diff --git a/.cvsignore b/.cvsignore index 2448d64..226683a 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -actionpack-2.3.4.gem +actionpack-2.3.5.gem diff --git a/rubygem-actionpack-2.3.4-rack-compat.patch b/rubygem-actionpack-2.3.4-rack-compat.patch deleted file mode 100644 index 8583a21..0000000 --- a/rubygem-actionpack-2.3.4-rack-compat.patch +++ /dev/null @@ -1,174 +0,0 @@ ---- Rakefile.debug 2010-01-07 03:03:57.000000000 +0900 -+++ Rakefile 2010-01-07 03:05:36.000000000 +0900 -@@ -80,7 +80,7 @@ - s.requirements << 'none' - - s.add_dependency('activesupport', '= 2.3.4' + PKG_BUILD) -- s.add_dependency('rack', '~> 1.0.0') -+ s.add_dependency('rack', '>= 1.0.0') - - s.require_path = 'lib' - s.autorequire = 'action_controller' ---- lib/action_controller.rb.debug 2010-01-07 03:03:57.000000000 +0900 -+++ lib/action_controller.rb 2010-01-07 03:05:36.000000000 +0900 -@@ -31,7 +31,7 @@ - end - end - --gem 'rack', '~> 1.0.0' -+gem 'rack', '>= 1.0.0' - require 'rack' - - module ActionController ---- lib/action_controller/integration.rb.debug 2010-01-07 03:03:57.000000000 +0900 -+++ lib/action_controller/integration.rb 2010-01-07 18:46:03.000000000 +0900 -@@ -320,9 +320,25 @@ - - @headers = Rack::Utils::HeaderHash.new(headers) - -- (@headers['Set-Cookie'] || "").split("\n").each do |cookie| -- name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2] -- @cookies[name] = value -+ # Umm.. it seems that with rack 1.1.0 @headers is an array -+ # instead of a string which rack 1.0.0 returned -+ # FIXME!! -+ -+ headers_cookie = @headers['Set-Cookie'] -+ if headers_cookie.is_a?(Array) -+ headers_cookie.each do |cookie_arr| -+ cookie_arr.split("\n").each do |cookie| -+ name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2] -+ @cookies[name] = value -+ end -+ end -+ -+ else -+ -+ (headers_cookie || "").split("\n").each do |cookie| -+ name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2] -+ @cookies[name] = value -+ end - end - - @body = "" ---- lib/action_controller/response.rb.debug 2010-01-07 03:03:57.000000000 +0900 -+++ lib/action_controller/response.rb 2010-01-07 19:40:44.000000000 +0900 -@@ -112,6 +112,12 @@ - end - - def etag? -+ -+ # FIXME!! -+ if Rack::VERSION[0] == 1 && Rack::VERSION[1] >= 1 -+ return headers.include?('ETag') && !headers['ETag'].nil? -+ end -+ - headers.include?('ETag') - end - -@@ -218,8 +224,15 @@ - # Don't set the Content-Length for block-based bodies as that would mean - # reading it all into memory. Not nice for, say, a 2GB streaming file. - def set_content_length! -+ -+ ## FIXME -+ - if status && status.to_s[0..2] == '204' - headers.delete('Content-Length') -+ -+ elsif Rack::VERSION[0] == 1 && Rack::VERSION[1] >= 1 && status && status.to_s[0..2] == '304' -+ headers.delete('Content-Length') -+ - elsif length = headers['Content-Length'] - headers['Content-Length'] = length.to_s - elsif !body.respond_to?(:call) && (!status || status.to_s[0..2] != '304') ---- test/controller/integration_test.rb.debug 2010-01-07 03:03:57.000000000 +0900 -+++ test/controller/integration_test.rb 2010-01-07 05:44:37.000000000 +0900 -@@ -306,7 +306,9 @@ - assert_equal "Gone", status_message - assert_response 410 - assert_response :gone -- assert_equal "cookie_1=; path=/\ncookie_3=chocolate; path=/", headers["Set-Cookie"] -+ # Okay if cookies coincides. -+ # With rake 1.1.0 headers["Set-Cookie"] is an array instread of a string -+ #assert_equal "cookie_1=; path=/\ncookie_3=chocolate; path=/", headers["Set-Cookie"] - assert_equal({"cookie_1"=>"", "cookie_2"=>"oatmeal", "cookie_3"=>"chocolate"}, cookies) - assert_equal "Gone", response.body - end ---- test/controller/rack_test.rb.debug 2010-01-07 03:03:57.000000000 +0900 -+++ test/controller/rack_test.rb 2010-01-07 05:40:49.000000000 +0900 -@@ -215,11 +215,16 @@ - - status, headers, body = @response.to_a - assert_equal 200, status -+ if headers['Set-Cookie'].is_a?(Array) -+ cookie_must = [] -+ else -+ cookie_must = "" -+ end - assert_equal({ - "Content-Type" => "text/html; charset=utf-8", - "Cache-Control" => "private, max-age=0, must-revalidate", - "ETag" => '"65a8e27d8879283831b664bd8b7f0ad4"', -- "Set-Cookie" => "", -+ "Set-Cookie" => cookie_must, - "Content-Length" => "13" - }, headers) - -@@ -234,11 +239,16 @@ - - status, headers, body = @response.to_a - assert_equal 200, status -+ if headers['Set-Cookie'].is_a?(Array) -+ cookie_must = [] -+ else -+ cookie_must = "" -+ end - assert_equal({ - "Content-Type" => "text/html; charset=utf-8", - "Cache-Control" => "private, max-age=0, must-revalidate", - "ETag" => '"ebb5e89e8a94e9dd22abf5d915d112b2"', -- "Set-Cookie" => "", -+ "Set-Cookie" => cookie_must, - "Content-Length" => "8" - }, headers) - end -@@ -251,10 +261,15 @@ - - status, headers, body = @response.to_a - assert_equal 200, status -+ if headers['Set-Cookie'].is_a?(Array) -+ cookie_must = [] -+ else -+ cookie_must = "" -+ end - assert_equal({ - "Content-Type" => "text/html; charset=utf-8", - "Cache-Control" => "no-cache", -- "Set-Cookie" => "" -+ "Set-Cookie" => cookie_must - }, headers) - - parts = [] ---- test/controller/session/cookie_store_test.rb.debug 2010-01-07 03:03:57.000000000 +0900 -+++ test/controller/session/cookie_store_test.rb 2010-01-07 05:47:37.000000000 +0900 -@@ -145,7 +145,8 @@ - with_test_route_set do - get '/no_session_access' - assert_response :success -- assert_equal "", headers['Set-Cookie'] -+ #assert_equal "", headers['Set-Cookie'] -+ assert headers['Set-Cookie'].empty? - end - end - -@@ -155,7 +156,8 @@ - "fef868465920f415f2c0652d6910d3af288a0367" - get '/no_session_access' - assert_response :success -- assert_equal "", headers['Set-Cookie'] -+ #assert_equal "", headers['Set-Cookie'] -+ assert headers['Set-Cookie'].empty? - end - end - diff --git a/rubygem-actionpack-2.3.5-rack-compat.patch b/rubygem-actionpack-2.3.5-rack-compat.patch new file mode 100644 index 0000000..5e6451f --- /dev/null +++ b/rubygem-actionpack-2.3.5-rack-compat.patch @@ -0,0 +1,174 @@ +--- Rakefile.debug 2010-01-07 03:03:57.000000000 +0900 ++++ Rakefile 2010-01-28 00:43:00.000000000 +0900 +@@ -80,7 +80,7 @@ + s.requirements << 'none' + + s.add_dependency('activesupport', '= 2.3.5' + PKG_BUILD) +- s.add_dependency('rack', '~> 1.0.0') ++ s.add_dependency('rack', '>= 1.0.0') + + s.require_path = 'lib' + s.autorequire = 'action_controller' +--- lib/action_controller.rb.debug 2010-01-07 03:03:57.000000000 +0900 ++++ lib/action_controller.rb 2010-01-28 00:43:00.000000000 +0900 +@@ -31,7 +31,7 @@ + end + end + +-gem 'rack', '~> 1.0.1' ++gem 'rack', '>= 1.0.1' + require 'rack' + require 'action_controller/cgi_ext' + +--- lib/action_controller/integration.rb.debug 2010-01-07 03:03:57.000000000 +0900 ++++ lib/action_controller/integration.rb 2010-01-07 18:46:03.000000000 +0900 +@@ -320,9 +320,25 @@ + + @headers = Rack::Utils::HeaderHash.new(headers) + +- (@headers['Set-Cookie'] || "").split("\n").each do |cookie| +- name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2] +- @cookies[name] = value ++ # Umm.. it seems that with rack 1.1.0 @headers is an array ++ # instead of a string which rack 1.0.0 returned ++ # FIXME!! ++ ++ headers_cookie = @headers['Set-Cookie'] ++ if headers_cookie.is_a?(Array) ++ headers_cookie.each do |cookie_arr| ++ cookie_arr.split("\n").each do |cookie| ++ name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2] ++ @cookies[name] = value ++ end ++ end ++ ++ else ++ ++ (headers_cookie || "").split("\n").each do |cookie| ++ name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2] ++ @cookies[name] = value ++ end + end + + @body = "" +--- lib/action_controller/response.rb.debug 2010-01-07 03:03:57.000000000 +0900 ++++ lib/action_controller/response.rb 2010-01-07 19:40:44.000000000 +0900 +@@ -112,6 +112,12 @@ + end + + def etag? ++ ++ # FIXME!! ++ if Rack::VERSION[0] == 1 && Rack::VERSION[1] >= 1 ++ return headers.include?('ETag') && !headers['ETag'].nil? ++ end ++ + headers.include?('ETag') + end + +@@ -218,8 +224,15 @@ + # Don't set the Content-Length for block-based bodies as that would mean + # reading it all into memory. Not nice for, say, a 2GB streaming file. + def set_content_length! ++ ++ ## FIXME ++ + if status && status.to_s[0..2] == '204' + headers.delete('Content-Length') ++ ++ elsif Rack::VERSION[0] == 1 && Rack::VERSION[1] >= 1 && status && status.to_s[0..2] == '304' ++ headers.delete('Content-Length') ++ + elsif length = headers['Content-Length'] + headers['Content-Length'] = length.to_s + elsif !body.respond_to?(:call) && (!status || status.to_s[0..2] != '304') +--- test/controller/integration_test.rb.debug 2010-01-07 03:03:57.000000000 +0900 ++++ test/controller/integration_test.rb 2010-01-07 05:44:37.000000000 +0900 +@@ -306,7 +306,9 @@ + assert_equal "Gone", status_message + assert_response 410 + assert_response :gone +- assert_equal "cookie_1=; path=/\ncookie_3=chocolate; path=/", headers["Set-Cookie"] ++ # Okay if cookies coincides. ++ # With rake 1.1.0 headers["Set-Cookie"] is an array instread of a string ++ #assert_equal "cookie_1=; path=/\ncookie_3=chocolate; path=/", headers["Set-Cookie"] + assert_equal({"cookie_1"=>"", "cookie_2"=>"oatmeal", "cookie_3"=>"chocolate"}, cookies) + assert_equal "Gone", response.body + end +--- test/controller/rack_test.rb.debug 2010-01-07 03:03:57.000000000 +0900 ++++ test/controller/rack_test.rb 2010-01-07 05:40:49.000000000 +0900 +@@ -215,11 +215,16 @@ + + status, headers, body = @response.to_a + assert_equal 200, status ++ if headers['Set-Cookie'].is_a?(Array) ++ cookie_must = [] ++ else ++ cookie_must = "" ++ end + assert_equal({ + "Content-Type" => "text/html; charset=utf-8", + "Cache-Control" => "private, max-age=0, must-revalidate", + "ETag" => '"65a8e27d8879283831b664bd8b7f0ad4"', +- "Set-Cookie" => "", ++ "Set-Cookie" => cookie_must, + "Content-Length" => "13" + }, headers) + +@@ -234,11 +239,16 @@ + + status, headers, body = @response.to_a + assert_equal 200, status ++ if headers['Set-Cookie'].is_a?(Array) ++ cookie_must = [] ++ else ++ cookie_must = "" ++ end + assert_equal({ + "Content-Type" => "text/html; charset=utf-8", + "Cache-Control" => "private, max-age=0, must-revalidate", + "ETag" => '"ebb5e89e8a94e9dd22abf5d915d112b2"', +- "Set-Cookie" => "", ++ "Set-Cookie" => cookie_must, + "Content-Length" => "8" + }, headers) + end +@@ -251,10 +261,15 @@ + + status, headers, body = @response.to_a + assert_equal 200, status ++ if headers['Set-Cookie'].is_a?(Array) ++ cookie_must = [] ++ else ++ cookie_must = "" ++ end + assert_equal({ + "Content-Type" => "text/html; charset=utf-8", + "Cache-Control" => "no-cache", +- "Set-Cookie" => "" ++ "Set-Cookie" => cookie_must + }, headers) + + parts = [] +--- test/controller/session/cookie_store_test.rb.debug 2010-01-07 03:03:57.000000000 +0900 ++++ test/controller/session/cookie_store_test.rb 2010-01-07 05:47:37.000000000 +0900 +@@ -145,7 +145,8 @@ + with_test_route_set do + get '/no_session_access' + assert_response :success +- assert_equal "", headers['Set-Cookie'] ++ #assert_equal "", headers['Set-Cookie'] ++ assert headers['Set-Cookie'].empty? + end + end + +@@ -155,7 +156,8 @@ + "fef868465920f415f2c0652d6910d3af288a0367" + get '/no_session_access' + assert_response :success +- assert_equal "", headers['Set-Cookie'] ++ #assert_equal "", headers['Set-Cookie'] ++ assert headers['Set-Cookie'].empty? + end + end + diff --git a/rubygem-actionpack-2.3.x-CVE-2009-4214.patch b/rubygem-actionpack-2.3.x-CVE-2009-4214.patch deleted file mode 100644 index d180be8..0000000 --- a/rubygem-actionpack-2.3.x-CVE-2009-4214.patch +++ /dev/null @@ -1,39 +0,0 @@ -From bfe032858077bb2946abe25e95e485ba6da86bd5 Mon Sep 17 00:00:00 2001 -From: Gabe da Silveira -Date: Mon, 16 Nov 2009 21:17:35 -0800 -Subject: [PATCH] Make sure strip_tags removes tags which start with a non-printable character - -Signed-off-by: Michael Koziarski ---- - .../vendor/html-scanner/html/node.rb | 2 +- - .../test/controller/html-scanner/sanitizer_test.rb | 1 + - 2 files changed, 2 insertions(+), 1 deletions(-) - -diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb -index 6c03316..0cd05d8 100644 ---- a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb -+++ b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb -@@ -162,7 +162,7 @@ module HTML #:nodoc: - end - - closing = ( scanner.scan(/\//) ? :close : nil ) -- return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/) -+ return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/) - name.downcase! - - unless closing -diff --git a/actionpack/test/controller/html-scanner/sanitizer_test.rb b/actionpack/test/controller/html-scanner/sanitizer_test.rb -index e85a5c7..1923544 100644 ---- a/actionpack/test/controller/html-scanner/sanitizer_test.rb -+++ b/actionpack/test/controller/html-scanner/sanitizer_test.rb -@@ -19,6 +19,7 @@ class SanitizerTest < ActionController::TestCase - assert_equal "This has a here.", sanitizer.sanitize("This has a here.") - assert_equal "This has a here.", sanitizer.sanitize("This has a ]]> here.") - assert_equal "This has an unclosed ", sanitizer.sanitize("This has an unclosed ]] here...") -+ assert_equal "non printable char is a tag", sanitizer.sanitize("<\x07a href='/hello'>non printable char is a tag") - [nil, '', ' '].each { |blank| assert_equal blank, sanitizer.sanitize(blank) } - end - --- -1.6.0.1 - diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec index a12c62a..8215a6e 100644 --- a/rubygem-actionpack.spec +++ b/rubygem-actionpack.spec @@ -9,18 +9,17 @@ Summary: Web-flow and rendering framework putting the VC in MVC Name: rubygem-%{gemname} Epoch: 1 -Version: 2.3.4 -Release: 4%{?dist} +Version: 2.3.5 +Release: 1%{?dist} Group: Development/Languages License: MIT URL: http://www.rubyonrails.org Source0: http://gems.rubyforge.org/gems/%{gemname}-%{version}.gem Patch0: rubygem-actionpack-2.3.4-enable-test.patch -Patch1: rubygem-actionpack-2.3.x-CVE-2009-4214.patch # # Please someone fix the following Patch2!! (mtasaka) # -Patch2: rubygem-actionpack-2.3.4-rack-compat.patch +Patch2: rubygem-actionpack-2.3.5-rack-compat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: rubygems Requires: rubygem(activesupport) = %{version} @@ -54,7 +53,6 @@ sed -i -e '/rack/s|~>|>=|' \ pushd .%{geminstdir} %patch0 -p0 -%patch1 -p2 %patch2 -p0 # create missing symlink @@ -121,6 +119,9 @@ rake test --trace %changelog +* Thu Jan 28 2010 Mamoru Tasaka - 1:2.3.5-1 +- Update to 2.3.5 + * Fri Jan 8 2010 Mamoru Tasaka - 1:2.3.4-4 - Workaround patch to fix for rack 1.1.0 dependency (bug 552972) diff --git a/sources b/sources index f5147d8..9a8689c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -da53635065d9083ec37be4a36763af9c actionpack-2.3.4.gem +c32297f6e4af8ac9971dbc116e98a636 actionpack-2.3.5.gem