File rubygem-activesupport-4_2.changes of Package rubygem-activesupport-4_2.5663
-------------------------------------------------------------------
Mon Aug 28 17:05:05 UTC 2017 - rsalevsky@suse.com
- update to version 4.2.9 (bsc#1055962)
* drop CVE-2016-0753.patch and CVE-2015-7576.patch as they got merged upstream
## Rails 4.2.9 (June 26, 2017) ##
* Fixed bug in `DateAndTime::Compatibility#to_time` that caused it to
raise `RuntimeError: can't modify frozen Time` when called on any frozen `Time`.
Properly pass through the frozen `Time` or `ActiveSupport::TimeWithZone` object
when calling `#to_time`.
*Kevin McPhillips* & *Andrew White*
* Restore the return type of `DateTime#utc`
In Rails 5.0 the return type of `DateTime#utc` was changed to `Time` to be
consistent with the new `DateTime#localtime` method. When these changes were
backported in #27553 this inadvertently changed the return type in a patcn
release. Since `DateTime#localtime` was new in Rails 4.2.8 it's okay to
restore the return type of `DateTime#utc` but keep `DateTime#localtime` as
returning `Time` without breaking backwards compatibility.
*Andrew White*
* In Core Extensions, make `MarshalWithAutoloading#load` pass through the second, optional
argument for `Marshal#load( source [, proc] )`. This way we don't have to do
`Marshal.method(:load).super_method.call(sourse, proc)` just to be able to pass a proc.
*Jeff Latz*
* Cache `ActiveSupport::TimeWithZone#to_datetime` before freezing.
*Adam Rice*
* `AS::Testing::TimeHelpers#travel_to` now changes `DateTime.now` as well as
`Time.now` and `Date.today`.
*Yuki Nishijima*
## Rails 4.2.8 (February 21, 2017) ##
* Make `getlocal` and `getutc` always return instances of `Time` for
`ActiveSupport::TimeWithZone` and `DateTime`. This eliminates a possible
stack level too deep error in `to_time` where `ActiveSupport::TimeWithZone`
was wrapping a `DateTime` instance. As a consequence of this the internal
time value in `ActiveSupport::TimeWithZone` is now always an instance of
`Time` in the UTC timezone, whether that's as the UTC time directly or
a representation of the local time in the timezone. There should be no
consequences of this internal change and if there are it's a bug due to
leaky abstractions.
*Andrew White*
* Add `DateTime#subsec` to return the fraction of a second as a `Rational`.
*Andrew White*
* Add additional aliases for `DateTime#utc` to mirror the ones on
`ActiveSupport::TimeWithZone` and `Time`.
*Andrew White*
* Add `DateTime#localtime` to return an instance of `Time` in the system's
local timezone. Also aliased to `getlocal`.
*Andrew White*, *Yuichiro Kaneko*
* Add `Time#sec_fraction` to return the fraction of a second as a `Rational`.
*Andrew White*
* Add `ActiveSupport.to_time_preserves_timezone` config option to control
how `to_time` handles timezones. In Ruby 2.4+ the behavior will change
from converting to the local system timezone, to preserving the timezone
of the receiver. This config option defaults to false so that apps made
with earlier versions of Rails are not affected when upgrading, e.g:
>> ENV['TZ'] = 'US/Eastern'
>> "2016-04-23T10:23:12.000Z".to_time
=> "2016-04-23T06:23:12.000-04:00"
>> ActiveSupport.to_time_preserves_timezone = true
>> "2016-04-23T10:23:12.000Z".to_time
=> "2016-04-23T10:23:12.000Z"
Fixes #24617.
*Andrew White*
* Add `init_with` to `ActiveSupport::TimeWithZone` and `ActiveSupport::TimeZone`
It is helpful to be able to run apps concurrently written in successive
versions of Rails to aid migration, e.g. run Rails 4.2 and 5.0 variants
of your application at the same time to carry out A/B testing.
To do this serialization formats need to be cross compatible and the
change in 3aa26cf didn't meet this criteria because the Psych loader
checks for the existence of `init_with` before setting the instance
variables and the wrapping behavior of `ActiveSupport::TimeWithZone`
tries to see if the `Time` instance responds to `init_with` before the
`@time` variable is set.
To fix this we backported just the `init_with` behavior from the change
in 3aa26cf. If the revived instance is then written out to YAML again
it will revert to the default Rails 4.2 behavior of converting it to
a UTC timestamp string.
Fixes #26296.
*Andrew White*
* Fix `ActiveSupport::TimeWithZone#in` across DST boundaries.
Previously calls to `in` were being sent to the non-DST aware
method `Time#since` via `method_missing`. It is now aliased to
the DST aware `ActiveSupport::TimeWithZone#since` which handles
transitions across DST boundaries, e.g:
Time.zone = "US/Eastern"
t = Time.zone.local(2016,11,6,1)
# => Sun, 06 Nov 2016 01:00:00 EDT -05:00
t.in(1.hour)
# => Sun, 06 Nov 2016 01:00:00 EST -05:00
Fixes #26580.
*Thomas Balthazar*
## Rails 4.2.7 (July 12, 2016) ##
* Fixed `ActiveSupport::Logger.broadcast` so that calls to `#silence` now
properly delegate to all loggers. Silencing now properly suppresses logging
to both the log and the console.
*Kevin McPhillips*
* Backported `ActiveSupport::LoggerThreadSafeLevel`. Assigning the
`Rails.logger.level` is now thread safe.
*Kevin McPhillips*
* Fixed a problem with ActiveSupport::SafeBuffer.titleize calling capitalize
on nil.
*Brian McManus*
* Time zones: Ensure that the UTC offset reflects DST changes that occurred
since the app started. Removes UTC offset caching, reducing performance,
but this is still relatively quick and isn't in any hot paths.
*Alexey Shein*
* Prevent `Marshal.load` from looping infinitely when trying to autoload a constant
which resolves to a different name.
*Olek Janiszewski*
## Rails 4.2.6 (March 07, 2016) ##
* No changes.
## Rails 4.2.5.2 (February 26, 2016) ##
* No changes.
## Rails 4.2.5.1 (January 25, 2015) ##
* No changes.
## Rails 4.2.5 (November 12, 2015) ##
* Fix `TimeWithZone#eql?` to properly handle `TimeWithZone` created from `DateTime`:
twz = DateTime.now.in_time_zone
twz.eql?(twz.dup) => true
Fixes #14178.
*Roque Pinel*
* Handle invalid UTF-8 characters in `MessageVerifier.verify`.
*Roque Pinel*, *Grey Baker*
## Rails 4.2.4 (August 24, 2015) ##
* Fix a `SystemStackError` when encoding an `Enumerable` with `json` gem and
with the Active Support JSON encoder loaded.
Fixes #20775.
*Sammy Larbi*, *Prathamesh Sonpatki*
* Fix not calling `#default` on `HashWithIndifferentAcess#to_hash` when only
`default_proc` is set, which could raise.
*Simon Eskildsen*
* Fix setting `default_proc` on `HashWithIndifferentAccess#dup`
*Simon Eskildsen*
## Rails 4.2.3 (June 25, 2015) ##
* Fix a range of values for parameters of the Time#change
*Nikolay Kondratyev*
* Add some missing `require 'active_support/deprecation'`
*Akira Matsuda*
-------------------------------------------------------------------
Tue Jan 26 17:06:45 UTC 2016 - jmassaguerpla@suse.com
- fix bnc#963334 - CVE-2016-0753: rubygem-activemodel,
rubygem-activesupport, rubygem-activerecord: Input Validation
Circumvention
CVE-2016-0753.patch: contains the fix
-------------------------------------------------------------------
Tue Jan 26 15:23:17 UTC 2016 - jmassaguerpla@suse.com
- fix CVE-2015-7576: rubygem-actionpack, rubygem-activesupport:
Timing attack vulnerability in basic authentication in Action Controller
CVE-2015-7576.patch: contains the fix (bsc#963329)
-------------------------------------------------------------------
Wed Jul 1 17:41:40 UTC 2015 - jmassaguerpla@suse.com
- updated to version 4.2.2:
* Fix XSS vulnerability in ActiveSupport::JSON.encode method.
CVE-2015-3226 (bnc#934799).
* Fix denial of service vulnerability in the XML processing.
CVE-2015-3227 (bnc#934800).
-------------------------------------------------------------------
Mon Mar 23 11:12:09 UTC 2015 - coolo@suse.com
- updated to version 4.2.1
* Fixed a problem where String#truncate_words would get stuck with a complex
string.
*Henrik Nygren*
* Fixed a roundtrip problem with AS::SafeBuffer where primitive-like strings
will be dumped as primitives:
Before:
YAML.load ActiveSupport::SafeBuffer.new("Hello").to_yaml # => "Hello"
YAML.load ActiveSupport::SafeBuffer.new("true").to_yaml # => true
YAML.load ActiveSupport::SafeBuffer.new("false").to_yaml # => false
YAML.load ActiveSupport::SafeBuffer.new("1").to_yaml # => 1
YAML.load ActiveSupport::SafeBuffer.new("1.1").to_yaml # => 1.1
After:
YAML.load ActiveSupport::SafeBuffer.new("Hello").to_yaml # => "Hello"
YAML.load ActiveSupport::SafeBuffer.new("true").to_yaml # => "true"
YAML.load ActiveSupport::SafeBuffer.new("false").to_yaml # => "false"
YAML.load ActiveSupport::SafeBuffer.new("1").to_yaml # => "1"
YAML.load ActiveSupport::SafeBuffer.new("1.1").to_yaml # => "1.1"
*Godfrey Chan*
* Replace fixed `:en` with `I18n.default_locale` in `Duration#inspect`.
*Dominik Masur*
* Add missing time zone definitions for Russian Federation and sync them
with `zone.tab` file from tzdata version 2014j (latest).
*Andrey Novikov*
-------------------------------------------------------------------
Mon Jan 19 21:13:16 UTC 2015 - dmueller@suse.com
- update to 4.1.9:
* `Method` objects now report themselves as not `duplicable?`. This allows
hashes and arrays containing `Method` objects to be `deep_dup`ed.
-------------------------------------------------------------------
Mon Nov 10 14:00:03 UTC 2014 - tboerger@suse.com
- To get rails 4 running on SLE 11 i have switched the
rb_build_versions definition to rub21 as it is activated within
devel:languages:ruby. That way we can get running rails 4 on
SLE 11 too.
-------------------------------------------------------------------
Tue Oct 14 10:00:19 UTC 2014 - coolo@suse.com
- updated to version 4.1.6
* Fix DateTime comparison with DateTime::Infinity object.
* Fixed a compatibility issue with the `Oj` gem when cherry-picking the file
`active_support/core_ext/object/json` without requiring `active_support/json`.
Fixes #16131.
* Make Dependencies pass a name to NameError error.
* Fixed precision error in NumberHelper when using Rationals.
before:
ActiveSupport::NumberHelper.number_to_rounded Rational(1000, 3), precision: 2
#=> "330.00"
after:
ActiveSupport::NumberHelper.number_to_rounded Rational(1000, 3), precision: 2
#=> "333.33"
See #15379.
-------------------------------------------------------------------
Wed Jul 23 13:30:47 UTC 2014 - mrueckert@suse.com
- - initial package
