packages/rubygem-railties
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:437656be6ff916152b5b175cbc334c4739e9703f
Branches Tags
packages:main
...
compare: packages:f8c60d00bc91ef0ab29bfcfc1a92a2fc32405731
Branches Tags
packages:main

10 Commits
437656be6f ... f8c60d00bc

Author SHA1 Message Date
openeuler-ci-bot
f8c60d00bc
!24 [sync] PR-22: Fix CVE-2023-38037 
From: @openeuler-sync-bot 
Reviewed-by: @jxy_git 
Signed-off-by: @jxy_git
 2023-09-11 09:22:36 +00:00
wk333
8134b5bce7 Fix CVE-2023-38037 
(cherry picked from commit b82e154a032761d2204d19e261f9d6aa2a651e4a)
 2023-09-11 17:13:47 +08:00
openeuler-ci-bot
47e64294dd !13 [sync] PR-8: Add requires ruby-devel sqlite-devel 
From: @openeuler-sync-bot
Reviewed-by: @hht8
Signed-off-by: @hht8
 2021-06-03 15:44:16 +08:00
lingsheng
551d690b64 Add requires ruby-devel sqlite-devel 
(cherry picked from commit 06fc4f4a7c695e7a28ab153ad6ed087e48e7863f)
 2021-04-07 11:23:35 +08:00
openeuler-ci-bot
c551d0e71a !10 [sync] PR-7: Add requires rubygem(bundler) 
From: @openeuler-sync-bot
Reviewed-by: @hht8
Signed-off-by: @hht8
 2021-04-07 10:45:48 +08:00
lingsheng
b80eaeadea Add requires rubygem(bundler) 
(cherry picked from commit 3439f2847e73250c8195ec62fa008cf13641fdf9)
 2021-04-07 09:38:34 +08:00
openeuler-ci-bot
443c32512e !6 [sync] PR-3: upgrade to 5.2.4.4 
From: @openeuler-sync-bot
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2021-03-17 09:23:55 +08:00
si-gui
fb5bb8c6fa upgrade to 5.2.4.4 
(cherry picked from commit 4dd352a95afd0eb64a2db6483c5d471449e794e5)
 2021-03-16 17:40:43 +08:00
openeuler-ci-bot
29e5ba99e5 !2 Fix build fail 
Merge pull request !2 from lyn/master
 2020-09-07 12:13:15 +08:00
lyn1001
f23ecc6a66 fix build fail 2020-09-05 18:39:39 +08:00
5 changed files with 81 additions and 2 deletions
Show Stats Expand all files Collapse all files

60
CVE-2023-38037.patch Normal file
View File

@ -0,0 +1,60 @@
From c85cc667ebfd3c270df37c7575d580ea6462e12f Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron@rubyonrails.org>
Date: Tue, 22 Aug 2023 09:58:43 -0700
Subject: [PATCH] Use a temporary file for storing unencrypted files while
editing
Origin: https://github.com/rails/rails/commit/c85cc667ebfd3c270df37c7575d580ea6462e12f
When we're editing the contents of encrypted files, we should use the
`Tempfile` class because it creates temporary files with restrictive
permissions. This prevents other users on the same system from reading
the contents of those files while the user is editing them.
[CVE-2023-38037]
---
.../lib/active_support/encrypted_file.rb | 17 ++++++++---------
activesupport/test/encrypted_file_test.rb | 8 ++++++++
railties/lib/rails/secrets.rb | 18 ++++++++++--------
3 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/railties/lib/rails/secrets.rb b/railties/lib/rails/secrets.rb
index 54ba53c03b981..913d5e57c1bfb 100644
--- a/railties/lib/rails/secrets.rb
+++ b/railties/lib/rails/secrets.rb
@@ -1,6 +1,7 @@
# frozen_string_literal: true
require "yaml"
+require "tempfile"
require "active_support/message_encryptor"
require "active_support/core_ext/string/strip"
module Rails
@@ -87,17 +88,18 @@ def preprocess(path)
end
def writing(contents)
- tmp_file = "#{File.basename(path)}.#{Process.pid}"
- tmp_path = File.join(Dir.tmpdir, tmp_file)
- IO.binwrite(tmp_path, contents)
+ file_name = "#{File.basename(path)}.#{Process.pid}"
- yield tmp_path
+ Tempfile.create(["", "-" + file_name]) do |tmp_file|
+ tmp_path = Pathname.new(tmp_file)
+ tmp_path.binwrite contents
- updated_contents = IO.binread(tmp_path)
+ yield tmp_path
- write(updated_contents) if updated_contents != contents
- ensure
- FileUtils.rm(tmp_path) if File.exist?(tmp_path)
+ updated_contents = tmp_path.binread
+
+ write(updated_contents) if updated_contents != contents
+ end
end
def encryptor

BIN
railties-5.2.3.gem
View File

Binary file not shown.

BIN
railties-5.2.4.4.gem Normal file
View File

Binary file not shown.

23
rubygem-railties.spec
View File

@ -1,15 +1,20 @@
%global gem_name railties
%bcond_with test
%{?_with_bootstrap: %global bootstrap 1}
%global bootstrap 1
Name: rubygem-%{gem_name}
Version: 5.2.3
Release: 2
Version: 5.2.4.4
Release: 5
Summary: Tools for creating, working with, and running Rails applications
License: MIT
URL: http://rubyonrails.org
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
Source1: https://github.com/rails/rails/archive/v%{version}.tar.gz
# Check value of result.source_location in
# test_unit/reporter.rb#format_rerun_snippet
# https://github.com/rails/rails/pull/32297
Patch0: rubygem-railties-5.1.5-check-value-of-result-source-location.patch
Patch1: CVE-2023-38037.patch
Suggests: %{_bindir}/sqlite3
BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(actioncable) = %{version}
BuildRequires: rubygem(actionmailer) = %{version} rubygem(actionpack) = %{version}
@ -21,6 +26,7 @@ BuildRequires: rubygem(thor) >= 0.18.1 rubygem(turbolinks) git
%if ! 0%{?bootstrap}
BuildRequires: rubygem(jquery-rails) rubygem(uglifier) rubygem(rails) %{_bindir}/node
%endif
Requires: rubygem(bundler) ruby-devel sqlite-devel
BuildArch: noarch
%description
Rails internals: application bootup, plugins, generators, and rake tasks.
@ -41,6 +47,7 @@ Documentation for %{name}.
%gem_install -n %{SOURCE0}
pushd .%{gem_instdir}
%patch0 -p2
%patch1 -p2
popd
%build
@ -153,6 +160,18 @@ popd
%doc %{gem_instdir}/README.rdoc
%changelog
* Mon Sep 11 2023 wangkai <13474090681@163.com> - 5.2.4.4-5
- Fix CVE-2023-38037
* Tue Apr 6 2021 lingsheng <lingsheng@huawei.com> - 5.2.4.4-4
- Add requires ruby-devel sqlite-devel
* Tue Apr 6 2021 lingsheng <lingsheng@huawei.com> - 5.2.4.4-3
- Add requires rubygem(bundler)
* Mon Feb 8 2021 sunguoshuai <sunguoshuai@huawei.com> - 5.2.4.4-1
- Upgrade to 5.2.4.4
* Sat Sep 5 2020 liyanan <liyanan32@huawei.com> - 5.2.3-2
- fix build fail

BIN
v5.2.3.tar.gz → v5.2.4.4.tar.gz
View File

Binary file not shown.