From 112f5ae9980fc9add4e58b156af6f5d01294c682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Fri, 1 Jun 2012 15:48:58 +0200
Subject: [PATCH] Update to ActiveSupport 3.0.13.

---
 .gitignore                                    |   2 +
 ...port-CVE-2012-1098-safe-buffer-slice.patch | 194 ------------------
 activesupport-add-bigdecimal-dependency.patch |   6 +-
 rubygem-activesupport.spec                    |  21 +-
 sources                                       |   4 +-
 5 files changed, 18 insertions(+), 209 deletions(-)
 delete mode 100644 activesupport-CVE-2012-1098-safe-buffer-slice.patch

diff --git a/.gitignore b/.gitignore
index f2b03c6..7bed4f4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,5 @@ activesupport-2.3.8.gem
 /activesupport-3.0.10.gem
 /activesupport-3.0.11-tests.tgz
 /activesupport-3.0.11.gem
+/activesupport-3.0.13-tests.tgz
+/activesupport-3.0.13.gem
diff --git a/activesupport-CVE-2012-1098-safe-buffer-slice.patch b/activesupport-CVE-2012-1098-safe-buffer-slice.patch
deleted file mode 100644
index 133be11..0000000
--- a/activesupport-CVE-2012-1098-safe-buffer-slice.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-From 00e632de2bde61425142ef8edc408e8d21ff9134 Mon Sep 17 00:00:00 2001
-From: Aaron Patterson <aaron.patterson@gmail.com>
-Date: Wed, 29 Feb 2012 16:37:30 -0800
-Subject: [PATCH] Squashed commit of the following:
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 917fd1a03845f4eedaccbc338f9d7524e98d45ee
-Author: José Valim <jose.valim@gmail.com>
-Date:   Wed Feb 29 22:30:51 2012 +0100
-
-    Ensure [] respects the status of the buffer.
-
-commit 6adc41789017682306181e3db5b30337fe450bcc
-Author: Akira Matsuda <ronnie@dio.jp>
-Date:   Mon Feb 13 17:57:05 2012 +0900
-
-    use AS::SafeBuffer#clone_empty for flushing the output_buffer
-
-commit e50ee96a0b37e7c5adfc555edd402ad04cc159f1
-Author: Akira Matsuda <ronnie@dio.jp>
-Date:   Mon Feb 13 17:54:58 2012 +0900
-
-    add AS::SafeBuffer#clone_empty
----
- .../lib/action_view/helpers/capture_helper.rb      |    2 +-
- .../core_ext/string/output_safety.rb               |   50 ++++++++++++-------
- activesupport/test/safe_buffer_test.rb             |   46 ++++++++++++++++--
- 3 files changed, 74 insertions(+), 24 deletions(-)
-
-diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
-index 266f028..c0efe37 100644
---- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
-+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
-@@ -85,23 +85,41 @@ module ActiveSupport #:nodoc:
-       end
-     end
- 
-+    def [](*args)
-+      return super if args.size < 2
-+
-+      if html_safe?
-+        new_safe_buffer = super
-+        new_safe_buffer.instance_eval { @html_safe = true }
-+        new_safe_buffer
-+      else
-+        to_str[*args]
-+      end
-+    end
-+
-     def safe_concat(value)
--      raise SafeConcatError if dirty?
-+      raise SafeConcatError unless html_safe?
-       original_concat(value)
-     end
- 
-     def initialize(*)
--      @dirty = false
-+      @html_safe = true
-       super
-     end
- 
-     def initialize_copy(other)
-       super
--      @dirty = other.dirty?
-+      @html_safe = other.html_safe?
-+    end
-+
-+    def clone_empty
-+      new_safe_buffer = self[0, 0]
-+      new_safe_buffer.instance_variable_set(:@dirty, @dirty)
-+      new_safe_buffer
-     end
- 
-     def concat(value)
--      if dirty? || value.html_safe?
-+      if !html_safe? || value.html_safe?
-         super(value)
-       else
-         super(ERB::Util.h(value))
-@@ -114,7 +132,7 @@ module ActiveSupport #:nodoc:
-     end
- 
-     def html_safe?
--      !dirty?
-+      defined?(@html_safe) && @html_safe
-     end
- 
-     def to_s
-@@ -132,23 +150,17 @@ module ActiveSupport #:nodoc:
-     for unsafe_method in UNSAFE_STRING_METHODS
-       if 'String'.respond_to?(unsafe_method)
-         class_eval <<-EOT, __FILE__, __LINE__ + 1
--          def #{unsafe_method}(*args)
--            super.to_str
--          end
--
--          def #{unsafe_method}!(*args)
--            @dirty = true
--            super
--          end
-+          def #{unsafe_method}(*args, &block)       # def capitalize(*args, &block)
-+            to_str.#{unsafe_method}(*args, &block)  #   to_str.capitalize(*args, &block)
-+          end                                       # end
-+
-+          def #{unsafe_method}!(*args)              # def capitalize!(*args)
-+            @html_safe = false                      #   @html_safe = false
-+            super                                   #   super
-+          end                                       # end
-         EOT
-       end
-     end
--
--    protected
--
--    def dirty?
--      @dirty
--    end
-   end
- end
- 
-diff --git a/activesupport/test/safe_buffer_test.rb b/activesupport/test/safe_buffer_test.rb
-index 77ea273..894be1b 100644
---- a/activesupport/test/safe_buffer_test.rb
-+++ b/activesupport/test/safe_buffer_test.rb
-@@ -65,22 +65,60 @@ class SafeBufferTest < ActiveSupport::TestCase
-     assert_equal "hello&lt;&gt;", clean + @buffer
-   end
- 
--  test "Should concat as a normal string when dirty" do
--    dirty = @buffer
-+  test "Should concat as a normal string when safe" do
-     clean = "hello".html_safe
-     @buffer.gsub!('', '<>')
-     assert_equal "<>hello", @buffer + clean
-   end
- 
--  test "Should preserve dirty? status on copy" do
-+  test "Should preserve html_safe? status on copy" do
-     @buffer.gsub!('', '<>')
-     assert !@buffer.dup.html_safe?
-   end
- 
--  test "Should raise an error when safe_concat is called on dirty buffers" do
-+  test "Should return safe buffer when added with another safe buffer" do
-+    clean = "<script>".html_safe
-+    result_buffer = @buffer + clean
-+    assert result_buffer.html_safe?
-+    assert_equal "<script>", result_buffer
-+  end
-+
-+  test "Should raise an error when safe_concat is called on unsafe buffers" do
-     @buffer.gsub!('', '<>')
-     assert_raise ActiveSupport::SafeBuffer::SafeConcatError do
-       @buffer.safe_concat "BUSTED"
-     end
-   end
-+
-+  test "Should not fail if the returned object is not a string" do
-+    assert_kind_of NilClass, @buffer.slice("chipchop")
-+  end
-+
-+  test "clone_empty returns an empty buffer" do
-+    assert_equal '', ActiveSupport::SafeBuffer.new('foo').clone_empty
-+  end
-+
-+  test "clone_empty keeps the original dirtyness" do
-+    assert @buffer.clone_empty.html_safe?
-+    assert !@buffer.gsub!('', '').clone_empty.html_safe?
-+  end
-+
-+  test "Should be safe when sliced if original value was safe" do
-+    new_buffer = @buffer[0,0]
-+    assert_not_nil new_buffer
-+    assert new_buffer.html_safe?, "should be safe"
-+  end
-+
-+  test "Should continue unsafe on slice" do
-+    x = 'foo'.html_safe.gsub!('f', '<script>alert("lolpwnd");</script>')
-+
-+    # calling gsub! makes the dirty flag true
-+    assert !x.html_safe?, "should not be safe"
-+
-+    # getting a slice of it
-+    y = x[0..-1]
-+
-+    # should still be unsafe
-+    assert !y.html_safe?, "should not be safe"
-+  end
- end
--- 
-1.7.6
-
diff --git a/activesupport-add-bigdecimal-dependency.patch b/activesupport-add-bigdecimal-dependency.patch
index 55b0cb4..b3d24db 100644
--- a/activesupport-add-bigdecimal-dependency.patch
+++ b/activesupport-add-bigdecimal-dependency.patch
@@ -1,7 +1,7 @@
-diff --git a/specifications/activesupport-3.0.11.gemspec.orig b/specifications/activesupport-3.0.11.gemspec
+diff --git a/specifications/activesupport-3.0.13.gemspec.orig b/specifications/activesupport-3.0.13.gemspec
 index 0277593..ef9b71d 100644
---- a/specifications/activesupport-3.0.11.gemspec.orig
-+++ b/specifications/activesupport-3.0.11.gemspec
+--- a/specifications/activesupport-3.0.13.gemspec.orig
++++ b/specifications/activesupport-3.0.13.gemspec
 @@ -20,8 +20,11 @@ Gem::Specification.new do |s|
      s.specification_version = 3
  
diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec
index b13b66d..6b0b446 100644
--- a/rubygem-activesupport.spec
+++ b/rubygem-activesupport.spec
@@ -6,8 +6,8 @@
 Summary: Support and utility classes used by the Rails framework
 Name: rubygem-%{gem_name}
 Epoch: 1
-Version: 3.0.11
-Release: 5%{?dist}
+Version: 3.0.13
+Release: 1%{?dist}
 Group: Development/Languages
 License: MIT
 URL: http://www.rubyonrails.org
@@ -18,8 +18,8 @@ Source0: http://rubygems.org/downloads/activesupport-%{version}.gem
 # Rails rpms, you may check it out like so
 # git clone http://github.com/rails/rails.git
 # cd rails/activesupport/
-# git checkout v3.0.11
-# tar czvf activesupport-3.0.11-tests.tgz test/
+# git checkout v3.0.13
+# tar czvf activesupport-3.0.13-tests.tgz test/
 Source2: activesupport-%{version}-tests.tgz
 
 # Removes code which breaks the test suite due to a
@@ -30,10 +30,6 @@ Patch1: activesupport-tests-fix.patch
 # is in Fedora http://bugzilla.redhat.com/show_bug.cgi?id=668822
 Patch2: activesupport-remove-memcache-build-dep.patch
 
-# Fixes CVE-2012-1098
-# https://bugzilla.redhat.com/show_bug.cgi?id=799275
-Patch3: activesupport-CVE-2012-1098-safe-buffer-slice.patch
-
 # We need to add the bigdecimal dependency to gemspec, otherwise it won't be
 # loaded. The reason for this is unbundling it from ruby libdir and moving
 # it under %%{gem_dir} (therefore if not in Gemfile, it won't be found).
@@ -73,7 +69,6 @@ tar xzvf %{SOURCE2} -C .%{gem_instdir}
 pushd .%{gem_instdir}
 %patch1 -p0
 %patch2 -p0
-%patch3 -p2
 popd
 
 pushd .%{gem_dir}
@@ -89,11 +84,14 @@ cp -a .%{gem_dir}/* %{buildroot}%{gem_dir}
 
 %check
 pushd %{buildroot}%{gem_instdir} 
+# Test fails with newer mocha. Keep with older one is not solution.
+# https://github.com/rails/rails/pull/6046
+sed -i '35,41 s|^|#|' test/whiny_nil_test.rb
+
 ruby -Itest -e "Dir.glob('./test/**/*_test.rb').each {|t| require t}"
 popd
 
 %files
-%defattr(-, root, root, -)
 %dir %{gem_instdir}
 %doc %{gem_instdir}/CHANGELOG
 %{gem_libdir}
@@ -105,6 +103,9 @@ popd
 
 
 %changelog
+* Fri Jun 01 2012 Vít Ondruch <vondruch@redhat.com> - 1:3.0.13-1
+- Update to ActiveSupport 3.0.13.
+
 * Wed Apr 18 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1:3.0.11-5
 - Add the bigdecimal dependency to gemspec.
 
diff --git a/sources b/sources
index 6dc8296..5e7b2cf 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-4c658e371610208a6956afd007b48e35  activesupport-3.0.11-tests.tgz
-8daae4e695fb7e3e3e7edc02662bd04b  activesupport-3.0.11.gem
+851a9bccf9699e1a5a60888b2851f362  activesupport-3.0.13-tests.tgz
+9f84d4c31709f79fd6e12aa89e8b8162  activesupport-3.0.13.gem