File rubygem-activerecord-3_2.changes of Package rubygem-activerecord-3_2

-------------------------------------------------------------------
Thu Jul 17 18:12:39 UTC 2014 - jmassaguerpla@suse.com

- fix CVE-2014-3482: SQL injection vulnerability in 'bitstring' quoting
  (bnc#885636)

  CVE-2014-3482.patch: patch that fixes the vulnerability

-------------------------------------------------------------------
Tue Jul 15 15:27:54 UTC 2014 - mrueckert@suse.de

- added gem2rpm.yml and regenerated the spec file with it

-------------------------------------------------------------------
Thu Jun 26 11:30:58 UTC 2014 - mrueckert@suse.de

- acccidently killed the package versioning, bringing it back.

-------------------------------------------------------------------
Wed Jun 25 18:40:06 UTC 2014 - mrueckert@suse.de

- move to SLE 12 packaging schema

-------------------------------------------------------------------
Thu Apr  3 14:41:10 UTC 2014 - jmassaguerpla@suse.com

- updated to version 3.2.17
 * I had to update other rails components because of security issues,
   thus I am updating this one so that we have all rails components
   in the same version 

-------------------------------------------------------------------
Tue Mar 19 09:58:05 UTC 2013 - coolo@suse.com

- updated to version 3.2.13
 *   Fix overriding of attributes by default_scope on `ActiveRecord::Base#dup`.
 *   Fix issue with overriding Active Record reader methods with a composed object
     and using that attribute as the scope of a `uniqueness_of` validation.
 *   Sqlite now preserves custom primary keys when copying or altering tables.
     Fixes #9367.
 *   Preloading `has_many :through` associations with conditions won't
     cache the `:through` association. This will prevent invalid
     subsets to be cached.
 *   Fix handling of dirty time zone aware attributes

-------------------------------------------------------------------
Tue Feb 12 13:33:02 UTC 2013 - coolo@suse.com

- updated to version 3.2.12
 *   Quote numeric values being compared to non-numeric columns. Otherwise,
     in some database, the string column values will be coerced to a numeric
     allowing 0, 0.0 or false to match any string starting with a non-digit.
 
     Example:
 
         App.where(apikey: 0) # => SELECT * FROM users WHERE apikey = '0'
 
-------------------------------------------------------------------
Tue Jan  8 20:19:46 UTC 2013 - coolo@suse.com

- updated to version 3.2.11
 *   Fix querying with an empty hash *Damien Mathieu* [CVE-2013-0155]

-------------------------------------------------------------------
Thu Jan  3 22:40:22 UTC 2013 - coolo@suse.com

- updated to version 3.2.10
 *   CVE-2012-5664 options hashes should only be extracted if there are extra
     parameters

-------------------------------------------------------------------
Tue Nov 13 14:00:43 UTC 2012 - coolo@suse.com

- updated to version 3.2.9
 *   Fix issue with collection associations calling first(n)/last(n) and attempting
     to set the inverse association when `:inverse_of` was used. Fixes #8087.
 *   Fix bug when Column is trying to type cast boolean values to integer.
     Fixes #8067.
 *   Fix bug where `rake db:test:prepare` tries to load the structure.sql into development database.
     Fixes #8032.
 *   Fixed support for `DATABASE_URL` environment variable for rake db tasks. *Grace Liu*
 *   Fix bug where `update_columns` and `update_column` would not let you update the primary key column.
 *   Decode URI encoded attributes on database connection URLs.
 *   Fix AR#dup to nullify the validation errors in the dup'ed object. Previously the original
     and the dup'ed object shared the same errors.
 *   Synchronize around deleting from the reserved connections hash.
     Fixes #7955
 *   PostgreSQL adapter correctly fetches default values when using
     multiple schemas and domains in a db. Fixes #7914
 *   Fix deprecation notice when loading a collection association that
     selects columns from other tables, if a new record was previously
     built using that association.
 *   The postgres adapter now supports tables with capital letters.
     Fix #5920
 *   `CollectionAssociation#count` returns `0` without querying if the
     parent record is not persisted.
 ... more, see CHANGELOG.md

-------------------------------------------------------------------
Fri Aug 10 06:32:09 UTC 2012 - coolo@suse.com

- updated to version 3.2.8
*   Do not consider the numeric attribute as changed if the old value is zero and the new value
    is not a string.  Fixes #7237.
*   Removes the deprecation of `update_attribute`. *fxn*
*   Reverted the deprecation of `composed_of`.
*   Reverted the deprecation of `*_sql` association options. They will
    be deprecated in 4.0 instead.
*   Do not eager load AR session store. ActiveRecord::SessionStore depends on the abstract store
    in Action Pack. Eager loading this class would break client code that eager loads Active Record
    standalone.
    Fixes #7160
*   Do not set RAILS_ENV to "development" when using `db:test:prepare` and related rake tasks.
    This was causing the truncation of the development database data when using RSpec.
    Fixes #7175.

-------------------------------------------------------------------
Fri Jul 27 12:55:06 UTC 2012 - coolo@suse.com

- update to 3.2.7
*   `:finder_sql` and `:counter_sql` options on collection associations
    are deprecated. Please transition to using scopes.
*   `:insert_sql` and `:delete_sql` options on `has_and_belongs_to_many`
    associations are deprecated. Please transition to using `has_many
    :through`
*   `composed_of` has been deprecated. You'll have to write your own accessor
    and mutator methods if you'd like to use value objects to represent some
    portion of your models.
*   `update_attribute` has been deprecated. Use `update_column` if
    you want to bypass mass-assignment protection, validations, callbacks,
    and touching of updated_at. Otherwise please use `update_attributes`.

-------------------------------------------------------------------
Fri Jun 29 10:26:02 UTC 2012 - coolo@suse.com

- update to 3.2.6
  *   protect against the nesting of hashes changing the
      table context in the next call to build_from_hash. This fix
      covers this case as well.
      CVE-2012-2695
  *   Revert earlier 'perf fix' (see 3.2.4 changelog / GH #6289). This
      change introduced a regression (GH #6609). assoc.clear and
      assoc.delete_all have loaded the association before doing the delete
      since at least Rails 2.3. Doing the delete without loading the
      records means that the `before_remove` and `after_remove` callbacks do
      not get invoked. Therefore, this change was less a fix a more an
      optimisation, which should only have gone into master.
  *   Restore behavior of Active Record 3.2.3 scopes.
      A series of commits relating to preloading and scopes caused a regression.
  *   Perf fix: Don't load the records when doing assoc.delete_all.
      GH #6289. *Jon Leighton*
  *   Association preloading shouldn't be affected by the current scoping.
      This could cause infinite recursion and potentially other problems.
      See GH #5667. *Jon Leighton*
  *   Datetime attributes are forced to be changed. GH #3965
  *   Fix attribute casting. GH #5549
  *   Fix #5667. Preloading should ignore scoping.
  *   Predicate builder should not recurse for determining where columns.
      Thanks to Ben Murphy for reporting this! CVE-2012-2661

-------------------------------------------------------------------
Mon Apr 23 09:42:29 UTC 2012 - saschpe@suse.de

- Explicitly require rubygem-activemodel-3_2 and rubygem-activesupport-3_2
  instead of rubygem-activemodel and rubygem-activemodel to fix
  'have choice' errors

-------------------------------------------------------------------
Wed Apr  4 15:46:10 UTC 2012 - coolo@suse.com

- update to 3.2.3
  *   Added find_or_create_by_{attribute}! dynamic method. *Andrew White*
  *   Whitelist all attribute assignment by default. 
  *   Update ActiveRecord::AttributeMethods#attribute_present? to return false for empty strings. *Jacobkg*
  *   Fix associations when using per class databases. *larskanis*
  *   Revert setting NOT NULL constraints in add_timestamps *fxn*
  *   Fix mysql to use proper text types. Fixes #3931. *kennyj*
  *   Fix #5069 - Protect foreign key from mass assignment through association builder. *byroot*

-------------------------------------------------------------------
Fri Jan 27 01:08:32 UTC 2012 - mrueckert@suse.de

- update to 3.2.1
  * The threshold for auto EXPLAIN is ignored if there's no logger.
    *fxn*
  * Call `to_s` on the value passed to `table_name=`, in particular
    symbols are supported (regression). *Sergey Nartimov*
  * Fix possible race condition when two threads try to define
    attribute methods for the same class. *Jon Leighton*

-------------------------------------------------------------------
Thu Jan 26 16:49:22 UTC 2012 - mrueckert@suse.de

- initial package of the 3.2 branch