:33:23 graaff Exp $ + +*activerecord-2.3.15-r1 (15 Jan 2013) + + 15 Jan 2013; Hans de Graaff <graaff@gentoo.org> + +activerecord-2.3.15-r1.ebuild, + +files/activerecord-2.3.15-null-array-param.patch: + Fix security issue, bug 450974. 09 Jan 2013; Agostino Sarubbo <ago@gentoo.org> activerecord-2.3.15.ebuild: Stable for ppc64, wrt bug #450974 diff --git a/dev-ruby/activerecord/activerecord-2.3.15-r1.ebuild b/dev-ruby/activerecord/activerecord-2.3.15-r1.ebuild new file mode 100644 index 000000000000..9128fa948424 --- /dev/null +++ b/dev-ruby/activerecord/activerecord-2.3.15-r1.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-ruby/activerecord/activerecord-2.3.15-r1.ebuild,v 1.1 2013/01/15 07:33:23 graaff Exp $ + +EAPI=2 +USE_RUBY="ruby18 ree18 jruby" + +# this is not null so that the dependencies will actually be filled +RUBY_FAKEGEM_TASK_TEST="none" + +RUBY_FAKEGEM_DOCDIR="doc" +RUBY_FAKEGEM_EXTRADOC="CHANGELOG README" + +inherit ruby-fakegem + +DESCRIPTION="Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM" +HOMEPAGE="http://rubyforge.org/projects/activerecord/" + +LICENSE="MIT" +SLOT="2.3" +KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x64-solaris ~x86-solaris" +IUSE="mysql postgres sqlite3" #sqlite + +ruby_add_rdepend "~dev-ruby/activesupport-${PV}" + +#ruby_add_rdepend sqlite ">=dev-ruby/sqlite-ruby-2.2.2" +USE_RUBY=ruby18 \ + ruby_add_rdepend " + sqlite3? ( dev-ruby/sqlite3 ) + mysql? ( >=dev-ruby/mysql-ruby-2.7 ) + postgres? ( dev-ruby/pg )" + +ruby_add_bdepend " + test? ( + dev-ruby/rdoc + =dev-ruby/mocha-0.10* + )" + +all_ruby_prepare() { + epatch "${FILESDIR}"/${P}-null-array-param.patch + + # Custom template not found in package + sed -i -e '/horo/d' Rakefile || die + + # Remove test cases with hash ordering failures. + sed -i -e '/test_bind_enumerable/,/end/ s:^:#:' test/cases/finder_test.rb || die + sed -i -e '/test_should_automatically_build_new_associated/,/^ end/ s:^:#:' test/cases/nested_attributes_test.rb || die + + # Make sure we load a compatible version of activesupport for tests. + sed -i -e '10igem "activesupport", "~>2.3.15"' test/cases/helper.rb || die + + # Drop test now broken by security fixes. + rm test/cases/serialization_test.rb +} + +each_ruby_test() { + case ${RUBY} in + *jruby) + ;; + *) + if use sqlite3; then + ${RUBY} -S rake test_sqlite3 || die "sqlite3 tests failed" + fi + ;; + esac +} diff --git a/dev-ruby/activerecord/files/activerecord-2.3.15-null-array-param.patch b/dev-ruby/activerecord/files/activerecord-2.3.15-null-array-param.patch new file mode 100644 index 000000000000..609c108269c7 --- /dev/null +++ b/dev-ruby/activerecord/files/activerecord-2.3.15-null-array-param.patch @@ -0,0 +1,25 @@ +From 0fdf0aa845eead13ee04022f2384b1fd108fc435 Mon Sep 17 00:00:00 2001 +From: Ernie Miller <ernie@erniemiller.org> +Date: Tue, 8 Jan 2013 18:41:59 -0500 +Subject: [PATCH] Fix for CVE-2013-0155 + +--- + activerecord/lib/active_record/base.rb | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb +index 0179b00..cfc6e86 100755 +--- a/activerecord/lib/active_record/base.rb ++++ b/activerecord/lib/active_record/base.rb +@@ -2340,6 +2340,8 @@ module ActiveRecord #:nodoc: + def sanitize_sql_hash_for_conditions(attrs, default_table_name = quoted_table_name, top_level = true) + attrs = expand_hash_conditions_for_aggregates(attrs) + ++ return '1 = 2' if !top_level && attrs.is_a?(Hash) && attrs.empty? ++ + conditions = attrs.map do |attr, value| + table_name = default_table_name + +-- +1.8.0.1 + |