File rubygem-actionpack-2_1.changes of Package rubygem-actionpack-2_1
-------------------------------------------------------------------
Tue Feb 2 03:27:52 CET 2010 - mrueckert@suse.de
- added bfe032858077bb2946abe25e95e485ba6da86bd5.patch:
Cross-site scripting (XSS) vulnerability in the strip_tags
function in Ruby on Rails (bnc#558879) CVE-2009-4214
- added f1ad8b48aae3ee26613b3e77bc0056e120096846.patch:
Potential Circumvention of CSRF Protection in Rails 2.1
(bnc#564362) CVE-2008-7248
-------------------------------------------------------------------
Wed Sep 16 15:05:13 CEST 2009 - mrueckert@suse.de
- adde rubygem-actionpack-2.1.2_timing_weakness.patch:
fixes leak of information about the complexity of message-digest
signature verification (bnc#538319, CVE-2009-3086)
- added rubygem-actionpack-2.1.2_CVE-2009-3009_actionpack.patch:
fixes XSS bug in rails (bnc#535913, CVE-2009-3009)
-------------------------------------------------------------------
Fri Sep 12 18:05:48 CEST 2008 - mrueckert@suse.de
- update to version 2.1.1
* All 2xx requests are considered successful [Josh Peek]
* Deprecate the limited follow_redirect in functional tests.
If you wish to follow redirects, use integration tests.
[Michael Koziarski]
* Fixed that AssetTagHelper#compute_public_path shouldn't cache
the asset_host along with the source or per-request proc's
won't run [DHH]
* Deprecate define_javascript_functions, javascript_include_tag
and friends are much better [Michael Koziarski]
* Fix polymorphic_url with singleton resources.
#461 [Tammer Saleh]
* Deprecate ActionView::Base.erb_variable. Use the concat helper
method instead of appending to it directly. [Jeremy Kemper]
* Fixed Request#remote_ip to only raise hell if the
HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR doesn't match (not just
if they're both present) [Mark Imbriaco, Bradford Folkens]
-------------------------------------------------------------------
Wed Jun 4 02:54:09 CEST 2008 - mrueckert@suse.de
- update to version 2.1.0:
- revamped cache handling
- many bugfixes
for all changes see
see /usr/lib*/ruby/gems/1.8/gems/actionpack-2.1.0/CHANGELOG
- branched package from the 2.0 package
-------------------------------------------------------------------
Wed Feb 20 23:17:54 CET 2008 - mrueckert@suse.de
- do not obsolete the old name as it leads to trouble on upgrade.
this will handled by the wrapper package.
-------------------------------------------------------------------
Wed Feb 20 23:17:54 CET 2008 - mrueckert@suse.de
- do not obsolete the old name as it leads to trouble on upgrade.
this will handled by the wrapper package.
-------------------------------------------------------------------
Thu Jan 17 15:43:46 CET 2008 - mrueckert@suse.de
- update to version 1.13.6
* Correct Broken Fix for session_fixation attacks
* Ensure that cookies handle array values correctly.
Closes #9937 [queso]
- branch new packge rubygem-actionpack-1_13 to allow parallel
installation of multiple major branches
- removed rubygem-actionpack-1.13.x_session_fixation_attack.patch
included in update
-------------------------------------------------------------------
Fri Nov 23 00:33:20 CET 2007 - mrueckert@suse.de
- updated rubygem-actionpack-1.13.x_session_fixation_attack.patch
new name rubygem-actionpack-1.13.x_session_fixation_attack_v2.patch:
The original upstream patch only worked for the first request.
Do not delete the cookie_only option from the session options.
(#332441) (CVE-2007-6077)
-------------------------------------------------------------------
Wed Oct 17 17:53:01 CEST 2007 - mrueckert@suse.de
- added rubygem-actionpack-1.13.x_session_fixation_attack.patch:
Reject session informations from the query string (#332441)
(CVE-2007-5380)
-------------------------------------------------------------------
Wed Oct 17 17:52:39 CEST 2007 - mrueckert@suse.de
- update to version 1.13.5
* Backport: allow array and hash query parameters. Array route
parameters are converted/to/a/path as before.
#6765, #7047, #7462
[bgipsy, Jeremy McAnally, Dan Kubb, brendan, Diego Algorta Casamayou]
* Fix in place editor's setter action with non-string fields.
#7418 [Andreas]
- additional changes from version 1.13.4
* Only accept session ids from cookies, prevents session fixation
attacks. [bradediger] (CVE-2007-5380) (bnc #332441)
* Change the resource seperator from ; to / change the generated
routes to use the new-style named routes. e.g.
new_group_user_path(@group) instead of
group_new_user_path(@group). [pixeltrix]
* Integration tests: introduce methods for other HTTP methods.
#6353 [caboose]
* Improve performance of action caching. Closes #8231 [skaes]
* Fix errors with around_filters which do not yield, restore 1.1
behaviour with after filters. Closes #8891 [skaes]
After filters will *no longer* be run if an around_filter fails
to yield, users relying on this behaviour are advised to put
the code in question after a yield statement in an around
filter.
* Allow you to delete cookies with options.
Closes #3685 [josh, Chris Wanstrath]
* Deprecate pagination. Install the classic_pagination
plugin for forward compatibility, or move to the superior
will_paginate plugin. #8157 [Mislav Marohnic]
* Fix filtered parameter logging with nil parameter values.
#8422 [choonkeat]
* Integration tests: alias xhr to xml_http_request and add a
request_method argument instead of always using POST.
#7124 [Nik Wakelin, Francois Beausoleil, Wizard]
* Document caches_action. #5419 [Jarkko Laine]
* observe_form always sends the serialized form.
#5271 [manfred, normelton@gmail.com]
* Update UrlWriter to accept :anchor parameter.
Closes #6771. [octopod]
* Replace the current block/continuation filter chain handling by
an implementation based on a simple loop.
Closes #8226 [Stefan Kaes]
* Return the string representation from an Xml Builder when
rendering a partial. #5044 [tpope]
* Cleaned up, corrected, and mildly expanded ActionPack
documentation. Closes #7190 [jeremymcanally]
* Small collection of ActionController documentation cleanups.
Closes #7319 [jeremymcanally]
* Performance: patch cgi/session/pstore to require digest/md5
once rather than per #initialize. #7583 [Stefan Kaes]
* Deprecation: verification with :redirect_to => :named_route
shouldn't be deprecated. #7525 [Justin French]
-------------------------------------------------------------------
Mon May 14 16:32:28 CEST 2007 - mrueckert@suse.de
- update to version 1.13.3:
* Fix a bug in Routing where a parameter taken from the path of
the current request could not be used as a query parameter for
the next. #6752 [Nicholas Seckar]
* session_enabled? works with session :off. #6680 [Catfish]
* Performance: patch cgi/session to require digest/md5 once
rather than per #create_new_id. [Stefan Kaes]
- additional changes from 1.13.2:
* Add much-needed html-scanner tests. Fixed CDATA parsing bug.
[Rick]
* improve error message for Routing for named routes.
[Rob Sanheim]
* Added enhanced docs to routing assertions. [Rob Sanheim]
* fix form_for example in ActionController::Resources
documentation. [gnarg]
* Add singleton resources from trunk [Rick Olson]
* select :multiple => true suffixes the attribute name with []
unless already suffixed. #6977 [nik.kakelin, ben, julik]
* Improve routes documentation. #7095 [zackchandler]
* Resource member routes require :id, eliminating the ambiguous
overlap with collection routes. #7229 [dkubb]
* Fixed NumberHelper#number_with_delimiter to use "." always
for splitting the original number, not the delimiter
parameter #7389 [ceefour]
* Autolinking recognizes trailing and embedded . , : ;
#7354 [Jarkko Laine]
* Make TextHelper::auto_link recognize URLs with colons in
path correctly, fixes #7268. [imajes]
* Improved auto_link to match more valid urls correctly
[Tobias Luetke]
-------------------------------------------------------------------
Wed Jan 24 00:57:59 CET 2007 - mrueckert@suse.de
- update to version 1.13.1:
update for rails 1.2.1. Too many changes to mention them here.
see /usr/lib*/ruby/gems/1.8/gems/actionpack-1.13.1/CHANGELOG
-------------------------------------------------------------------
Fri Aug 11 02:33:25 CEST 2006 - mrueckert@suse.de
- update to version 1.12.5:
* update for the previous security fix
-------------------------------------------------------------------
Thu Aug 10 12:40:16 CEST 2006 - mrueckert@suse.de
- update to version 1.12.4:
* Documentation fix: integration test scripts don't require
integration_test. (rails:#4914) [Frederick Ros <sl33p3r@free.fr>]
* ActionController::Base Summary documentation rewrite.
(rails:#4900) [kevin.clark@gmail.com]
* Fix text_helper.rb documentation rendering.
(rails:#4725) [Frederick Ros]
* Fixes bad rendering of JavaScriptMacrosHelper rdoc.
(rails:#4910) [Frederick Ros]
* Enhance documentation for setting headers in integration tests.
Skip auto HTTP prepending when its already there.
(rails:#4079) [Rick Olson]
* Documentation for AbstractRequest.
(rails:#4895) [kevin.clark@gmail.com]
* Remove all remaining references to @params in the documentation.
[Marcel Molina Jr.]
* Add documentation for redirect_to :back's RedirectBackError
exception. [Marcel Molina Jr.]
* Update layout and content_for documentation to use yield rather
than magic @content_for instance variables. [Marcel Molina Jr.]
* Cache CgiRequest#request_parameters so that multiple calls
don't re-parse multipart data. [Rick]
* Fixed that remote_form_for can leave out the object parameter
and default to the instance variable of the object_name,
just like form_for [DHH]
* Added ActionController.filter_parameter_logging that makes it
easy to remove passwords, credit card numbers, and other
sensitive information from being logged when a request is
handled. (rails:#1897) [jeremye@bsa.ca.gov]
* Fixed that real files and symlinks should be treated the same
when compiling templates.
(rails:#5438) [zachary@panandscan.com]
* Add :status option to send_data and send_file. Defaults to
'200 OK'. (rails:#5243)
[Manfred Stienstra <m.stienstra@fngtps.com>]
* Update documentation for erb trim syntax.
(rails:#5651) [matt@mattmargolis.net]
* Short documentation to mention use of Mime::Type.register.
(rails:#5710) [choonkeat@gmail.com]
-------------------------------------------------------------------
Sat Jul 1 04:21:38 CEST 2006 - mrueckert@suse.de
- update to version 1.12.3:
* Fix broken traverse_to_controller. We now:
Look for a _controller.rb file under RAILS_ROOT to load.
If we find it, we require_dependency it and return the
controller it defined. (If none was defined we stop looking.)
If we don't find it, we look for a .rb file under RAILS_ROOT
to load. If we find it, and it loads a constant we keep
looking. Otherwise we check to see if a directory of the same
name exists, and if it does we create a module for it.
* Refinement to avoid exceptions in traverse_to_controller.
* (Hackish) Fix loading of arbitrary files in Ruby's load path
* by traverse_to_controller. [Nicholas Seckar]
-------------------------------------------------------------------
Wed Jun 21 01:06:03 CEST 2006 - mrueckert@suse.de
- use rubygems_with_buildroot_patch instead of the versioned
buildrequires
-------------------------------------------------------------------
Mon Jun 19 18:37:41 CEST 2006 - mrueckert@suse.de
- Initial package version 1.12.1
