Fix security issue, bug 450974.

Package-Manager: portage-2.1.11.31/cvs/Linux x86_64 Manifest-Sign-Key: 0x8883FA56A308A8D7!
author: Hans de Graaff <graaff@gentoo.org> 2013-01-15 07:33:31 +0000
committer: Hans de Graaff <graaff@gentoo.org> 2013-01-15 07:33:31 +0000
commit: e065bfc9e0e940478e92bc7724a8a2faa0c29643 (patch)
tree: cf0d2b735fd92a47560cce4e2d2b8f61bfe67477
parent: version bump #451724 (diff)
download: historical-e065bfc9e0e940478e92bc7724a8a2faa0c29643.tar.gz
historical-e065bfc9e0e940478e92bc7724a8a2faa0c29643.tar.bz2
historical-e065bfc9e0e940478e92bc7724a8a2faa0c29643.zip
4 files changed, 112 insertions, 2 deletions
diff --git a/dev-ruby/activerecord/ChangeLog b/dev-ruby/activerecord/ChangeLog
index 8d03f922eb7c..db6da422252b 100644
--- a/dev-ruby/activerecord/ChangeLog
+++ b/dev-ruby/activerecord/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-ruby/activerecord
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-ruby/activerecord/ChangeLog,v 1.215 2013/01/09 15:14:01 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-ruby/activerecord/ChangeLog,v 1.216 2013/01/15 07:33:23 graaff Exp $
+
+*activerecord-2.3.15-r1 (15 Jan 2013)
+
+  15 Jan 2013; Hans de Graaff <graaff@gentoo.org>
+  +activerecord-2.3.15-r1.ebuild,
+  +files/activerecord-2.3.15-null-array-param.patch:
+  Fix security issue, bug 450974.
 
   09 Jan 2013; Agostino Sarubbo <ago@gentoo.org> activerecord-2.3.15.ebuild:
   Stable for ppc64, wrt bug #450974
diff --git a/dev-ruby/activerecord/Manifest b/dev-ruby/activerecord/Manifest
index 4ffa87865ff9..31a330f89c6f 100644
--- a/dev-ruby/activerecord/Manifest
+++ b/dev-ruby/activerecord/Manifest
@@ -1,5 +1,9 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
 AUX activerecord-2.3.10-rails3.patch 295 SHA256 96422289122ca769d24f488bc9ab9af9cdda4162ad83a3fe27894b04106d8567 SHA512 0aea58d477b1be3b664e12895316fb8b39c4e6770107a96cef1331cc483f19126709b99d2b4c257c4b10c03ad4d355e57af8ea82df25740851ab6037e745826c WHIRLPOOL 278f8d6457834fb449f725445bb399321e3040913b74594b990929383cbe51d28bdfd127154e089aa5ae18ec144f5561a18f1635c443b0965c326c64916eddbe
 AUX activerecord-2.3.14-dynamic-finder-injection.patch 2138 SHA256 d24dcb57517b5dc5056a91bea1dd7ac63a587dd6a7fba7bc9e621fbe18fbe26e SHA512 23d12fbd4ff6ba51f3f17bd35c79e71b5304926780626898fcfb0709a12d8403421d939fff615673963f40afc663b62935701eec4a2c0184c943c6345c17bc61 WHIRLPOOL 753facd9e94cb474f09803b8ee19b1afccf4661e7a1eb7a3c20ff66c2355fdf37a772124f2b8b355ea123f2effd615b1eb16d38a74d99f3f855686aeb0291753
+AUX activerecord-2.3.15-null-array-param.patch 907 SHA256 eaac6a89147c2f4ff0cf75301ac199adcdb18bec3b856af005805aac41677651 SHA512 d18ef97cd98b25055a3865789452f32e15e08718c2288f741e6f33c9a5441ca47f4030ef4e4a6d305b59bf68030686cfa637458f75abd6cf84120a6cefae6de0 WHIRLPOOL 155df14956562306f55f5512c3da0fd19f5010c3c908db953d13b446491b8297a02ca3c743c5476c8d53d5505b077908620f72eea28f879709737ec9877db264
 AUX activerecord-2.3.8-add-index-with-symbol.patch 2588 SHA256 792750e8a065d78235d72d6549694bef3f2b3ffb537c699cd598d19d436a70cd SHA512 c03c3123a2ad65a121f682436f831b249f478a691f66baf2360588f7f9141d6cba992c107440d5095cc44311ea28268a5dd7a3bc3727c3f9d98fb0a771142bfc WHIRLPOOL 16e1f4357fd07446ffa1863c95512f9a371f8f96226f9c77a905971fe16d3213ba602665078f3e12c5b66ab765a6e5cee1d90fedd610691408ec0988024dbe25
 DIST activerecord-2.3.14.gem 541184 SHA256 83a3c115c30427158dc3b5eec42dd1f88482171eac12ea11668171aaa41202f2 SHA512 5a00c5c4c699099a756ef360e481e5cbef8f14383306ef890959e986f05f0fb21a1aca579fc327d08e2d1ff3772e0d78c35ebdebe62ff4b7555885dec11d6d79 WHIRLPOOL dab96fadf5ec54d941afd1ace0e911830a1ec81450a217ce53cf73b45dd67bf0f942134e45ecde2fae02d1bfccddd437cfcc336648ed0fe6443c5aaa4ff0a8d3
 DIST activerecord-2.3.15.gem 541184 SHA256 2f97c0f8346466f5125f8181f00cd2162e915b5205162abb8ae2f5d72c7406e8 SHA512 6699656491355f236fc733dc924c134c0cb4ac83523c3adc5717d2af438fcbf8172668f85b8636cec745e8113877128941001417e18ca7efd92d99f57b15d449 WHIRLPOOL 54c907a48854ece97830b4903c8c1a1c4171477d76b9d650a61a07c7a9520ea940ac4ac18868038c18f443bb9bc2cc8f1bca612b4cf68321fe3db54155483a2b
@@ -11,6 +15,7 @@ DIST rails-3.1.9.tgz 3394638 SHA256 4074445226cc00ac8f0b0c6b5578a14d7b3614af948e
 DIST rails-3.2.10.tgz 3546186 SHA256 068a910b8798a9b65492b6da3b9e45f28ce9d4bb5cef53c7d0f87a12d074d190 SHA512 4df0fa285d45c4a058e748d121b8ce43226c6738737e61d29b1e30141acde783535a89d4c115f8a1e37c46d06735462ecd16c8319caf43626790fce6e04aa5b5 WHIRLPOOL 8eb627d5622be368be699899f2fb6f8eed2a225a4b84823968c422d992e01ff1802504020edea3245f24a9d45f7625576278ea4fffb5dd4fc58ae877005aeb9c
 DIST rails-3.2.11.tgz 3547068 SHA256 3f05603f84bfb7a99f999f878af247533706255e6b3baa4111439b6f5fd8ab70 SHA512 50644772186127887bd4d7537ad41cbe549c5c8496274cad2765f21859528a0f42f5b8dbe3a1627a08b1724b2e019c0ec6526cccfdff3da4ffcec285f9259558 WHIRLPOOL 70d5620fc611872b2af62351c81abbe43b3b1d41c92a1d1935cef704a4a655c9bb043599bc758c947c14378ef52e34b44c61536d5a048401cc6bfaef613eba23
 EBUILD activerecord-2.3.14-r1.ebuild 1679 SHA256 1d8d1f77460adca8269500bd503732060f1824766e3502bbd91b0edbb1c7f10d SHA512 c49d7695a8f4e68d768ba84ff8b92d95e3ed76b4091a445a84d3b14fc064b1dada3c1e72e333ef3bc51621f048fd9a4bb859fb0e8310676b3767f27dd77b0b14 WHIRLPOOL 18a2d1359dd539ccf91e9480350048f51b875180bbdf0b69ef791848ee0f6fee758367097e8fece4521abd6fa92e384482433c5c794d6dbe2645c8b2d0737b64
+EBUILD activerecord-2.3.15-r1.ebuild 1885 SHA256 d44e29cf93181669c3d3eabb777e4a95f6e71515c514b901a3f3a25ecf8d334f SHA512 4a7811e4238483751fe0619c0c0a2263319532cf66e25fa15e49342168eda640e52f6b0ff8d8d8d2a06b2e45bb5b31f72105c7bd3861cd0d6afcb8041b5574fc WHIRLPOOL 7c35da7b76e8dc63a79a4f3724f577441bf3c2885577a439410a92cddfeac21934178b4f4ee04f122292c203bcd1fa705c04bfc66b67dfd663128ba2b8e161c0
 EBUILD activerecord-2.3.15.ebuild 1824 SHA256 1b887d2a539ae69f0457c3ed961ba5a4d3bf46c2fb238ecb58ad1e9b95e01031 SHA512 c43531eec80e14ad681b350b68d719a131a612460cd82603d88d39bc8ee6fefd6e95246b8a1affaebcefba4f8d2016a3424f5d13de1d632c121a95101f5da9b5 WHIRLPOOL bad80f54bba7f9bba2e5275b1c10493aa4074c9af971ac5311b9704cbd35eeb481197fe28793ab9ff4b188cac8973b13053eba3c0b7709d89d6d5b20d9e24674
 EBUILD activerecord-3.0.18.ebuild 2225 SHA256 d65cf02abf24d1279029646097f999a6660fff3c70b88e77c703bbf0bc27e451 SHA512 f9ecbd42e8a6b8cb3f392f8576d8f357486689fa953fad6822c289f7ee099f44bca2bd3dae8a2561da86ba1782bafeed60ff1af6c1b26050db4b41ee52a1dfdf WHIRLPOOL 2072de8ace5a7ac2dc821abd8acf33599d6940ce0f3e0cf66f07bf517b0904ba93bfda05268ee9fefe6c1e5a52a33ab17c34e29fb6d7994badcf7646c205d3bb
 EBUILD activerecord-3.0.19.ebuild 2375 SHA256 5c0919060328e14a8e383eb04beb5912b441a10db37beed5d779747a8ffc5366 SHA512 1e4561bf0c05bcde960ce0a80f0b4a189a40a4716c0fa0a7f59c417d2c727f050005e522e539d913647c3ad60dacb0b6004d3cf80be5998ea9b0d54ff1d2e4f6 WHIRLPOOL 076dbd57fe9bb44bd4ac126e0b1f2434c6ca2384ba38f8327515690e3fa41663ffc79ceba8a820b430038393d21d61278a87876b30e8a03469891acf128b62e9
@@ -19,5 +24,12 @@ EBUILD activerecord-3.1.3.ebuild 2066 SHA256 d8b4ac20df272e66a533ea5558df76e26d2
 EBUILD activerecord-3.1.9.ebuild 2419 SHA256 02ed7966bb30e9723f6510ead14071246d3959a22de0b28906fb80c117cf24d1 SHA512 dee50569372bea20e8a0c259ecf35c7cfdc3e067086b329d066cfe0687108ed269472915802a41d034c4d4179751c758dbf170d0988cfae2051b31194f6a54b9 WHIRLPOOL cf94cfab1a76de8cb72e4e4aa25806257d1f1fdd928788644b1a7705fc82d876c71b68d23aacef432a436d604de97a6cfb97e6727405dfc5a45a860f68c95e27
 EBUILD activerecord-3.2.10.ebuild 2426 SHA256 ccd1980974cf0f662e09822db41ec5b93d8968bcca48fdf5a3ff9d9f0f4ad4bf SHA512 e80cf68ba592ceb5289df8525f5903698bdc15b9256b34cd4af768e2aa2095fe105394b2b8190c154ea95876ac5c3aa943195fbb1658ccea7088b4b10d811da1 WHIRLPOOL 01683e5aeb9799164d3b74bffb7d52fbde769bc9574f57877247e425bc2114f8b7ada338fdf95af973133e40634319b9be3a946aef5ee2c8fb2456301c6c1482
 EBUILD activerecord-3.2.11.ebuild 2426 SHA256 ffb9411863ba79f060853be878a2474e98b9fdf053c06e7ea18a8e4966438041 SHA512 f0cbd5c1a910aae8720251394bad9c330433f4e761a7e45ca8f25eeb0e1c6de54f9e8145d922c8a255b42525618997d019ca4664fa626b78bdd5a97223594240 WHIRLPOOL cf98cfa7f4a6c2c84564986bce9fbe5aa64a7eb90fc8513e332a00c3dac25210322ac4ddf04e6d12a186c600364963b7c056a994bba40498988c8bd897135b0d
-MISC ChangeLog 29579 SHA256 d427488bafcd6c2585c4ba7e63254e4b496d61f023b27e111a1db4d233c75557 SHA512 9bf85a12c0e635ab68e153e11767787b72e0aeb1a2b47105be9a25c8b62d14125720abcee759d634d17b3516605e4d0d3b8d982809d31294513cb7a5e4f0da80 WHIRLPOOL 7f813cdaaf37fd9f29da386b939b0065bcd127968d744da61f0affc52f1ca5df92dc0db8c547e583680383f91b663b051b486e99d02f94a699385e29025e380b
+MISC ChangeLog 29793 SHA256 2e20d60abb9f06d7209d02a14896fd9de4f714203b4a9d320f9ee4cde26e95ac SHA512 2a4ff80a83aaeaf8eb4608b2b99d13888aa3c7fcc337008b9b63de3b31fda0e8f91efd73be49465cc180bba20132339e066f42e04c80cd733aaea1f0eaecf880 WHIRLPOOL 0b080155c320349bdaec04cb6337e54a85380bdae0fb7b80611e83d761225b3e073ecbcae30b76562d3d2a63c322181b7a71b78e2f536be9baea3e34724e9074
 MISC metadata.xml 157 SHA256 11fba03a217e2d996f5cd8895493a5692ece8ddac2c1a2dfc71d0e830555121c SHA512 0cec73b966de88015ea4c7212723d848d367608aa93658bb945f298a8000c4ba8aba73c9eb8481859fb5bbed45e80dae32c628caf81e027a4ad8eafa7e632851 WHIRLPOOL 4da25c81e21173ad8b7b5f35b056264869d9a16741062aa4422c5ea1aa9e73da8eb700b0d54de84c169d702fbb3f41ed157c9dc7c9daac110849ae84715c051b
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+iF4EAREIAAYFAlD1BksACgkQiIP6VqMIqNd0ngD/UWHybZ+Aai7feebnR6+gHyPh
+rMnvrWHqLrN1MYuKPi0A/20ylB4Fb7J/2Pzt8hgNC+GKySaMpS2VxzqweL9z/Hrv
+=/DfD
+-----END PGP SIGNATURE-----
diff --git a/dev-ruby/activerecord/activerecord-2.3.15-r1.ebuild b/dev-ruby/activerecord/activerecord-2.3.15-r1.ebuild
new file mode 100644
index 000000000000..9128fa948424
--- /dev/null
+++ b/dev-ruby/activerecord/activerecord-2.3.15-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-ruby/activerecord/activerecord-2.3.15-r1.ebuild,v 1.1 2013/01/15 07:33:23 graaff Exp $
+
+EAPI=2
+USE_RUBY="ruby18 ree18 jruby"
+
+# this is not null so that the dependencies will actually be filled
+RUBY_FAKEGEM_TASK_TEST="none"
+
+RUBY_FAKEGEM_DOCDIR="doc"
+RUBY_FAKEGEM_EXTRADOC="CHANGELOG README"
+
+inherit ruby-fakegem
+
+DESCRIPTION="Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM"
+HOMEPAGE="http://rubyforge.org/projects/activerecord/"
+
+LICENSE="MIT"
+SLOT="2.3"
+KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x64-solaris ~x86-solaris"
+IUSE="mysql postgres sqlite3" #sqlite
+
+ruby_add_rdepend "~dev-ruby/activesupport-${PV}"
+
+#ruby_add_rdepend sqlite ">=dev-ruby/sqlite-ruby-2.2.2"
+USE_RUBY=ruby18 \
+	ruby_add_rdepend "
+		sqlite3? ( dev-ruby/sqlite3 )
+		mysql? ( >=dev-ruby/mysql-ruby-2.7 )
+		postgres? ( dev-ruby/pg )"
+
+ruby_add_bdepend "
+	test? (
+		dev-ruby/rdoc
+		=dev-ruby/mocha-0.10*
+	)"
+
+all_ruby_prepare() {
+	epatch "${FILESDIR}"/${P}-null-array-param.patch
+
+	# Custom template not found in package
+	sed -i -e '/horo/d' Rakefile || die
+
+	# Remove test cases with hash ordering failures.
+	sed -i -e '/test_bind_enumerable/,/end/ s:^:#:' test/cases/finder_test.rb || die
+	sed -i -e '/test_should_automatically_build_new_associated/,/^  end/ s:^:#:' test/cases/nested_attributes_test.rb || die
+
+	# Make sure we load a compatible version of activesupport for tests.
+	sed -i -e '10igem "activesupport", "~>2.3.15"' test/cases/helper.rb || die
+
+	# Drop test now broken by security fixes.
+	rm test/cases/serialization_test.rb
+}
+
+each_ruby_test() {
+	case ${RUBY} in
+		*jruby)
+			;;
+		*)
+			if use sqlite3; then
+				${RUBY} -S rake test_sqlite3 || die "sqlite3 tests failed"
+			fi
+			;;
+	esac
+}
diff --git a/dev-ruby/activerecord/files/activerecord-2.3.15-null-array-param.patch b/dev-ruby/activerecord/files/activerecord-2.3.15-null-array-param.patch
new file mode 100644
index 000000000000..609c108269c7
--- /dev/null
+++ b/dev-ruby/activerecord/files/activerecord-2.3.15-null-array-param.patch
@@ -0,0 +1,25 @@
+From 0fdf0aa845eead13ee04022f2384b1fd108fc435 Mon Sep 17 00:00:00 2001
+From: Ernie Miller <ernie@erniemiller.org>
+Date: Tue, 8 Jan 2013 18:41:59 -0500
+Subject: [PATCH] Fix for CVE-2013-0155
+
+---
+ activerecord/lib/active_record/base.rb | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
+index 0179b00..cfc6e86 100755
+--- a/activerecord/lib/active_record/base.rb
++++ b/activerecord/lib/active_record/base.rb
+@@ -2340,6 +2340,8 @@ module ActiveRecord #:nodoc:
+         def sanitize_sql_hash_for_conditions(attrs, default_table_name = quoted_table_name, top_level = true)
+           attrs = expand_hash_conditions_for_aggregates(attrs)
+ 
++          return '1 = 2' if !top_level && attrs.is_a?(Hash) && attrs.empty?
++
+           conditions = attrs.map do |attr, value|
+             table_name = default_table_name
+ 
+-- 
+1.8.0.1
+
author	Hans de Graaff <graaff@gentoo.org>	2013-01-15 07:33:31 +0000
committer	Hans de Graaff <graaff@gentoo.org>	2013-01-15 07:33:31 +0000
commit	e065bfc9e0e940478e92bc7724a8a2faa0c29643 (patch)
tree	cf0d2b735fd92a47560cce4e2d2b8f61bfe67477
parent	version bump #451724 (diff)
download	historical-e065bfc9e0e940478e92bc7724a8a2faa0c29643.tar.gz historical-e065bfc9e0e940478e92bc7724a8a2faa0c29643.tar.bz2 historical-e065bfc9e0e940478e92bc7724a8a2faa0c29643.zip